Edit tour

Windows Analysis Report
https://support-ld-maps.info/icloud-archivos/code2022esp.php

Overview

General Information

Sample URL:	https://support-ld-maps.info/icloud-archivos/code2022esp.php
Analysis ID:	1532675
Tags:	openphish
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5419294753681940637,10975661022969423284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support-ld-maps.info/icloud-archivos/code2022esp.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET PHISHING Possible Phish - Saved Website Comment Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T20:09:27.302999+0200	2018334	2	Potentially Bad Traffic	50.6.138.164	443	192.168.2.8	49711	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://support-ld-maps.info/icloud-archivos/code2022esp.php

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49732 version: TLS 1.2

Source: Network traffic

Suricata IDS: 2018334 - Severity 2 - ET PHISHING Possible Phish - Saved Website Comment Observed : 50.6.138.164:443 -> 192.168.2.8:49711

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /icloud-archivos/code2022esp.php HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/fonts.css HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/app.css HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/style.css HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/ajax-loader.gif HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sep.png HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/myriad-set-pro_thin.woff HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support-ld-maps.infosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://support-ld-maps.info/icloud-archivos/fonts.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/myriad-set-pro_text.woff HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support-ld-maps.infosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://support-ld-maps.info/icloud-archivos/fonts.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sep.png HTTP/1.1Host: support-ld-maps.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/img/ajax-loader.gif HTTP/1.1Host: support-ld-maps.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/myriad-set-pro_thin.ttf HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support-ld-maps.infosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://support-ld-maps.info/icloud-archivos/fonts.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /icloud-archivos/myriad-set-pro_text.ttf HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support-ld-maps.infosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://support-ld-maps.info/icloud-archivos/fonts.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support-ld-maps.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support-ld-maps.info/icloud-archivos/code2022esp.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: support-ld-maps.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: support-ld-maps.info
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 18:09:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Wed, 24 May 2023 01:50:54 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 18:09:28 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Wed, 24 May 2023 01:50:54 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 18:09:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Wed, 24 May 2023 01:50:54 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 18:09:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Wed, 24 May 2023 01:50:54 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/html

Source: chromecache_61.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Source: chromecache_61.2.dr	String found in binary or memory: https://www.icloud.com-ns.us/aU3V1/mobile/code.php

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49732 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/28@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5419294753681940637,10975661022969423284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support-ld-maps.info/icloud-archivos/code2022esp.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5419294753681940637,10975661022969423284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
support-ld-maps.info	50.6.138.164	true	false	unknown
www.google.com	142.250.185.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://support-ld-maps.info/icloud-archivos/app.css	false	unknown
https://support-ld-maps.info/favicon.ico	false	unknown
https://support-ld-maps.info/icloud-archivos/myriad-set-pro_thin.ttf	false	unknown
https://support-ld-maps.info/icloud-archivos/myriad-set-pro_thin.woff	false	unknown
https://support-ld-maps.info/icloud-archivos/myriad-set-pro_text.woff	false	unknown
https://support-ld-maps.info/icloud-archivos/fonts.css	false	unknown
https://support-ld-maps.info/icloud-archivos/myriad-set-pro_text.ttf	false	unknown
https://support-ld-maps.info/assets/img/ajax-loader.gif	false	unknown
https://support-ld-maps.info/icloud-archivos/style.css	false	unknown
https://support-ld-maps.info/icloud-archivos/code2022esp.php	false	unknown
https://support-ld-maps.info/sep.png	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
50.6.138.164	support-ld-maps.info	United States	46606	UNIFIEDLAYER-AS-1US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532675
Start date and time:	2024-10-13 20:08:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://support-ld-maps.info/icloud-archivos/code2022esp.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/28@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.174, 173.194.76.84, 34.104.35.123, 142.250.185.74, 142.250.186.138, 216.58.212.170, 142.250.186.170, 142.250.185.170, 142.250.185.138, 216.58.206.42, 172.217.16.138, 142.250.184.202, 142.250.185.106, 142.250.186.74, 216.58.212.138, 142.250.185.234, 142.250.185.202, 142.250.184.234, 142.250.181.234, 20.12.23.50, 52.165.164.15, 192.229.221.95, 13.95.31.18, 142.250.186.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://support-ld-maps.info/icloud-archivos/code2022esp.php

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 17:09:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9766104565554574
Encrypted:	false
SSDEEP:	48:820dxT5JVHncidAKZdA1oehwiZUklqehqy+3:82SfFb9y
MD5:	DC32CA9F51138A1E784D24D05E9A23F9
SHA1:	CEFD7B2B6C2DD312CE66A0CA67F5C61CD3BCE146
SHA-256:	FB99E5DBA44F46CEC24F6B40438B6E001A40A02E3C1E4D33884BD6FE993AEEE3
SHA-512:	06C4C3689A8A25A6D717D18926CEB2134F0FD8FEBEA3CE301FCEC341C2B3620CC58229A2E99916BD09EF0497EE6B4E91CDBDBDBA060A5066A2F7DB1D5089042D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....c.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMY-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 17:09:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9942031150749977
Encrypted:	false
SSDEEP:	48:8L0dxT5JVHncidAKZdA1leh/iZUkAQkqehty+2:8LSfFJ9QAy
MD5:	3BB4AA998DAED7EE70528552DFFCAA12
SHA1:	AC67B37062BC683AB09685DF0D8133ABA2C46CDE
SHA-256:	FA509F9B485D4FB83A3E42229A82849188297A53A538FC9BA652181860CE39AC
SHA-512:	7EEC3819E7C99AB90DF23E9FB069995315493AF470576305A085C0E4D64248EBFF9CAD40C1A59FBF442A73152DCCF1670304A9099CD62888DCFA3B09246BEEDF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMY-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006339907119947
Encrypted:	false
SSDEEP:	48:8w0dxT5JbHncidAKZdA14t5eh7sFiZUkmgqeh7s7y+BX:8wSfrpnBy
MD5:	5534A95521E718D280D8F754E28ED3C0
SHA1:	1E57B7DC05328EB39574B21D0D414D41CCB4B28E
SHA-256:	65CBAF948DAE504FABC4EED88B9452E1CC7A10F2F3362B25B0A47CC3C1A04B20
SHA-512:	38DFA385E426CB146F57AA4FD25D43681508587B4F333169942CF36065F81C5F0D0CEBAFFCD5F4083C8A29CA03DE9307864F93B964AEFDD7172EBECB1671AD93
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 17:09:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9922050772352753
Encrypted:	false
SSDEEP:	48:8s0dxT5JVHncidAKZdA16ehDiZUkwqehpy+R:8sSfFaDy
MD5:	BDC0C246B22EC1601D7A6F6AFAE5D12D
SHA1:	61BFEE2DDEF2B190E2BA7E32AC20311F9D665BB1
SHA-256:	8D42B1138F9B9107F00D7D5BA6FB48C8E273B29E43C1F8BE6818EBBC902FB2AC
SHA-512:	2B29DEF3D3038A5C8744D72ED955A336CC892F34E94D82D14B602B0492197C10A4FAB6A3045374DEA6EB9C651BF9BCFED53BE215D1193F72C358326FC5575BB4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....?......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMY-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 17:09:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9784364157229977
Encrypted:	false
SSDEEP:	48:8O0dxT5JVHncidAKZdA1UehBiZUk1W1qeh/y+C:8OSfFa9fy
MD5:	E7C3E1326025D3ACA3625092A18972EE
SHA1:	04CFA4DC520EA47218405E4F75A3E1769C9562CC
SHA-256:	26A0BF668751FCDC52ED738912966526C235A0E2B7F62D38B11FDCE792519C79
SHA-512:	C5A5C0AC59BE88DC86A117856FCEA23839D4E48BD6A22FDEC12368FA8ED19E321E5EDAE24F28AB5E66A4B644C6587B2AF1E340CD2F13AA60F9630111B0084445
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMY-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 17:09:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.992332173784114
Encrypted:	false
SSDEEP:	48:8X0dxT5JVHncidAKZdA1duTrehOuTbbiZUk5OjqehOuTbBy+yT+:8XSfFLTYTbxWOvTbBy7T
MD5:	44CA81D1311EDC73FA5026BDB8F46188
SHA1:	9DFCB03AEA3A2E64D4FC363B45EA5A5B714EA6F5
SHA-256:	D0F11FEC1CA547B4F6B02CA966C24459603BE0C41413DDC0DE486A43BBC84AF2
SHA-512:	B7CF7C0124A0FA77689E6F629BC3C43BE8D076FFFA4E50F37F493330F3192C50AAEE91CC3A84EB5C69EE7C213700EB34056BD04B6A1EB633CFAE4B6BBF5420FF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....%{......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IMY+.....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VMY+.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VMY+.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VMY+............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VMY-............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.........../n.x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (898)
Category:	downloaded
Size (bytes):	9582
Entropy (8bit):	5.063185497103647
Encrypted:	false
SSDEEP:	96:hQrcYi3QkR+uHWeF1UAO1jXg1afUpnJLOJ32dZIGOPft3/DDV4VXS+I9:kc5AkrNE5UnLOEOr93/DDVAXS+I9
MD5:	166ADB6D0DB898BD46EFCC2F503F0F0F
SHA1:	8B95DDA3AE2B79ECEB6AB2CA7C1913C962E86C33
SHA-256:	1AE8B700CC9A866E45912A77BA8DA20C203F8355FF0FA9E8E92F22956FFD173E
SHA-512:	472824F87123C6F8C641B4674A7B56FB89DA2512001189185776D91AFF329684E5A5B0B2BD4EFE4B261E1A4F56FB208883651136CEDF4709D3319F4200F649E9
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/icloud-archivos/code2022esp.php
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">. saved from url=(0050)https://www.icloud.com-ns.us/aU3V1/mobile/code.php -->.<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. . <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">. <link rel="prefetch stylesheet" href="./fonts.css" type="text/css">. <link rel="stylesheet" type="text/css" media="screen" href="./app.css">. <link rel="stylesheet" type="text/css" media="screen" href="./style.css">.. . . . .<style type="text/css"></style></head>.<body>.<div class="si-body si-container container-fluid" id="content" data-theme="lite"><apple-auth> <appleid-logo mode="{mode}">.<div id="apple-id-logo" class="apple-id-logo hide-always">. <i class="icon icon_apple"></i>.</div>..</appleid-logo>.<div class="widget-container fade-in restrict-max-wh fade-in" data-mode="embe

