Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://pp.45-61-132-44.cprapid.com/pp/

Overview

General Information

Sample URL:	https://pp.45-61-132-44.cprapid.com/pp/
Analysis ID:	1417320
Infos:

Detection

PayPal Phisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected PayPal Phisher

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2272,i,16570902960174803713,1275465301685057893,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pp.45-61-132-44.cprapid.com/pp/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_PayPalPhisher	Yara detected PayPal Phisher	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pp.45-61-132-44.cprapid.com/pp/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://pp.45-61-132-44.cprapid.com/pp/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://pp.45-61-132-44.cprapid.com/pp/static/main.js	Avira URL Cloud: Label: phishing
Source: https://pp.45-61-132-44.cprapid.com/pp/static/style.css	Avira URL Cloud: Label: phishing

Phishing

Yara detected PayPal Phisher

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://pp.45-61-132-44.cprapid.com/pp/

Matcher: Found strong image similarity, brand: PAYPAL

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: Number of links: 0

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: Title: Melde dich in deinem Konto an does not match URL

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: Form action: redirect.php

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: <input type="password" .../> found

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: No <meta name="author".. found

Source: https://pp.45-61-132-44.cprapid.com/pp/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.93
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.0.128
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /pp/ HTTP/1.1Host: pp.45-61-132-44.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pp/static/style.css HTTP/1.1Host: pp.45-61-132-44.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pp.45-61-132-44.cprapid.com/pp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pp/static/main.js HTTP/1.1Host: pp.45-61-132-44.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pp.45-61-132-44.cprapid.com/pp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg HTTP/1.1Host: www.reckon.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp.45-61-132-44.cprapid.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pp.45-61-132-44.cprapid.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pp.45-61-132-44.cprapid.com/pp/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg HTTP/1.1Host: www.reckon.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdlKr4cOs1pPp7G&MD=LAMPD8ds HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdlKr4cOs1pPp7G&MD=LAMPD8ds HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: pp.45-61-132-44.cprapid.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 23:06:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_46.1.dr	String found in binary or memory: https://www.paypalobjects.com/webstatic/mktg/icons/sprite_countries_flag4.png)
Source: chromecache_46.1.dr	String found in binary or memory: https://www.reckon.com/marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg);