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Category:	downloaded
Size (bytes):	9062
Entropy (8bit):	3.284224550667547
Encrypted:	false
SSDEEP:	48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N
MD5:	28EC4EABA5AE210B98A11257CAF5BADE
SHA1:	6164148A39D6A27286641896FCE3B76F439AEAB1
SHA-256:	3F5086612AAE9363C9FB02949219CEF19854C18FE5AD4EDA78AA1AEFCC79CC71
SHA-512:	4EFB48689296863D6E05B3CF32F8F98AC57A2BDEAE09209735170DD7F1C70E22A9BD2FBE93FCCB7181B8C1B6DFE555AF548129EF7B8705ED50486A972815868E
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/favicon.ico
Preview:	...... ..........F...........h....... .... .....V......... .h.......(... ...@...............................BBB.....rrr.....ZZZ.............NNN.~~~.fff.................JJJ.....zzz.bbb.VVV.....nnn.........FFF.....vvv.....^^^.............RRR.....jjj...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Category:	dropped
Size (bytes):	9062
Entropy (8bit):	3.284224550667547
Encrypted:	false
SSDEEP:	48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N
MD5:	28EC4EABA5AE210B98A11257CAF5BADE
SHA1:	6164148A39D6A27286641896FCE3B76F439AEAB1
SHA-256:	3F5086612AAE9363C9FB02949219CEF19854C18FE5AD4EDA78AA1AEFCC79CC71
SHA-512:	4EFB48689296863D6E05B3CF32F8F98AC57A2BDEAE09209735170DD7F1C70E22A9BD2FBE93FCCB7181B8C1B6DFE555AF548129EF7B8705ED50486A972815868E
Malicious:	false
Reputation:	low
Preview:	...... ..........F...........h....... .... .....V......... .h.......(... ...@...............................BBB.....rrr.....ZZZ.............NNN.~~~.fff.................JJJ.....zzz.bbb.VVV.....nnn.........FFF.....vvv.....^^^.............RRR.....jjj...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.332758651241789
Encrypted:	false
SSDEEP:	3:O2PRk5xCunnVKekY:OEkLCokY
MD5:	4C73EF2C5836B2524CF0DCF05C5A5E1E
SHA1:	A3C11721A416039DDF8328DBC0C24C270F75C3AB
SHA-256:	462CCC2B7B8048DBE77886E203959F49B02EDA47C9AF39F22BFD649D219A44F1
SHA-512:	DF21A0EA934263545DDF076D2BB84A76FA6906BAD1EC5A8D2DD268E62E2A69827107FF0B7F09CF96879B5FE8A23502F53934B7FF72228537BB4EBCCFC835241D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQmKgh_TzCsJ4xIFDYJGpz8SBQ0Dp5DTEgUNaenAthIFDUGn_58=?alt=proto
Preview:	CiQKBw2CRqc/GgAKBw0Dp5DTGgAKBw1p6cC2GgAKBw1Bp/+fGgA=

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	4178
Entropy (8bit):	7.491119873175258
Encrypted:	false
SSDEEP:	48:3je4MHZKDtbvGOFkYajWVOwD2W4UYX084HY4zHdwU4zeoAF5R4JTp3uV04gBFy8g:3je4XtDlqWdWvfWJXPF5RcdU0dsmuS
MD5:	20295FD727FBC02635F3D8C947E54556
SHA1:	DE01015DB36A6330D4E0854A69555A5E3F3556C7
SHA-256:	93C99B1A62BDEF426C6029D8EEAA796AF079BD0B67C7BD67FDA444E8AFB6F562
SHA-512:	495A1766EC0560E31689C449AF356BDB88CD862784D9B4C7E2E3AD1E4345ED2EAE434FC15B3ECEAC04397E49C21AC52096B1434B465AB8D8A2DF2F0129820CF4
Malicious:	false
Reputation:	low
Preview:	GIF89a . .........................~~~................................>>>VVV```\|\|\|......JJJlll...............,,,^^^...LLL.................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . ....@.pH$.8.Gq.$N..A.3(..L....V....K\|P(...:.(..r.B.._@X!/...BxBnb}E.g....o.r..E.g..^..oWD.c.....JC.g......oqm.o..........E.....{p~....r...D....}.M....d......K......r.........o....\|........].q...` 9C.f).$'.=..}.C.^.u..-.H..!.............O.K"1......5.&{j.T. .BBo..e...6..<...@.B?..1..)..G.b.K... .!.......,.... . ....@.pH$&4.Bq.$..D..b(.......V....[4.._..:.t:"r.qh@..a..)..g.Bk_.o..E.g~.....#r.JD.g.xl.oWF.C....~mg......o.D.....B.....w...K.!.......C........wE... ..d....X.............r................s'...xM.&T$$..\|M...C.... .A...Bl..d....K.d.V..?oFl-X. .L[.J*....6..!."...5\@....p..oI..m...N!Q.Xm..@..%2u:uH2.\.R.#.a..!.......,.... . ....@.pH$...Bq.$&.D...(..L....V....[$.....:4P(.r.s..._...I..g.BxB.o..E g.w^

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	404
Entropy (8bit):	5.104933128586477
Encrypted:	false
SSDEEP:	12:XlVTgIC++jjdt08cKHwLQcYahZR3Xzjbck1ZM:X7EIC+YjLVcjLBVvFj317M
MD5:	34967D55AD27C484A0BBE6BCACAEDA03
SHA1:	B49A5B6BA6538271C3EC0F82B756BAE7998312AD
SHA-256:	611040FEE1945FFE3BB8C8581F1622C4A5FAFF722B00FAA254359A170F7E71F2
SHA-512:	C652A692960CA99E22EADA7AE75A206B5D50BE098991279AE6BF2A5BC52437DC4E7E406764BC37AC4AFBED79F73FE8A16675349C7F3C8F25B786F82FF1ED7A13
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/icloud-archivos/style.css
Preview:	.errorlogin {.background-color: #FAE9A3;.position: absolute;.width:70%;.margin-left: -37%;.border-radius: 5px;.left: 52%;.padding: 1em;.border: 1px solid rgba(185,149,1,0.47);.box-shadow: 0px 5px 10px 2px rgba(0,0,0,0.1);.margin-top: 9px;.padding: 15px;.color: #503E30;.font-weight: 400;.text-align: center;.z-index: 10;.font-size: 15px;.letter-spacing: -0.016em;.font-weight: 500;.font-family: arial;.}

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 382 x 50, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1240
Entropy (8bit):	7.76387952763145
Encrypted:	false
SSDEEP:	24:6wss9YhvQELfVIWf1W9jKNhW0i9i3rhrk58hsUY:6wss9OFLfOWsqWbidrkaA
MD5:	AFE4BC3227B4889FC78A8181E014A931
SHA1:	E3FF6C0083FBEDED76E33ACE08BACAC04E7AD35B
SHA-256:	E39F78E3FD9428C8AD22060046D9CC07D65CF9FA784A16A3925B9ACB52F35C3D
SHA-512:	59A92FDEE85A7E47A8D2D0CF757BFFAD15187F5095F74E87CCD3074EB6FA9A18E3286ABD27919135C534A07E3BA350C6BCDDF974B77FE2D58AB5510964DAE8BB
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/sep.png
Preview:	.PNG........IHDR...~...2........l....pHYs...........~.....PLTE....................tRNS....9.qb...^IDATh..Y..0..:.....u.._.Y#.....8.A...X.5....95.b..j.f.?...../V..?.:..'.gL.#..o.^S)%'y.....h.u....x...]].w.Qu.......V..u.7.K.U......b...W#.y.@.1. .r..\|-..Z.%.\|.....F$........k....-.......J. .h.{.....5@..5....L........\|D@...2..........(....\.......O..W.+...:...QB.4..../ ?K..(..x.....+ ..=....)...r.../...P...;....UX..-..t.&.T.....HD.[.aA.0.gz..F^...@OS.......vk,4...V~.A..c0. .;..j...o. A...(..........?:.R8...\|.Em..\|.~.......S......R.!.MBk..i..>\|.\|.@....h....=J.c..-.......?.?..9...h...:...K.19..Pm..F..$...4..%.) ....0<n....Y.....$z..2^....u....E.T;..q..d.P.j..yQ.,.U..y.......dDm.`!..n.l..T..x?.....TC[.i.$.:.MC.......m.....`.W...Qc..t.Zf....k.z%...., .2.0...:3...{.6J........X..mDXiv.?..!p.{....46u......W=..k.y..LB...._.9....{1>...F.h.q....~z4.=:..{.7.o:.1..>.1..=..}+<<......Y'......,..P.....k..$...$.J"V.#.......f..{.....[.#.....WN.I.W...t....E.p..

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	4391
Entropy (8bit):	5.193204943336862
Encrypted:	false
SSDEEP:	24:EUasapQXl/bQKadaCQXlSwa+Xl/bQUaFaaQXl/EkavkavK6QXl/bQikavlav6QX7:EseItUX8FiBzM4qCZ0Ib
MD5:	98EE635650C7CCDA9930ADFC60219383
SHA1:	E03849F92A5DEA9E750A46FBDC7EC38566D87B47
SHA-256:	8BB6308810E034853E1CB335372AFCC0243DD73F3A431AE888FF0B4313B97251
SHA-512:	A1754FD3719C9A01A2B8D96758E3D91A419A0EA43A65120DB5B1C2A6A04F3D328184244452EE4E5F413E28286952560162AA9C3A73209F318FE98518572E6BC4
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/icloud-archivos/fonts.css
Preview:	@font-face {..font-family:'Myriad Set Pro';..font-style:normal;..font-weight:200;..src:local('..'), url("./myriad-set-pro_thin.woff") format("woff"), url("./myriad-set-pro_thin.ttf") format("truetype");../* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /.}..@font-face {..font-family:'Myriad Set Pro';..font-style:italic;..font-weight:200;..src:local('..'), url("./myriad-set-pro_thin-italic.woff") format("woff"), url("./myriad-set-pro_thin-italic.ttf") format("truetype");../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /.}..@font-face {..font-family:'Myriad Set Pro 200';..src:url("./myriad-set-pro_thin.eot");../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. */.}..@font-face {..font-family:'Myriad Set Pro';..font-style:italic;..font-weight:400;..src:local

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	82736
Entropy (8bit):	5.188382462050499
Encrypted:	false
SSDEEP:	768:p3DE+MKeKEamqCwcMOEkSqyWmA0i4OoIIWabTPXhY3Zzw9/D+FLly/LHRMTtfwNc:p32x6g+g8GlJ532PVwJgjCWyLnL
MD5:	F6879EEF31E55654B039B091AADEEE8E
SHA1:	29969D2D39AF6E453A03B612FBFFC007E79A3310
SHA-256:	A4C47AB92567B53E340EC45955BCF553BB99D3141EEDB45993C2494B29834E91
SHA-512:	CC646422604250DEBC3CA63A75E4B7EF93D0A04E1BE769688FF2024A94548555128BD5C1A86787485EE6BA4E654CDF78CAE0B4056FDACF0E3B7AAFEF5060EBCA
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/icloud-archivos/app.css
Preview:	html {..font-family: sans-serif;..-ms-text-size-adjust: 100%;..-webkit-text-size-adjust: 100%;.}..body {..margin: 0;.}..article,.aside,.details,.figcaption,.figure,.footer,.header,.hgroup,.main,.menu,.nav,.section,.summary {..display: block;.}..audio,.canvas,.progress,.video {..display: inline-block;..vertical-align: baseline;.}..audio:not([controls]) {..display: none;..height: 0;.}..[hidden],.template {..display: none;.}..a {..background-color: transparent;.}..a:active,.a:hover {..outline: 0;.}..abbr[title] {..border-bottom: 1px dotted;.}..b,.strong {..font-weight: bold;.}..dfn {..font-style: italic;.}..h1 {..font-size: 2em;..margin: 0.67em 0;.}..mark {..background: #ff0;..color: #000;.}..small {..font-size: 80%;.}..sub,.sup {..font-size: 75%;..line-height: 0;..position: relative;..vertical-align: baseline;.}..sup {..top: -0.5em;.}..sub {..bottom: -0.25em;.}..img {..border: 0;.}..svg:not(:root) {..overflow: hidden;.}..figure {..margin: 1em 40px;.}..hr {..box-sizing: content-box;..heig

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 32 x 32
Category:	downloaded
Size (bytes):	4178
Entropy (8bit):	7.491119873175258
Encrypted:	false
SSDEEP:	48:3je4MHZKDtbvGOFkYajWVOwD2W4UYX084HY4zHdwU4zeoAF5R4JTp3uV04gBFy8g:3je4XtDlqWdWvfWJXPF5RcdU0dsmuS
MD5:	20295FD727FBC02635F3D8C947E54556
SHA1:	DE01015DB36A6330D4E0854A69555A5E3F3556C7
SHA-256:	93C99B1A62BDEF426C6029D8EEAA796AF079BD0B67C7BD67FDA444E8AFB6F562
SHA-512:	495A1766EC0560E31689C449AF356BDB88CD862784D9B4C7E2E3AD1E4345ED2EAE434FC15B3ECEAC04397E49C21AC52096B1434B465AB8D8A2DF2F0129820CF4
Malicious:	false
Reputation:	low
URL:	https://support-ld-maps.info/assets/img/ajax-loader.gif
Preview:	GIF89a . .........................~~~................................>>>VVV```\|\|\|......JJJlll...............,,,^^^...LLL.................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . ....@.pH$.8.Gq.$N..A.3(..L....V....K\|P(...:.(..r.B.._@X!/...BxBnb}E.g....o.r..E.g..^..oWD.c.....JC.g......oqm.o..........E.....{p~....r...D....}.M....d......K......r.........o....\|........].q...` 9C.f).$'.=..}.C.^.u..-.H..!.............O.K"1......5.&{j.T. .BBo..e...6..<...@.B?..1..)..G.b.K... .!.......,.... . ....@.pH$&4.Bq.$..D..b(.......V....[4.._..:.t:"r.qh@..a..)..g.Bk_.o..E.g~.....#r.JD.g.xl.oWF.C....~mg......o.D.....B.....w...K.!.......C........wE... ..d....X.............r................s'...xM.&T$$..\|M...C.... .A...Bl..d....K.d.V..?oFl-X. .L[.J*....6..!."...5\@....p..oI..m...N!Q.Xm..@..%2u:uH2.\.R.#.a..!.......,.... . ....@.pH$...Bq.$&.D...(..L....V....[$.....:4P(.r.s..._...I..g.BxB.o..E g.w^

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 382 x 50, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	7.76387952763145
Encrypted:	false
SSDEEP:	24:6wss9YhvQELfVIWf1W9jKNhW0i9i3rhrk58hsUY:6wss9OFLfOWsqWbidrkaA
MD5:	AFE4BC3227B4889FC78A8181E014A931
SHA1:	E3FF6C0083FBEDED76E33ACE08BACAC04E7AD35B
SHA-256:	E39F78E3FD9428C8AD22060046D9CC07D65CF9FA784A16A3925B9ACB52F35C3D
SHA-512:	59A92FDEE85A7E47A8D2D0CF757BFFAD15187F5095F74E87CCD3074EB6FA9A18E3286ABD27919135C534A07E3BA350C6BCDDF974B77FE2D58AB5510964DAE8BB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...~...2........l....pHYs...........~.....PLTE....................tRNS....9.qb...^IDATh..Y..0..:.....u.._.Y#.....8.A...X.5....95.b..j.f.?...../V..?.:..'.gL.#..o.^S)%'y.....h.u....x...]].w.Qu.......V..u.7.K.U......b...W#.y.@.1. .r..\|-..Z.%.\|.....F$........k....-.......J. .h.{.....5@..5....L........\|D@...2..........(....\.......O..W.+...:...QB.4..../ ?K..(..x.....+ ..=....)...r.../...P...;....UX..-..t.&.T.....HD.[.aA.0.gz..F^...@OS.......vk,4...V~.A..c0. .;..j...o. A...(..........?:.R8...\|.Em..\|.~.......S......R.!.MBk..i..>\|.\|.@....h....=J.c..-.......?.?..9...h...:...K.19..Pm..F..$...4..%.) ....0<n....Y.....$z..2^....u....E.T;..q..d.P.j..yQ.,.U..y.......dDm.`!..n.l..T..x?.....TC[.i.$.:.MC.......m.....`.W...Qc..t.Zf....k.z%...., .2.0...:3...{.6J........X..mDXiv.?..!p.{....46u......W=..k.y..LB...._.9....{1>...F.h.q....~z4.=:..{.7.o:.1..>.1..=..}+<<......Y'......,..P.....k..$...$.J"V.#.......f..{.....[.#.....WN.I.W...t....E.p..