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.41.168.93:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@16/13@8/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2272,i,16570902960174803713,1275465301685057893,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pp.45-61-132-44.cprapid.com/pp/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2272,i,16570902960174803713,1275465301685057893,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Obfuscated Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pp.45-61-132-44.cprapid.com/pp/	100%	Avira URL Cloud	phishing
https://pp.45-61-132-44.cprapid.com/pp/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://pp.45-61-132-44.cprapid.com/pp/static/main.js	100%	Avira URL Cloud	phishing
https://pp.45-61-132-44.cprapid.com/pp/static/style.css	100%	Avira URL Cloud	phishing
https://pp.45-61-132-44.cprapid.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pp.45-61-132-44.cprapid.com	45.61.132.44	true	false		unknown
www.google.com	142.251.16.103	true	false		high
www.reckon.com	162.159.135.42	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pp.45-61-132-44.cprapid.com/pp/static/main.js	false	Avira URL Cloud: phishing	unknown
https://pp.45-61-132-44.cprapid.com/pp/static/style.css	false	Avira URL Cloud: phishing	unknown
https://pp.45-61-132-44.cprapid.com/pp/	true		unknown
https://www.reckon.com/marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg	false		high
https://pp.45-61-132-44.cprapid.com/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.reckon.com/marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg);	chromecache_46.1.dr	false		high
https://www.paypalobjects.com/webstatic/mktg/icons/sprite_countries_flag4.png)	chromecache_46.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.159.135.42	www.reckon.com	United States		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
45.61.132.44	pp.45-61-132-44.cprapid.com	United States		9009	M247GB	false
142.251.16.103	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417320
Start date and time:	2024-03-29 00:05:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pp.45-61-132-44.cprapid.com/pp/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@16/13@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.115.94, 172.253.115.139, 172.253.115.113, 172.253.115.138, 172.253.115.101, 172.253.115.100, 172.253.115.102, 172.253.122.84, 34.104.35.123, 172.253.122.95, 172.253.115.95, 172.253.62.95, 142.251.163.95, 172.253.63.95, 142.251.179.95, 142.250.31.95, 142.251.111.95, 142.251.167.95, 142.251.16.95, 72.21.81.240, 192.229.211.108, 20.242.39.171, 20.166.126.56, 172.253.62.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://pp.45-61-132-44.cprapid.com/pp/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	3033
Entropy (8bit):	4.7662907527146485
Encrypted:	false
SSDEEP:	48:Y6woueEAwrCwXpqaQSIifSwbzEwrFjTyJwlqtdI5cxM9w4OJwR9y5A9Wlqw:jpEvrl5591XbrFjTygquV6b+gA9WT
MD5:	9AE160FD09548A2F7C29F0C2D7709F63
SHA1:	F108F0A9C57A26B4F2210DBA8CAE1B63E0BB236D
SHA-256:	D615741288BBACEBFEA51C23120A651F05C6753DCCEE0C67235397FA06E1BC70
SHA-512:	2BDF851E26247C31FF17D1452811D4F913EE295CB041FC9D5ADAB52C3A30944D1338A78C73206AC20EDEFCDD9590C04C477B433A1AC820B30739B64763C38F9C
Malicious:	false
Reputation:	low
URL:	https://pp.45-61-132-44.cprapid.com/pp/static/main.js
Preview:	function isNumberKey(evt) {. var charCode = (evt.which) ? evt.which : evt.keyCode;. if ((charCode < 48 \|\| charCode > 57)). return false;.. return true;.};..window.onload = () => {. var x, i, j, l, ll, selElmnt, a, b, c;./* Look for any elements with the class "custom-select": /.x = document.getElementsByClassName("custom-select");.l = x.length;.for (i = 0; i < l; i++) {. selElmnt = x[i].getElementsByTagName("select")[0];. ll = selElmnt.length;. / For each element, create a new DIV that will act as the selected item: /. a = document.createElement("DIV");. a.setAttribute("class", "select-selected");. a.innerHTML = selElmnt.options[selElmnt.selectedIndex].innerHTML;. x[i].appendChild(a);. / For each element, create a new DIV that will contain the option list: /. b = document.createElement("DIV");. b.setAttribute("class", "select-items select-hide");. for (j = 1; j < ll; j++) {. / For each option in the original select element,. create a new DIV th

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 256x256, components 3
Category:	downloaded
Size (bytes):	31099
Entropy (8bit):	7.514332214762588
Encrypted:	false
SSDEEP:	768:i7u0uGsSYypLBH8Ak9hvn3Gjk45UPOZtlpZdV2Pvs:gsS9LBHi9hvIk45fvlXdV2PU
MD5:	7CD7CFEA57EB89B505830EF934C7F9D3
SHA1:	B5693F04893010991415571B5770EFEA525DC936
SHA-256:	2D42EC6C494035D09AD30D72F04AA33523652E9B4269E9DBBA62674AFD075958
SHA-512:	1E4142C4FE6E21FFF750011356856B60E49EECF31016607DEE5B142E907D885C7A07ADE4C2245F793F1C9E0CB1309CE9C0059F1E7669D2C494C11B4FB671BD93
Malicious:	false
Reputation:	low
URL:	https://www.reckon.com/marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg
Preview:	......JFIF..............Photoshop 3.0.8BIM................8BIM.%........\./....{g..d.8BIM.:....................printOutput........PstSbool.....Inteenum....Inte....Clrm....printSixteenBitbool.....printerNameTEXT..........printProofSetupObjc.....P.r.o.o.f. .S.e.t.u.p......proofSetup........Bltnenum....builtinProof....proofCMYK.8BIM.;.....-..............printOutputOptions........Cptnbool.....Clbrbool.....RgsMbool.....CrnCbool.....CntCbool.....Lblsbool.....Ngtvbool.....EmlDbool.....Intrbool.....BckgObjc..........RGBC........Rd doub@o..........Grn doub@o..........Bl doub@o..........BrdTUntF#Rlt............Bld UntF#Rlt............RsltUntF#Rlt@.?.X.......vectorDatabool.....PgPsenum....PgPs....PgPC....LeftUntF#Rlt............Top UntF#Rlt............Scl UntF#Prc@Y..........cropWhenPrintingbool.....cropRectBottomlong........cropRectLeftlong........cropRectRightlong........cropRectToplong.....8BIM.........G.......G......8BIM.&................?...8BIM..................8BIM...........x8BIM......