Static File Info

⊘No static file info

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-13T20:09:27.302999+0200	2018334	ET PHISHING Possible Phish - Saved Website Comment Observed	2	50.6.138.164	443	192.168.2.8	49711	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 20:09:15.047754049 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.047770977 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.047844887 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.050172091 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.056386948 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.058598042 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.059401989 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.059523106 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.059562922 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.059593916 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.061691046 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.061801910 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.066605091 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.113205910 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.143964052 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.147315979 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.147528887 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.149480104 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.152426958 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.154958963 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.155913115 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.157949924 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.160629034 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.160643101 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.160708904 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.162925005 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.162976027 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.167994976 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.246156931 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.246170998 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.246301889 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.249389887 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.249424934 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.254374027 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.256875038 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.259457111 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.259723902 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.259777069 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.259886026 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.259886026 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.262132883 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.262132883 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.267039061 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.363723040 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.363739014 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.363857985 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.366910934 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.366910934 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.373924017 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.385713100 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.385729074 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.385814905 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.388851881 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.389391899 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.395869970 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.452651978 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.455539942 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.466197014 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.466217995 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.466376066 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.468992949 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.468992949 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.475091934 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.488646030 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.488666058 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.488817930 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.491086006 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.491204023 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.496005058 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.554507971 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.558414936 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.566682100 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.566698074 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.566795111 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.569469929 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.569717884 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.574702024 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.590101004 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.590519905 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.590600014 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.593286037 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.593610048 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.598913908 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.655379057 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.658930063 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.668368101 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.668386936 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.668469906 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.670830011 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.670958042 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.675693035 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.713978052 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.713999987 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.714072943 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.716767073 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.717048883 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.722138882 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.770190001 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.770323992 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.770379066 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.773365021 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.773540020 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.778825998 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.802464008 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.805361032 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.815563917 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.815711021 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.815762043 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.818527937 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.818666935 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.823972940 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.872081041 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.872111082 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.872176886 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.875185013 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.875269890 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.880280018 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.904301882 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.907018900 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.925079107 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.925147057 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.925389051 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.927917004 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.928201914 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.933376074 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.972184896 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.972264051 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:15.972456932 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.975256920 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.975256920 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:15.980391979 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.022054911 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.025326967 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.031743050 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.031768084 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.031778097 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.031837940 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.034427881 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.034544945 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.039455891 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.072431087 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.072504044 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.072854042 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.075817108 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.075967073 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.080845118 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.128149986 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.131215096 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.132535934 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.132560015 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.132617950 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.132870913 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.134854078 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.135015965 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.139653921 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.175652981 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.175667048 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.175786972 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.178874969 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.178927898 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.183737040 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.228343010 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.228358030 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.228573084 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.232878923 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.234807014 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.234818935 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.234844923 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.234920025 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.238251925 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.243046045 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.264347076 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.266881943 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.275903940 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.276002884 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.276102066 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.277779102 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.277832985 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.277868032 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.277920008 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.278409004 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.280049086 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.284920931 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.345544100 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.345721006 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.345876932 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.349366903 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.349935055 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.354649067 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.364521027 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.366640091 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.383043051 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.383352041 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.383420944 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.386183977 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.387216091 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.392031908 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.455952883 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.455970049 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.456033945 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.471862078 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.525752068 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.543018103 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.543088913 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:09:16.543159008 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:09:16.744493961 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 13, 2024 20:09:18.010094881 CEST	49671	443	192.168.2.8	204.79.197.203
Oct 13, 2024 20:09:18.338159084 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 13, 2024 20:09:19.243989944 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 13, 2024 20:09:19.588200092 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 13, 2024 20:09:26.460870981 CEST	49676	443	192.168.2.8	52.182.143.211
Oct 13, 2024 20:09:26.654644966 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.654676914 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:26.654740095 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.655381918 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.655415058 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:26.655483007 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.656245947 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.656263113 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:26.656383038 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:26.656414032 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.169250011 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.169538975 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.169564962 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.170212984 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.170275927 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.171245098 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.171309948 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.172346115 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.172431946 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.172499895 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.172511101 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.186615944 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.186896086 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.186920881 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.187289000 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.187355042 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.188100100 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.188149929 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.188328028 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.188405991 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.220561981 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.235929012 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.235948086 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.287234068 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.302661896 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302690029 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302699089 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302746058 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302750111 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.302769899 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302876949 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.302920103 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.320485115 CEST	49711	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.320516109 CEST	443	49711	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.362611055 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.363101006 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.363140106 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.363269091 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.363643885 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.363660097 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.364124060 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.364171982 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.365086079 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.365962982 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.365976095 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.407399893 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.489454031 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.489480019 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.489487886 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.489558935 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.489583969 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.489598989 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.490063906 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.494297981 CEST	49712	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.494318962 CEST	443	49712	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.523308039 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.523338079 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.523447990 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.524226904 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.524235010 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.524445057 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.524456978 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.524476051 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.524667025 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.524674892 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.868791103 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.869102001 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.869138002 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.869546890 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.869909048 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.869970083 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.870069027 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.897900105 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.898148060 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.898164988 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.898576975 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.898930073 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.899004936 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.899213076 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:27.915406942 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:27.943398952 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.009433031 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.009460926 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.009519100 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.009543896 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.028232098 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.028306007 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.028321981 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.041794062 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.042043924 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.042072058 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.042416096 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.042485952 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.042542934 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.042578936 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.042586088 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.042958021 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.043011904 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043236971 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.043312073 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043411970 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043479919 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.043566942 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043576956 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.043685913 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.043737888 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043906927 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.043971062 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.044049025 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.044054985 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.044986010 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.045067072 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.045145988 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.045903921 CEST	49715	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.045919895 CEST	443	49715	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.083643913 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.083645105 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.083643913 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.098170042 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.098181963 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.098242998 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.099016905 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.099025011 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.099064112 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.099102974 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.117150068 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.117157936 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.117196083 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.117204905 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.117217064 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.117238998 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.117271900 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.117285967 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.181235075 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181325912 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181328058 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181346893 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181375980 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.181415081 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.181426048 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181476116 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.181483984 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181540012 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.181581974 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.183177948 CEST	49717	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.183192968 CEST	443	49717	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.186454058 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.186517000 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.186553955 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.186559916 CEST	443	49718	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.186573029 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.186621904 CEST	49718	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.187057972 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.187117100 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.187963009 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.188025951 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.188843012 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.188894033 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.188944101 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.188982010 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.188988924 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.189001083 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.189050913 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.190900087 CEST	49716	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.190916061 CEST	443	49716	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.232727051 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.232773066 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.232846022 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.233087063 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.233099937 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.233581066 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.233675957 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.233787060 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.233903885 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.233937025 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.346400023 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.346451044 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.346501112 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.346667051 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.346699953 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.346748114 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.346927881 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.346940994 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.347069025 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.347078085 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.732330084 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.732614994 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.732640028 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.732991934 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.733335018 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.733381033 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.733478069 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.753947020 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.755326986 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.755337954 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.756246090 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.756578922 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.756652117 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.756761074 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.775394917 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.803397894 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.846988916 CEST	49673	443	192.168.2.8	23.206.229.226
Oct 13, 2024 20:09:28.847968102 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.849306107 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.856914997 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.856920004 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.856935024 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.856945992 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.857340097 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.857366085 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.857395887 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.858036995 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.858058929 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.858098030 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.858118057 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.858598948 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.867120981 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.867259979 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.867605925 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.867605925 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.867614031 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.867660046 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.867722034 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.874969959 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.874990940 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.875164986 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.875174046 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.875634909 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.875701904 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.875724077 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.876174927 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.897500038 CEST	49720	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.897512913 CEST	443	49720	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.901689053 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.901722908 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.901894093 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.901905060 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.902024031 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.902086020 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.902436018 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.912996054 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.912997007 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.913003922 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.916320086 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.916361094 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.916651964 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.916980028 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.916990995 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.921052933 CEST	49721	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.921096087 CEST	443	49721	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.933422089 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.933458090 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.935091019 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.936018944 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:28.936047077 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:28.936080933 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.936095953 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.937306881 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:28.941340923 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:28.941358089 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:28.958962917 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.971721888 CEST	49677	80	192.168.2.8	192.229.211.108
Oct 13, 2024 20:09:28.986505985 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.986530066 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.986601114 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.986628056 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.987155914 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.987433910 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.987519026 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.987782955 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.997175932 CEST	49722	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.997178078 CEST	49723	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:28.997193098 CEST	443	49723	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:28.997193098 CEST	443	49722	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.194607973 CEST	49672	443	192.168.2.8	23.206.229.226
Oct 13, 2024 20:09:29.295607090 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:29.295653105 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:29.295768023 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:29.297389030 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:29.297405958 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:29.730295897 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.730478048 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.730597019 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.730618000 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.731034994 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.731049061 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.731077909 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.731538057 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.731538057 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.731558084 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.731617928 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.731641054 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.732017994 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.732017994 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.732033968 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.732095957 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.741584063 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:29.742010117 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:29.742036104 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:29.743561983 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:29.743680954 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:29.744683981 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:29.744760990 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:29.784519911 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.784531116 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:29.784548044 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.784595013 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:29.831722021 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:29.875741005 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875761032 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875768900 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875792980 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875806093 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875813961 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.875824928 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875835896 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.875863075 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.875874043 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.876576900 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876610994 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876640081 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876642942 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876651049 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876677036 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876683950 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.876707077 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.876734972 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.876748085 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.877227068 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.877265930 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.877275944 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.877290010 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.877326965 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.877337933 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.901141882 CEST	49724	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.901154041 CEST	443	49724	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.932116032 CEST	49725	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.932149887 CEST	443	49725	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.937232018 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.937309027 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:29.937372923 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.937700987 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:29.937727928 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.008058071 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.008152008 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.012701035 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.012717009 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.012979031 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.065319061 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.309294939 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.351455927 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.449604034 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.449822903 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.449848890 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.450254917 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.450628996 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.450761080 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.450767040 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.450858116 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.495143890 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.524518967 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.524602890 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.524646044 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.524717093 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.524734974 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.524750948 CEST	49730	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.524756908 CEST	443	49730	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.586317062 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.586349010 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.586404085 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.586697102 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:30.586721897 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:30.589901924 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.589920998 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.589929104 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.589977026 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.589979887 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.590003014 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.590039968 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.590045929 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.590059996 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.590097904 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.591763973 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.591775894 CEST	443	49731	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.591784954 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.591823101 CEST	49731	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.604372025 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.604406118 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.604458094 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.604711056 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:30.604727030 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:30.937911034 CEST	443	49705	23.206.229.226	192.168.2.8
Oct 13, 2024 20:09:30.937999010 CEST	49705	443	192.168.2.8	23.206.229.226
Oct 13, 2024 20:09:31.125124931 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.125401974 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.125431061 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.125812054 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.126135111 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.126214027 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.126499891 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.167403936 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267493963 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267514944 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267556906 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267568111 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.267595053 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267616034 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.267905951 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.268412113 CEST	49733	443	192.168.2.8	50.6.138.164
Oct 13, 2024 20:09:31.268430948 CEST	443	49733	50.6.138.164	192.168.2.8
Oct 13, 2024 20:09:31.298875093 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.298957109 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.300945997 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.300956011 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.301182032 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.302237988 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.347399950 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.631550074 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.631620884 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.631844997 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.632539988 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.632539988 CEST	49732	443	192.168.2.8	184.28.90.27
Oct 13, 2024 20:09:31.632561922 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:31.632571936 CEST	443	49732	184.28.90.27	192.168.2.8
Oct 13, 2024 20:09:39.485579014 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:39.485651016 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:09:39.485706091 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:41.254010916 CEST	49726	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:09:41.254040956 CEST	443	49726	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:08.534415007 CEST	49703	80	192.168.2.8	199.232.210.172
Oct 13, 2024 20:10:08.846402884 CEST	49703	80	192.168.2.8	199.232.210.172
Oct 13, 2024 20:10:09.019717932 CEST	80	49703	199.232.210.172	192.168.2.8
Oct 13, 2024 20:10:09.020134926 CEST	80	49703	199.232.210.172	192.168.2.8
Oct 13, 2024 20:10:09.021073103 CEST	49703	80	192.168.2.8	199.232.210.172
Oct 13, 2024 20:10:28.989195108 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:28.989243031 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:28.989382029 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:28.989754915 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:28.989773035 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:29.671631098 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:29.672032118 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:29.672060013 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:29.672410965 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:29.672852993 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:29.672928095 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:29.721138954 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:39.637193918 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:39.637258053 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:39.637484074 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:41.355449915 CEST	49738	443	192.168.2.8	142.250.185.196
Oct 13, 2024 20:10:41.355470896 CEST	443	49738	142.250.185.196	192.168.2.8
Oct 13, 2024 20:10:46.543263912 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:10:46.543446064 CEST	443	49704	13.107.246.45	192.168.2.8
Oct 13, 2024 20:10:46.543565035 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:10:46.544038057 CEST	49704	443	192.168.2.8	13.107.246.45
Oct 13, 2024 20:10:46.548844099 CEST	443	49704	13.107.246.45	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 20:09:24.816307068 CEST	53	62005	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:24.816657066 CEST	53	49427	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:25.853084087 CEST	53	55846	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:26.384529114 CEST	57554	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:26.384726048 CEST	60934	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:26.494479895 CEST	53	60934	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:26.610702038 CEST	53	57554	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:28.025064945 CEST	53	53468	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:28.199861050 CEST	59847	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:28.200025082 CEST	60126	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:28.309927940 CEST	53	59847	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:28.439332962 CEST	53	60126	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:28.928232908 CEST	52800	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:28.928232908 CEST	54861	53	192.168.2.8	1.1.1.1
Oct 13, 2024 20:09:28.934952021 CEST	53	52800	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:28.935044050 CEST	53	54861	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:29.227225065 CEST	53	51642	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:29.240982056 CEST	53	58595	1.1.1.1	192.168.2.8
Oct 13, 2024 20:09:43.221575975 CEST	53	61768	1.1.1.1	192.168.2.8
Oct 13, 2024 20:10:03.071275949 CEST	53	60841	1.1.1.1	192.168.2.8
Oct 13, 2024 20:10:07.197082996 CEST	138	138	192.168.2.8	192.168.2.255
Oct 13, 2024 20:10:24.207098007 CEST	53	65149	1.1.1.1	192.168.2.8
Oct 13, 2024 20:10:25.589679956 CEST	53	54348	1.1.1.1	192.168.2.8

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 13, 2024 20:09:28.439403057 CEST	192.168.2.8	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 13, 2024 20:09:26.384529114 CEST	192.168.2.8	1.1.1.1	0xa373	Standard query (0)	support-ld-maps.info	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:26.384726048 CEST	192.168.2.8	1.1.1.1	0x9b1	Standard query (0)	support-ld-maps.info	65	IN (0x0001)	false
Oct 13, 2024 20:09:28.199861050 CEST	192.168.2.8	1.1.1.1	0x9fda	Standard query (0)	support-ld-maps.info	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:28.200025082 CEST	192.168.2.8	1.1.1.1	0xd43b	Standard query (0)	support-ld-maps.info	65	IN (0x0001)	false
Oct 13, 2024 20:09:28.928232908 CEST	192.168.2.8	1.1.1.1	0x84f6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:28.928232908 CEST	192.168.2.8	1.1.1.1	0x4ec8	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 13, 2024 20:09:26.610702038 CEST	1.1.1.1	192.168.2.8	0xa373	No error (0)	support-ld-maps.info		50.6.138.164	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:28.309927940 CEST	1.1.1.1	192.168.2.8	0x9fda	No error (0)	support-ld-maps.info		50.6.138.164	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:28.934952021 CEST	1.1.1.1	192.168.2.8	0x84f6	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:28.935044050 CEST	1.1.1.1	192.168.2.8	0x4ec8	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 13, 2024 20:09:40.043908119 CEST	1.1.1.1	192.168.2.8	0xc1f8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 20:09:40.043908119 CEST	1.1.1.1	192.168.2.8	0xc1f8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:09:58.307380915 CEST	1.1.1.1	192.168.2.8	0x9aa8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 20:09:58.307380915 CEST	1.1.1.1	192.168.2.8	0x9aa8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:10:17.292903900 CEST	1.1.1.1	192.168.2.8	0xbab4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 20:10:17.292903900 CEST	1.1.1.1	192.168.2.8	0xbab4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 13, 2024 20:10:37.652580023 CEST	1.1.1.1	192.168.2.8	0x2206	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 20:10:37.652580023 CEST	1.1.1.1	192.168.2.8	0x2206	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

support-ld-maps.info

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49711	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:27 UTC	694	OUT	GET /icloud-archivos/code2022esp.php HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:27 UTC	229	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:27 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Accept-Ranges: none Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-10-13 18:09:27 UTC	7963	IN	Data Raw: 32 35 36 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 21 2d 2d 20 73 61 76 65 64 20 66 72 6f 6d 20 75 72 6c 3d 28 30 30 35 30 29 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 63 6c 6f 75 64 2e 63 6f 6d 2d 6e 73 2e 75 73 2f 61 55 33 56 31 2f 6d 6f 62 69 6c 65 2f 63 6f 64 65 2e 70 68 70 20 2d 2d 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 Data Ascii: 256e<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">... saved from url=(0050)https://www.icloud.com-ns.us/aU3V1/mobile/code.php --><html><head><meta http-equiv="Content-Type" content="text/html; c
2024-10-13 18:09:27 UTC	1625	IN	Data Raw: 3d 3d 38 29 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 68 61 72 31 22 29 2e 66 6f 63 75 73 28 29 3b 0a 7d 0a 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 61 72 63 68 61 72 32 28 65 29 20 7b 20 0a 20 20 20 20 74 65 63 6c 61 20 3d 20 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 20 3f 20 65 2e 6b 65 79 43 6f 64 65 20 3a 20 65 2e 77 68 69 63 68 3b 20 0a 20 20 20 20 69 66 20 28 74 65 63 6c 61 3d 3d 38 29 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 68 61 72 32 22 29 2e 66 6f 63 75 73 28 29 3b 0a 7d 0a 66 75 6e 63 74 69 6f 6e 20 76 61 6c 69 64 61 72 63 68 61 72 33 28 65 29 20 7b 20 0a 20 20 20 20 74 65 63 6c 61 20 3d 20 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 20 3f 20 65 2e 6b 65 79 43 6f 64 Data Ascii: ==8) document.getElementById("char1").focus();}function validarchar2(e) { tecla = (document.all) ? e.keyCode : e.which; if (tecla==8) document.getElementById("char2").focus();}function validarchar3(e) { tecla = (document.all) ? e.keyCod
2024-10-13 18:09:27 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2024-10-13 18:09:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49712	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:27 UTC	595	OUT	GET /icloud-archivos/fonts.css HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:27 UTC	253	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:27 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 26 Nov 2022 14:31:26 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Length: 4391 Content-Type: text/css
2024-10-13 18:09:27 UTC	4391	IN	Data Raw: 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 4d 79 72 69 61 64 20 53 65 74 20 50 72 6f 27 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 32 30 30 3b 0a 09 73 72 63 3a 6c 6f 63 61 6c 28 27 e2 98 ba ef b8 8e 27 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 68 69 6e 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 68 69 6e 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 32 20 41 64 6f 62 65 20 53 79 73 74 65 6d 73 20 49 6e 63 6f 72 70 6f 72 61 74 65 Data Ascii: @font-face {font-family:'Myriad Set Pro';font-style:normal;font-weight:200;src:local(''), url("./myriad-set-pro_thin.woff") format("woff"), url("./myriad-set-pro_thin.ttf") format("truetype");/* Copyright (c) 1992 Adobe Systems Incorporate