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	10224
Entropy (8bit):	4.787588876409812
Encrypted:	false
SSDEEP:	192:qpJUeqLre79rRPAxhvIAymBDNFIILNlASj46nCmWFdDSwvR0v08MP:sJrUFldj4XFZ+s
MD5:	6DFF29308F4EB6F3FC6BF621EAE54094
SHA1:	C64EA98D4CD7F87086D28EA472CEC1231771669E
SHA-256:	7C1B7C407689C13716EC116EFA64A2944F3113A99A9E1FEB82245BE0BFE6FB66
SHA-512:	016FC332D6BFADDC866CFEA478450CC1F2599E80EBAF64186A3F80F0B45C2BEAF7E5E14C23911C3C2737163945BF743640A01D6B53A44B989BB64B7FBFCB404C
Malicious:	false
Reputation:	low
URL:	https://pp.45-61-132-44.cprapid.com/pp/static/style.css
Preview:	* { box-sizing: border-box; }..input,.button {. all: unset;. -webkit-appearance: none;. -moz-appearance: none;. appearance: none;.}..html {. background-color: #FFFFFF;.}..html,.body {. width: 100%;. margin: 0;. padding: 0;. font-family: Arial, Helvetica, sans-serif;. color: #929697;. font-size: 15px;. -webkit-font-smoothing: antialiased;. -webkit-backface-visibility: hidden;. -moz-text-size-adjust: 100%;. -ms-text-size-adjust: 100%;. -webkit-text-size-adjust: 100%;. display: flex;. flex-direction: row;. justify-content: center;. align-items: center;.}...header__wrapper__logo {. background-position: 0px -130px;. width: 250px;. height: 60px;. margin: 0 auto;. background-image: url(https://www.reckon.com/marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg);. background-repeat: repeat-x;.}...logo {. height: 100%;. width: 100%;.}...content__important {. padding: 0 8% 30px;. width: 100%;. backgrou

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.280394654123194
Encrypted:	false
SSDEEP:	3:PnyPt:PnyPt
MD5:	38864E9A1AC46011210717E8B2EB399D
SHA1:	3F4425DE5C571029F15642946D81B47CFA1295A0
SHA-256:	8077CD474BF346718C76BD9BB00A731EFB4AFAFD38633807E4ADEB7D623909FC
SHA-512:	820B46EF925576ACA2F15FA1C1110E90CCE4DA5628CB2002BDDB927E9CB446D7C4AC7C46FBFC63E7C9EA950807B5EE5D751AE796193B8C45D86A75D76A86764C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlNMptWtucJRRIFDaqYN6ASBQ3OQUx6?alt=proto
Preview:	ChIKBw2qmDegGgAKBw3OQUx6GgA=

Chrome Cache Entry: 48

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 256x256, components 3
Category:	dropped
Size (bytes):	31099
Entropy (8bit):	7.514332214762588
Encrypted:	false
SSDEEP:	768:i7u0uGsSYypLBH8Ak9hvn3Gjk45UPOZtlpZdV2Pvs:gsS9LBHi9hvIk45fvlXdV2PU
MD5:	7CD7CFEA57EB89B505830EF934C7F9D3
SHA1:	B5693F04893010991415571B5770EFEA525DC936
SHA-256:	2D42EC6C494035D09AD30D72F04AA33523652E9B4269E9DBBA62674AFD075958
SHA-512:	1E4142C4FE6E21FFF750011356856B60E49EECF31016607DEE5B142E907D885C7A07ADE4C2245F793F1C9E0CB1309CE9C0059F1E7669D2C494C11B4FB671BD93
Malicious:	false
Reputation:	low
Preview:	......JFIF..............Photoshop 3.0.8BIM................8BIM.%........\./....{g..d.8BIM.:....................printOutput........PstSbool.....Inteenum....Inte....Clrm....printSixteenBitbool.....printerNameTEXT..........printProofSetupObjc.....P.r.o.o.f. .S.e.t.u.p......proofSetup........Bltnenum....builtinProof....proofCMYK.8BIM.;.....-..............printOutputOptions........Cptnbool.....Clbrbool.....RgsMbool.....CrnCbool.....CntCbool.....Lblsbool.....Ngtvbool.....EmlDbool.....Intrbool.....BckgObjc..........RGBC........Rd doub@o..........Grn doub@o..........Bl doub@o..........BrdTUntF#Rlt............Bld UntF#Rlt............RsltUntF#Rlt@.?.X.......vectorDatabool.....PgPsenum....PgPs....PgPC....LeftUntF#Rlt............Top UntF#Rlt............Scl UntF#Prc@Y..........cropWhenPrintingbool.....cropRectBottomlong........cropRectLeftlong........cropRectRightlong........cropRectToplong.....8BIM.........G.......G......8BIM.&................?...8BIM..................8BIM...........x8BIM......

Chrome Cache Entry: 49

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	3297
Entropy (8bit):	3.657549914713756
Encrypted:	false
SSDEEP:	48:4WupT4i/NWMIUvkfTMfNalPiEkafOff8ts:Xuui1HkfTMfaPiiWfKs
MD5:	073C971D13A75B752B8ACC5C46AFC348
SHA1:	35507E5CC3A438569623C2CCD555D6A356F8174A
SHA-256:	DBBE8BCED0A9119EC5385FCE8E30F72E39FC7705D79521D11DFC647299D755B0
SHA-512:	283CCC2E65D21B47464C0775BE93AE688DA82EB1C050535A3F347BCF0E3F3EE3D015B14A1568E9F7DA3D39B630DAC2E27923B35E504CB6064D931A8F984A83CC
Malicious:	false
Reputation:	low
URL:	https://pp.45-61-132-44.cprapid.com/pp/
Preview:	.<!DOCTYPE html>.<html>. <head>. <title>Melde dich in deinem Konto an</title>. <meta name='robots' content='noindex' />. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0">. <meta name='googlebot' content='noindex'>. <meta name='googlebot-news' content='nosnippet'>. <link rel='shortcut icon' type='image/jpg' href='' />. <link rel='stylesheet' href='static/style.css'>. <script src='static/main.js' defer async></script>. </head>.. <body>. <div class='content'>. <div class='content__important'>. <header>. <div class='header__wrapper'>. <div class='header__wrapper__logo'>. </div>. </div>. </header>. <main>. <div class='main__wrapper'>. <div class='label__wrapper'>.