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49716	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:27 UTC	593	OUT	GET /icloud-archivos/app.css HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	254	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:27 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 26 Nov 2022 14:31:26 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Length: 82736 Content-Type: text/css
2024-10-13 18:09:28 UTC	7938	IN	Data Raw: 68 74 6d 6c 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 09 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 61 72 74 69 63 6c 65 2c 0a 61 73 69 64 65 2c 0a 64 65 74 61 69 6c 73 2c 0a 66 69 67 63 61 70 74 69 6f 6e 2c 0a 66 69 67 75 72 65 2c 0a 66 6f 6f 74 65 72 2c 0a 68 65 61 64 65 72 2c 0a 68 67 72 6f 75 70 2c 0a 6d 61 69 6e 2c 0a 6d 65 6e 75 2c 0a 6e 61 76 2c 0a 73 65 63 74 69 6f 6e 2c 0a 73 75 6d 6d 61 72 79 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 61 75 64 69 6f 2c 0a 63 61 6e Data Ascii: html {font-family: sans-serif;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;}body {margin: 0;}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary {display: block;}audio,can
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 31 30 20 7b 0a 09 09 77 69 64 74 68 3a 20 38 33 2e 33 33 33 33 33 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 31 31 20 7b 0a 09 09 77 69 64 74 68 3a 20 39 31 2e 36 36 36 36 37 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 31 32 20 7b 0a 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 30 20 7b 0a 09 09 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 31 20 7b 0a 09 09 72 69 67 68 74 3a 20 38 2e 33 33 33 33 33 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 32 20 7b 0a 09 09 72 69 67 68 74 3a 20 31 36 2e 36 36 36 36 37 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 75 6c 6c 2d 33 20 7b 0a 09 09 72 69 67 68 74 3a Data Ascii: %;}.col-sm-10 {width: 83.33333%;}.col-sm-11 {width: 91.66667%;}.col-sm-12 {width: 100%;}.col-sm-pull-0 {right: auto;}.col-sm-pull-1 {right: 8.33333%;}.col-sm-pull-2 {right: 16.66667%;}.col-sm-pull-3 {right:
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 33 33 33 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 64 34 64 34 64 34 3b 0a 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 38 63 38 63 38 63 3b 0a 7d 0a 0a 2e 62 74 6e 2d 64 65 66 61 75 6c 74 3a 61 63 74 69 76 65 2c 0a 2e 62 74 6e 2d 64 65 66 61 75 6c 74 2e 61 63 74 69 76 65 2c 0a 2e 6f 70 65 6e 3e 2e 62 74 6e 2d 64 65 66 61 75 6c 74 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 62 74 6e 2d 64 65 66 61 75 6c 74 2e 64 69 73 61 62 6c 65 64 2c 0a 2e 62 74 6e 2d 64 65 66 61 75 6c 74 2e 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 2c 0a 2e 62 74 6e 2d 64 65 66 61 75 6c 74 2e 64 69 73 61 62 6c 65 64 3a 66 6f 63 75 73 2c 0a 2e 62 74 6e 2d 64 65 Data Ascii: 333;background-color: #d4d4d4;border-color: #8c8c8c;}.btn-default:active,.btn-default.active,.open>.btn-default.dropdown-toggle {background-image: none;}.btn-default.disabled,.btn-default.disabled:hover,.btn-default.disabled:focus,.btn-de
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 3b 0a 7d 0a 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 3a 66 6f 63 75 73 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 2e 66 6f 63 75 73 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 3a 61 63 74 69 76 65 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 2e 64 69 73 61 62 6c 65 64 2e 61 63 74 69 76 65 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 5b 64 69 73 61 62 6c 65 64 5d 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 5b 64 69 73 61 62 6c 65 64 5d 3a 68 6f 76 65 72 2c 0a 2e 62 74 6e 2d 64 61 6e 67 65 72 5b 64 69 73 61 62 6c 65 64 5d 3a 66 6f 63 75 73 2c 0a 2e 62 74 6e 2d Data Ascii: ;}.btn-danger.disabled,.btn-danger.disabled:hover,.btn-danger.disabled:focus,.btn-danger.disabled.focus,.btn-danger.disabled:active,.btn-danger.disabled.active,.btn-danger[disabled],.btn-danger[disabled]:hover,.btn-danger[disabled]:focus,.btn-
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 3a 20 22 5c 66 31 31 36 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 61 64 69 6f 5f 66 69 6c 6c 3a 62 65 66 6f 72 65 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 37 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 61 64 69 6f 5f 6f 66 66 3a 62 65 66 6f 72 65 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 38 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 61 64 69 6f 5f 6f 6e 3a 62 65 66 6f 72 65 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 39 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 65 6c 6f 61 64 3a 62 65 66 6f 72 65 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 61 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 20 7b 0a 09 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 31 31 62 22 3b 0a 7d 0a 0a 2e 69 63 6f 6e 5f 72 65 6d 6f 76 65 Data Ascii: : "\f116";}.icon_radio_fill:before {content: "\f117";}.icon_radio_off:before {content: "\f118";}.icon_radio_on:before {content: "\f119";}.icon_reload:before {content: "\f11a";}.icon_remove:before {content: "\f11b";}.icon_remove
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 70 3a 20 39 35 25 3b 0a 09 7d 0a 09 32 35 25 20 7b 0a 09 09 74 6f 70 3a 20 36 35 25 3b 0a 09 7d 0a 09 37 35 25 20 7b 0a 09 09 74 6f 70 3a 20 33 30 25 3b 0a 09 7d 0a 09 31 30 30 25 20 7b 0a 09 09 74 6f 70 3a 20 30 3b 0a 09 7d 0a 7d 0a 0a 40 2d 6b 68 74 6d 6c 2d 6b 65 79 66 72 61 6d 65 73 20 73 6c 69 64 65 75 70 20 7b 0a 09 30 25 20 7b 0a 09 09 74 6f 70 3a 20 39 35 25 3b 0a 09 7d 0a 09 32 35 25 20 7b 0a 09 09 74 6f 70 3a 20 36 35 25 3b 0a 09 7d 0a 09 37 35 25 20 7b 0a 09 09 74 6f 70 3a 20 33 30 25 3b 0a 09 7d 0a 09 31 30 30 25 20 7b 0a 09 09 74 6f 70 3a 20 30 3b 0a 09 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 6c 69 64 65 75 70 20 7b 0a 09 30 25 20 7b 0a 09 09 74 6f 70 3a 20 39 35 25 3b 0a 09 7d 0a 09 32 35 25 20 7b 0a 09 09 74 6f 70 3a 20 36 35 25 Data Ascii: p: 95%;}25% {top: 65%;}75% {top: 30%;}100% {top: 0;}}@-khtml-keyframes slideup {0% {top: 95%;}25% {top: 65%;}75% {top: 30%;}100% {top: 0;}}@keyframes slideup {0% {top: 95%;}25% {top: 65%
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 3a 20 34 30 30 3b 0a 7d 0a 0a 2e 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 69 2d 6c 69 6e 6b 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 30 70 78 3b 0a 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 7d 0a 0a 2e 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 69 2d 6c 69 6e 6b 3a 68 6f 76 65 72 20 7b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 2e 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 69 2d 73 74 65 70 2c 0a 2e 77 Data Ascii: : 400;}.widget-container .si-link {font-size: 14px;cursor: pointer;text-decoration: none;margin: 20px 0px;display: inline;font-weight: 400;}.widget-container .si-link:hover {text-decoration: underline;}.widget-container .si-step,.w
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 69 7a 65 3a 20 31 38 70 78 3b 0a 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 30 70 78 3b 0a 09 7d 0a 7d 0a 0a 68 74 6d 6c 5b 64 69 72 3d 22 72 74 6c 22 5d 20 2e 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 73 70 69 6e 6e 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2e 61 75 74 68 20 7b 0a 09 6c 65 66 74 3a 20 32 33 70 78 3b 0a 09 74 6f 70 3a 20 36 32 70 78 3b 0a 7d 0a 0a 2e 64 65 76 69 63 65 73 20 2e 73 69 2d 64 65 76 69 63 65 2d 72 6f 77 20 7b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 35 44 35 44 35 3b 0a 7d 0a 0a 2e 64 65 76 69 63 65 73 20 2e 73 69 2d 64 65 76 69 63 65 2d 72 6f 77 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 7b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 70 78 3b 0a 7d 0a 0a 2e 64 65 76 69 63 65 73 20 Data Ascii: ize: 18px;line-height: 20px;}}html[dir="rtl"] .widget-container .spinner-container.auth {left: 23px;top: 62px;}.devices .si-device-row {border-top: 1px solid #D5D5D5;}.devices .si-device-row:first-child {border-top: 0px;}.devices