Chrome Cache Entry: 50

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://pp.45-61-132-44.cprapid.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 00:05:52.875019073 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 00:05:53.453340054 CET	49678	443	192.168.2.4	104.46.162.224
Mar 29, 2024 00:06:01.303389072 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.303423882 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.303492069 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.303740978 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.303781986 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.303919077 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.303931952 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.303955078 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.304157019 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.304168940 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.643321037 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.643414021 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.643646955 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.643671036 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.643785954 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.643815041 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.644730091 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.644807100 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.644895077 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.644951105 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.646079063 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.646142006 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.647054911 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.647063971 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.647243023 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.647305965 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.691535950 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.691553116 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.691557884 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.737875938 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.921554089 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:01.921581984 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:01.921644926 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:01.921895981 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:01.921905041 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:01.965085983 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.965132952 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.965200901 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.965225935 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.965264082 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.968739033 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.968938112 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.969011068 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.971185923 CET	49736	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.971196890 CET	443	49736	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.987677097 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.992705107 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.992732048 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:01.992791891 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.993396997 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:01.993413925 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.032228947 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.138490915 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:02.138778925 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:02.138793945 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:02.139755011 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:02.139834881 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:02.140846968 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:02.140908003 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:02.152913094 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.152934074 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.152944088 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.152966022 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.152993917 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.153017044 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.153031111 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.153032064 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.153078079 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.153084040 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.153237104 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.153278112 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.157790899 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.157804966 CET	443	49735	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.157814980 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.157859087 CET	49735	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.188306093 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:02.188314915 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:02.234579086 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:02.295380116 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.295398951 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.295468092 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.295649052 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.295660973 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.312289000 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.312649012 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.312664986 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.313023090 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.313323975 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.313391924 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.313430071 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.360235929 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.361728907 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.488272905 CET	49675	443	192.168.2.4	173.222.162.32
Mar 29, 2024 00:06:02.500792980 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.501260996 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.501271963 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.502300978 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.502371073 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.503341913 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.503401995 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.503555059 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.503562927 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:02.546818972 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:02.622673988 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.622695923 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.622759104 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:02.622765064 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.622807980 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.625833988 CET	49740	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:02.625854015 CET	443	49740	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.620563984 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620625019 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620667934 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620709896 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620732069 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.620747089 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620770931 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.620784044 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.620826006 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.620835066 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.623831034 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.623855114 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.623877048 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.623891115 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.623940945 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.623950958 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624186993 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624254942 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.624262094 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624510050 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624536037 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624557972 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624600887 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.624610901 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.624639988 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.625050068 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625101089 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.625107050 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625160933 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625194073 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625231028 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625242949 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.625252008 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.625276089 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.626009941 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.626080990 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.626087904 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.626115084 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.626214027 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.631972075 CET	49742	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:03.631980896 CET	443	49742	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:03.649082899 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.649118900 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.649185896 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.649739027 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.649754047 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.968175888 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.968431950 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.968453884 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.969082117 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.969506025 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.969561100 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:03.969825983 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:03.975647926 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:03.975667000 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:03.975831985 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:03.977654934 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:03.977667093 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.016244888 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:04.195242882 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.195668936 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.205152988 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.205158949 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.205364943 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.249054909 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.279396057 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:04.279572964 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:04.279622078 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:04.316838980 CET	49743	443	192.168.2.4	45.61.132.44
Mar 29, 2024 00:06:04.316857100 CET	443	49743	45.61.132.44	192.168.2.4
Mar 29, 2024 00:06:04.321824074 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.321856022 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.322001934 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.322485924 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.322500944 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.367978096 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.408235073 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.526439905 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.538928032 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.538945913 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.540115118 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.540196896 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.542170048 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.542293072 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.542316914 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.584266901 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.592814922 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.592861891 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:04.639684916 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:04.717334032 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.717444897 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.717514038 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.717663050 CET	49744	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.717675924 CET	443	49744	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.841058969 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.841089964 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:04.841233015 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.841604948 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:04.841619015 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.052647114 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.052726030 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.054579020 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.054588079 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.054847002 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.056695938 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.100234985 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.260226011 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.260294914 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.260354996 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.261112928 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.261128902 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.261138916 CET	49746	443	192.168.2.4	23.41.168.93
Mar 29, 2024 00:06:05.261143923 CET	443	49746	23.41.168.93	192.168.2.4
Mar 29, 2024 00:06:05.605923891 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.605987072 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606040001 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.606056929 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606118917 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606157064 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.606163025 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606290102 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606420994 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.606426001 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606652975 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606729031 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606753111 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.606760025 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.606805086 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.606821060 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607392073 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607428074 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607474089 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.607480049 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607528925 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.607543945 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607646942 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.607713938 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.607718945 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.608292103 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.608335018 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.608340025 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.608464003 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.608510971 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.608515024 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.609076023 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.609102964 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.609127998 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.609134912 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.609170914 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.609178066 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:05.609242916 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.609409094 CET	49745	443	192.168.2.4	162.159.135.42
Mar 29, 2024 00:06:05.609419107 CET	443	49745	162.159.135.42	192.168.2.4
Mar 29, 2024 00:06:12.138813972 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:12.138880014 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:12.138926983 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:13.676731110 CET	49739	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:06:13.676755905 CET	443	49739	142.251.16.103	192.168.2.4
Mar 29, 2024 00:06:14.988562107 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:14.988594055 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:14.988756895 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:14.989849091 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:14.989862919 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:15.414012909 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:15.414100885 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:15.416801929 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:15.416810036 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:15.417027950 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:15.470406055 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:15.817531109 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:15.860238075 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093846083 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093863964 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093869925 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093900919 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093919039 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093928099 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093955994 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.093977928 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093988895 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.093997955 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.094033003 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.094038010 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.094048023 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.094086885 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.689117908 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.689143896 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:16.689158916 CET	49747	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:16.689165115 CET	443	49747	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:22.811847925 CET	80	49723	69.164.0.128	192.168.2.4
Mar 29, 2024 00:06:22.812014103 CET	49723	80	192.168.2.4	69.164.0.128
Mar 29, 2024 00:06:22.812014103 CET	49723	80	192.168.2.4	69.164.0.128
Mar 29, 2024 00:06:22.907416105 CET	80	49723	69.164.0.128	192.168.2.4
Mar 29, 2024 00:06:37.110214949 CET	80	49724	69.164.0.128	192.168.2.4
Mar 29, 2024 00:06:37.110301971 CET	49724	80	192.168.2.4	69.164.0.128
Mar 29, 2024 00:06:37.110341072 CET	49724	80	192.168.2.4	69.164.0.128
Mar 29, 2024 00:06:37.205415964 CET	80	49724	69.164.0.128	192.168.2.4
Mar 29, 2024 00:06:53.240591049 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.240628958 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:53.240691900 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.241535902 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.241550922 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:53.647272110 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:53.647387028 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.656409979 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.656419039 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:53.656670094 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:53.672581911 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:53.716233015 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036052942 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036073923 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036088943 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036180973 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.036180973 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.036191940 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036427021 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.036436081 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036447048 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036473989 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036493063 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.036497116 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036514044 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.036557913 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.040488958 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.040488958 CET	49753	443	192.168.2.4	52.165.165.26
Mar 29, 2024 00:06:54.040499926 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:06:54.040508986 CET	443	49753	52.165.165.26	192.168.2.4
Mar 29, 2024 00:07:02.216438055 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:02.216463089 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.216547966 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:02.220509052 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:02.220520020 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.425575972 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.425910950 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:02.425921917 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.426201105 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.428812027 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:02.428860903 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:02.484468937 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:12.428136110 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:12.428200006 CET	443	49755	142.251.16.103	192.168.2.4
Mar 29, 2024 00:07:12.428247929 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:13.672128916 CET	49755	443	192.168.2.4	142.251.16.103
Mar 29, 2024 00:07:13.672153950 CET	443	49755	142.251.16.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 00:05:59.289866924 CET	53	61668	1.1.1.1	192.168.2.4
Mar 29, 2024 00:05:59.614231110 CET	53	60042	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:00.253412008 CET	53	62822	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:01.011710882 CET	57643	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:01.012757063 CET	58592	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:01.299807072 CET	53	57643	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:01.302808046 CET	53	58592	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:01.823757887 CET	50763	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:01.823901892 CET	53910	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:01.920290947 CET	53	53910	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:01.920615911 CET	53	50763	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:02.089586973 CET	53	59805	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:02.170878887 CET	60985	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:02.171010017 CET	59967	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:02.294565916 CET	53	59967	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:02.294931889 CET	53	60985	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:04.142194033 CET	58976	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:04.142803907 CET	61833	53	192.168.2.4	1.1.1.1
Mar 29, 2024 00:06:04.299819946 CET	53	58976	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:04.320863008 CET	53	61833	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:17.538671970 CET	53	57851	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:23.973403931 CET	138	138	192.168.2.4	192.168.2.255
Mar 29, 2024 00:06:36.613842964 CET	53	59746	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:58.926534891 CET	53	51479	1.1.1.1	192.168.2.4
Mar 29, 2024 00:06:59.589418888 CET	53	56537	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 00:06:01.011710882 CET	192.168.2.4	1.1.1.1	0xa7e2	Standard query (0)	pp.45-61-132-44.cprapid.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.012757063 CET	192.168.2.4	1.1.1.1	0x8c67	Standard query (0)	pp.45-61-132-44.cprapid.com	65	IN (0x0001)	false
Mar 29, 2024 00:06:01.823757887 CET	192.168.2.4	1.1.1.1	0x1e0e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.823901892 CET	192.168.2.4	1.1.1.1	0xbaf5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 29, 2024 00:06:02.170878887 CET	192.168.2.4	1.1.1.1	0x3892	Standard query (0)	www.reckon.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:02.171010017 CET	192.168.2.4	1.1.1.1	0x75fc	Standard query (0)	www.reckon.com	65	IN (0x0001)	false
Mar 29, 2024 00:06:04.142194033 CET	192.168.2.4	1.1.1.1	0xfe4a	Standard query (0)	www.reckon.com	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:04.142803907 CET	192.168.2.4	1.1.1.1	0x4586	Standard query (0)	www.reckon.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 00:06:01.299807072 CET	1.1.1.1	192.168.2.4	0xa7e2	No error (0)	pp.45-61-132-44.cprapid.com		45.61.132.44	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920290947 CET	1.1.1.1	192.168.2.4	0xbaf5	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.103	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.104	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.99	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.106	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.147	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:01.920615911 CET	1.1.1.1	192.168.2.4	0x1e0e	No error (0)	www.google.com		142.251.16.105	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:02.294931889 CET	1.1.1.1	192.168.2.4	0x3892	No error (0)	www.reckon.com		162.159.135.42	A (IP address)	IN (0x0001)	false
Mar 29, 2024 00:06:04.299819946 CET	1.1.1.1	192.168.2.4	0xfe4a	No error (0)	www.reckon.com		162.159.135.42	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pp.45-61-132-44.cprapid.com