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 3a 20 31 30 70 78 3b 0a 09 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 0a 7d 0a 0a 2e 76 65 72 69 66 79 2d 63 6f 64 65 20 2e 70 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 2e 69 6e 66 6f 20 2e 67 6f 2d 74 6f 2d 61 69 64 2d 69 6e 66 6f 20 2e 66 61 74 20 7b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 7d 0a 0a 2e 76 65 72 69 66 79 2d 63 6f 64 65 20 2e 70 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 2e 69 6e 66 6f 20 2e 67 6f 2d 74 6f 2d 61 69 64 2d 69 6e 66 6f 3a 62 65 66 6f 72 65 20 7b 0a 09 6c 65 66 74 3a 20 36 36 2e 32 25 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 Data Ascii: : 10px;border: 1px solid rgba(0, 0, 0, 0.2);}.verify-code .pop-container.info .go-to-aid-info .fat {font-weight: 600;}.verify-code .pop-container.info .go-to-aid-info:before {left: 66.2%;background-color: #fff;border-left: 1px solid rgba(0
2024-10-13 18:09:28 UTC	8000	IN	Data Raw: 70 69 6e 6e 65 72 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 65 6e 64 69 6e 67 2d 63 6f 64 65 20 7b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 73 75 70 65 72 3b 0a 7d 0a 0a 2e 76 65 72 69 66 79 2d 70 68 6f 6e 65 20 2e 68 73 61 32 2d 6e 6f 2d 63 6f 64 65 20 7b 0a 09 6d 61 78 2d 77 69 64 74 68 3a 20 35 30 35 70 78 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 09 62 6f 74 74 6f 6d 3a 20 31 38 70 78 3b 0a 7d 0a 0a 2e 76 65 72 69 66 79 2d 70 68 6f 6e 65 20 2e 68 73 61 32 2d 6e 6f 2d 63 6f 64 65 20 2e 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 38 38 43 43 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 76 Data Ascii: pinner-container.sending-code {vertical-align: super;}.verify-phone .hsa2-no-code {max-width: 505px;width: 100%;margin: auto;bottom: 18px;}.verify-phone .hsa2-no-code .link {color: #0088CC;font-size: 16px;text-decoration: none;}.v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49715	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:27 UTC	595	OUT	GET /icloud-archivos/style.css HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	252	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:27 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sat, 26 Nov 2022 14:31:26 GMT Accept-Ranges: none Vary: Accept-Encoding Content-Length: 404 Content-Type: text/css
2024-10-13 18:09:28 UTC	404	IN	Data Raw: 2e 65 72 72 6f 72 6c 6f 67 69 6e 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 45 39 41 33 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 77 69 64 74 68 3a 37 30 25 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 33 37 25 3b 0a 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 6c 65 66 74 3a 20 35 32 25 3b 0a 70 61 64 64 69 6e 67 3a 20 31 65 6d 3b 0a 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 31 38 35 2c 31 34 39 2c 31 2c 30 2e 34 37 29 3b 0a 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 35 70 78 20 31 30 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 29 3b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 39 70 78 3b 0a 70 61 64 64 69 6e 67 3a 20 31 35 70 78 3b 0a 63 Data Ascii: .errorlogin {background-color: #FAE9A3;position: absolute;width:70%;margin-left: -37%;border-radius: 5px;left: 52%;padding: 1em;border: 1px solid rgba(185,149,1,0.47);box-shadow: 0px 5px 10px 2px rgba(0,0,0,0.1);margin-top: 9px;padding: 15px;c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49718	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	642	OUT	GET /assets/img/ajax-loader.gif HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	232	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 07 May 2023 06:35:50 GMT Accept-Ranges: bytes Content-Length: 4178 Content-Type: image/gif
2024-10-13 18:09:28 UTC	4178	IN	Data Raw: 47 49 46 38 39 61 20 00 20 00 f5 00 00 ff ff ff 00 00 00 fa fa fa c4 c4 c4 e8 e8 e8 f0 f0 f0 d0 d0 d0 7e 7e 7e 9a 9a 9a f6 f6 f6 e6 e6 e6 fc fc fc 92 92 92 86 86 86 e2 e2 e2 b8 b8 b8 a0 a0 a0 ec ec ec ae ae ae dc dc dc 3e 3e 3e 56 56 56 60 60 60 7c 7c 7c a8 a8 a8 ee ee ee 4a 4a 4a 6c 6c 6c 0c 0c 0c 00 00 00 ce ce ce c8 c8 c8 d8 d8 d8 2c 2c 2c 5e 5e 5e 1e 1e 1e 4c 4c 4c b0 b0 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 fe 1a 43 72 65 61 74 65 64 20 77 69 74 68 20 61 6a 61 78 6c 6f 61 64 2e 69 6e 66 6f 00 21 Data Ascii: GIF89a ~~~>>>VVV```\|\|\|JJJlll,,,^^^LLL!NETSCAPE2.0!Created with ajaxload.info!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49717	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	623	OUT	GET /sep.png HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	232	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 07 May 2023 06:36:54 GMT Accept-Ranges: bytes Content-Length: 1240 Content-Type: image/png
2024-10-13 18:09:28 UTC	1240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 7e 00 00 00 32 04 03 00 00 00 a9 19 ad 6c 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 0f 50 4c 54 45 e8 e8 e8 e1 e1 e1 e1 e1 e1 e0 e0 e0 b6 b6 b6 d7 b9 84 90 00 00 00 05 74 52 4e 53 01 06 0c 12 39 f4 8b 71 62 00 00 04 5e 49 44 41 54 68 de ed 59 eb 99 e2 30 0c b4 3a 90 dd 81 ed 0e cc 75 c0 f5 5f d3 59 23 f9 91 dd 00 d9 bd 38 fc 41 b0 f9 f8 58 88 35 a3 d1 c3 c6 39 35 f6 62 c1 a7 6a b7 66 f7 3f b0 fb df b7 d8 fd 2f 56 bf dd bb 3f a5 3a 17 e0 a8 27 b7 67 4c 86 23 a4 94 6f a5 5e 53 29 25 27 79 91 ca ed 2a cb e2 68 ca 75 c5 fa a2 04 78 1e a3 fa 5d 5d dc 77 dd 51 75 bf 9a e2 f3 f5 0b 09 56 04 c2 75 be 37 aa 4b ba 55 04 b0 18 a3 b1 ce 62 8e e1 ee 57 23 fc 79 8b 40 f4 31 85 20 10 Data Ascii: PNGIHDR~2lpHYs~PLTEtRNS9qb^IDAThY0:u_Y#8AX595bjf?/V?:'gL#o^S)%'y*hux]]wQuVu7KUbW#y@1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49720	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	623	OUT	GET /icloud-archivos/myriad-set-pro_thin.woff HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support-ld-maps.info sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://support-ld-maps.info/icloud-archivos/fonts.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	263	IN	HTTP/1.1 404 Not Found Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 May 2023 01:50:54 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2024-10-13 18:09:28 UTC	7929	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2024-10-13 18:09:28 UTC	3887	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49721	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	623	OUT	GET /icloud-archivos/myriad-set-pro_text.woff HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support-ld-maps.info sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://support-ld-maps.info/icloud-archivos/fonts.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	263	IN	HTTP/1.1 404 Not Found Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 May 2023 01:50:54 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2024-10-13 18:09:28 UTC	7929	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2024-10-13 18:09:28 UTC	3887	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49722	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	351	OUT	GET /sep.png HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	232	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 07 May 2023 06:36:54 GMT Accept-Ranges: bytes Content-Length: 1240 Content-Type: image/png
2024-10-13 18:09:28 UTC	1240	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 7e 00 00 00 32 04 03 00 00 00 a9 19 ad 6c 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 0f 50 4c 54 45 e8 e8 e8 e1 e1 e1 e1 e1 e1 e0 e0 e0 b6 b6 b6 d7 b9 84 90 00 00 00 05 74 52 4e 53 01 06 0c 12 39 f4 8b 71 62 00 00 04 5e 49 44 41 54 68 de ed 59 eb 99 e2 30 0c b4 3a 90 dd 81 ed 0e cc 75 c0 f5 5f d3 59 23 f9 91 dd 00 d9 bd 38 fc 41 b0 f9 f8 58 88 35 a3 d1 c3 c6 39 35 f6 62 c1 a7 6a b7 66 f7 3f b0 fb df b7 d8 fd 2f 56 bf dd bb 3f a5 3a 17 e0 a8 27 b7 67 4c 86 23 a4 94 6f a5 5e 53 29 25 27 79 91 ca ed 2a cb e2 68 ca 75 c5 fa a2 04 78 1e a3 fa 5d 5d dc 77 dd 51 75 bf 9a e2 f3 f5 0b 09 56 04 c2 75 be 37 aa 4b ba 55 04 b0 18 a3 b1 ce 62 8e e1 ee 57 23 fc 79 8b 40 f4 31 85 20 10 Data Ascii: PNGIHDR~2lpHYs~PLTEtRNS9qb^IDAThY0:u_Y#8AX595bjf?/V?:'gL#o^S)%'y*hux]]wQuVu7KUbW#y@1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49723	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:28 UTC	370	OUT	GET /assets/img/ajax-loader.gif HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:28 UTC	232	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:28 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 07 May 2023 06:35:50 GMT Accept-Ranges: bytes Content-Length: 4178 Content-Type: image/gif
2024-10-13 18:09:28 UTC	4178	IN	Data Raw: 47 49 46 38 39 61 20 00 20 00 f5 00 00 ff ff ff 00 00 00 fa fa fa c4 c4 c4 e8 e8 e8 f0 f0 f0 d0 d0 d0 7e 7e 7e 9a 9a 9a f6 f6 f6 e6 e6 e6 fc fc fc 92 92 92 86 86 86 e2 e2 e2 b8 b8 b8 a0 a0 a0 ec ec ec ae ae ae dc dc dc 3e 3e 3e 56 56 56 60 60 60 7c 7c 7c a8 a8 a8 ee ee ee 4a 4a 4a 6c 6c 6c 0c 0c 0c 00 00 00 ce ce ce c8 c8 c8 d8 d8 d8 2c 2c 2c 5e 5e 5e 1e 1e 1e 4c 4c 4c b0 b0 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 fe 1a 43 72 65 61 74 65 64 20 77 69 74 68 20 61 6a 61 78 6c 6f 61 64 2e 69 6e 66 6f 00 21 Data Ascii: GIF89a ~~~>>>VVV```\|\|\|JJJlll,,,^^^LLL!NETSCAPE2.0!Created with ajaxload.info!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49725	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:29 UTC	622	OUT	GET /icloud-archivos/myriad-set-pro_thin.ttf HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support-ld-maps.info sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://support-ld-maps.info/icloud-archivos/fonts.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:29 UTC	263	IN	HTTP/1.1 404 Not Found Date: Sun, 13 Oct 2024 18:09:29 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 May 2023 01:50:54 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2024-10-13 18:09:29 UTC	7929	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2024-10-13 18:09:29 UTC	3887	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49724	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:29 UTC	622	OUT	GET /icloud-archivos/myriad-set-pro_text.ttf HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://support-ld-maps.info sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://support-ld-maps.info/icloud-archivos/fonts.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:29 UTC	263	IN	HTTP/1.1 404 Not Found Date: Sun, 13 Oct 2024 18:09:29 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 24 May 2023 01:50:54 GMT Accept-Ranges: bytes Content-Length: 11816 Vary: Accept-Encoding Content-Type: text/html
2024-10-13 18:09:29 UTC	7929	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Typ
2024-10-13 18:09:29 UTC	3887	IN	Data Raw: 69 74 65 43 6f 6e 64 20 25 7b 52 45 51 55 45 53 54 5f 46 49 4c 45 4e 41 4d 45 7d 20 21 2d 64 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 52 65 77 72 69 74 65 52 75 6c 65 20 2e 20 2f 69 6e 64 65 78 2e 70 68 70 20 5b 4c 5d 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 26 6c 74 3b 2f 49 66 4d 6f 64 75 6c 65 26 67 74 3b 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 23 20 45 6e 64 20 57 6f 72 64 50 72 65 73 73 0a 09 09 09 09 09 09 09 09 09 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 72 20 62 6c 6f 67 20 69 73 20 73 68 6f 77 69 6e 67 20 74 68 65 20 77 72 6f 6e 67 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 6e 20 6c 69 6e 6b 73 2c 20 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 61 6e 6f 74 68 65 Data Ascii: iteCond %{REQUEST_FILENAME} !-d<br>RewriteRule . /index.php [L]<br></IfModule><br># End WordPress</p></div><p>If your blog is showing the wrong domain name in links, redirecting to anothe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49730	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:30 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-13 18:09:30 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=167765 Date: Sun, 13 Oct 2024 18:09:30 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49731	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:30 UTC	627	OUT	GET /favicon.ico HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://support-ld-maps.info/icloud-archivos/code2022esp.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:30 UTC	306	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:30 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Apr 2021 20:52:24 GMT Accept-Ranges: bytes Content-Length: 9062 Cache-Control: max-age=604800 Expires: Sun, 20 Oct 2024 18:09:30 GMT Content-Type: image/x-icon
2024-10-13 18:09:30 UTC	7886	IN	Data Raw: 00 00 01 00 04 00 20 20 00 00 01 00 08 00 a8 08 00 00 46 00 00 00 10 10 00 00 01 00 08 00 68 05 00 00 ee 08 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 56 0e 00 00 10 10 00 00 01 00 20 00 68 04 00 00 fe 1e 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 42 42 42 00 9e 9e 9e 00 72 72 72 00 ce ce ce 00 5a 5a 5a 00 b6 b6 b6 00 e6 e6 e6 00 92 92 92 00 4e 4e 4e 00 7e 7e 7e 00 66 66 66 00 aa aa aa 00 da da da 00 c2 c2 c2 00 f2 f2 f2 00 4a 4a 4a 00 a6 a6 a6 00 7a 7a 7a 00 62 62 62 00 56 56 56 00 86 86 86 00 6e 6e 6e 00 e2 e2 e2 00 ca ca ca 00 46 46 46 00 a2 a2 a2 00 76 76 76 00 d2 d2 d2 00 5e 5e 5e 00 ba ba ba 00 ea ea ea 00 9a 9a 9a 00 52 52 52 00 82 82 82 00 6a 6a 6a 00 ae ae ae 00 de Data Ascii: Fh V h( @BBBrrrZZZNNN~~~fffJJJzzzbbbVVVnnnFFFvvv^^^RRRjjj
2024-10-13 18:09:30 UTC	1176	IN	Data Raw: fe 00 00 3f ff 00 00 7f ff 81 80 ff ff ff 1f ff ff ff 0f ff ff ff 07 ff ff ff 87 ff ff ff 83 ff ff ff e3 ff ff ff ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 8c 8c 33 5b 5b 5b 38 00 00 00 00 00 00 00 00 00 00 00 00 50 50 50 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 3d 3d 50 50 50 50 ef 5b 5b 5b ff 5c 5c 5c cf 5c 5c 5c bf 5c 5c 5c Data Ascii: ?( 3[[[8PPP0===PPPP[[[\\\\\\\\\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49733	50.6.138.164	443	1668	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:31 UTC	355	OUT	GET /favicon.ico HTTP/1.1 Host: support-ld-maps.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-13 18:09:31 UTC	306	IN	HTTP/1.1 200 OK Date: Sun, 13 Oct 2024 18:09:31 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Apr 2021 20:52:24 GMT Accept-Ranges: bytes Content-Length: 9062 Cache-Control: max-age=604800 Expires: Sun, 20 Oct 2024 18:09:31 GMT Content-Type: image/x-icon
2024-10-13 18:09:31 UTC	7886	IN	Data Raw: 00 00 01 00 04 00 20 20 00 00 01 00 08 00 a8 08 00 00 46 00 00 00 10 10 00 00 01 00 08 00 68 05 00 00 ee 08 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 56 0e 00 00 10 10 00 00 01 00 20 00 68 04 00 00 fe 1e 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 42 42 42 00 9e 9e 9e 00 72 72 72 00 ce ce ce 00 5a 5a 5a 00 b6 b6 b6 00 e6 e6 e6 00 92 92 92 00 4e 4e 4e 00 7e 7e 7e 00 66 66 66 00 aa aa aa 00 da da da 00 c2 c2 c2 00 f2 f2 f2 00 4a 4a 4a 00 a6 a6 a6 00 7a 7a 7a 00 62 62 62 00 56 56 56 00 86 86 86 00 6e 6e 6e 00 e2 e2 e2 00 ca ca ca 00 46 46 46 00 a2 a2 a2 00 76 76 76 00 d2 d2 d2 00 5e 5e 5e 00 ba ba ba 00 ea ea ea 00 9a 9a 9a 00 52 52 52 00 82 82 82 00 6a 6a 6a 00 ae ae ae 00 de Data Ascii: Fh V h( @BBBrrrZZZNNN~~~fffJJJzzzbbbVVVnnnFFFvvv^^^RRRjjj
2024-10-13 18:09:31 UTC	1176	IN	Data Raw: fe 00 00 3f ff 00 00 7f ff 81 80 ff ff ff 1f ff ff ff 0f ff ff ff 07 ff ff ff 87 ff ff ff 83 ff ff ff e3 ff ff ff ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c 8c 8c 33 5b 5b 5b 38 00 00 00 00 00 00 00 00 00 00 00 00 50 50 50 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 3d 3d 50 50 50 50 ef 5b 5b 5b ff 5c 5c 5c cf 5c 5c 5c bf 5c 5c 5c Data Ascii: ?( 3[[[8PPP0===PPPP[[[\\\\\\\\\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49732	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-13 18:09:31 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-13 18:09:31 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=167705 Date: Sun, 13 Oct 2024 18:09:31 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-13 18:09:31 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5520, Parent PID: 3396

General

Target ID:	0
Start time:	14:09:18
Start date:	13/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1668, Parent PID: 5520

General

Target ID:	2
Start time:	14:09:22
Start date:	13/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5419294753681940637,10975661022969423284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5964, Parent PID: 3396

General

Target ID:	3
Start time:	14:09:25
Start date:	13/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://support-ld-maps.info/icloud-archivos/code2022esp.php"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://support-ld-maps.info/icloud-archivos/code2022esp.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
https://support-ld-maps.info/icloud-archivos/code2022esp.php