https:

www.reckon.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	45.61.132.44	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:01 UTC	673	OUT	GET /pp/ HTTP/1.1 Host: pp.45-61-132-44.cprapid.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:01 UTC	159	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 23:06:01 GMT Server: Apache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-03-28 23:06:01 UTC	3304	IN	Data Raw: 63 65 31 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 65 6c 64 65 20 64 69 63 68 20 69 6e 20 64 65 69 6e 65 6d 20 4b 6f 6e 74 6f 20 61 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 27 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 Data Ascii: ce1<!DOCTYPE html><html> <head> <title>Melde dich in deinem Konto an</title> <meta name='robots' content='noindex' /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"
2024-03-28 23:06:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	45.61.132.44	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:01 UTC	575	OUT	GET /pp/static/style.css HTTP/1.1 Host: pp.45-61-132-44.cprapid.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://pp.45-61-132-44.cprapid.com/pp/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:02 UTC	206	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 23:06:02 GMT Server: Apache Last-Modified: Thu, 20 Oct 2022 19:20:08 GMT Accept-Ranges: bytes Content-Length: 10224 Connection: close Content-Type: text/css
2024-03-28 23:06:02 UTC	7986	IN	Data Raw: 2a 20 7b 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 20 7d 0a 0a 69 6e 70 75 74 2c 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 61 6c 6c 3a 20 75 6e 73 65 74 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 2d 6d 6f 7a 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 7d 0a 0a 68 74 6d 6c 2c 0a 62 6f 64 79 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 66 6f 6e 74 Data Ascii: * { box-sizing: border-box; }input,button { all: unset; -webkit-appearance: none; -moz-appearance: none; appearance: none;}html { background-color: #FFFFFF;}html,body { width: 100%; margin: 0; padding: 0; font
2024-03-28 23:06:02 UTC	2238	IN	Data Raw: 20 20 2e 74 61 62 6c 65 20 2e 72 6f 77 20 7b 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 74 61 62 6c 65 20 2e 72 6f 77 20 2e 63 6f 6c 20 7b 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 74 61 62 6c 65 20 2e 72 6f 77 20 2e 63 6f 6c 2d 64 65 Data Ascii: .table .row { flex-direction: row; justify-content: space-between; margin-bottom: 0; border-bottom: none; padding: 25px; } .table .row .col { flex-direction: column; } .table .row .col-de

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	45.61.132.44	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:02 UTC	559	OUT	GET /pp/static/main.js HTTP/1.1 Host: pp.45-61-132-44.cprapid.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pp.45-61-132-44.cprapid.com/pp/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:02 UTC	212	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 23:06:02 GMT Server: Apache Last-Modified: Thu, 20 Oct 2022 19:20:08 GMT Accept-Ranges: bytes Content-Length: 3033 Connection: close Content-Type: text/javascript
2024-03-28 23:06:02 UTC	3033	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 69 73 4e 75 6d 62 65 72 4b 65 79 28 65 76 74 29 20 7b 0a 20 20 20 20 76 61 72 20 63 68 61 72 43 6f 64 65 20 3d 20 28 65 76 74 2e 77 68 69 63 68 29 20 3f 20 65 76 74 2e 77 68 69 63 68 20 3a 20 65 76 74 2e 6b 65 79 43 6f 64 65 3b 0a 20 20 20 20 69 66 20 28 28 63 68 61 72 43 6f 64 65 20 3c 20 34 38 20 7c 7c 20 63 68 61 72 43 6f 64 65 20 3e 20 35 37 29 29 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 0a 20 20 20 20 72 65 74 75 72 6e 20 74 72 75 65 3b 0a 7d 3b 0a 0a 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 28 29 20 3d 3e 20 7b 0a 20 20 20 20 76 61 72 20 78 2c 20 69 2c 20 6a 2c 20 6c 2c 20 6c 6c 2c 20 73 65 6c 45 6c 6d 6e 74 2c 20 61 2c 20 62 2c 20 63 3b 0a 2f 2a 20 4c 6f 6f 6b 20 66 6f 72 20 61 6e 79 20 Data Ascii: function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : evt.keyCode; if ((charCode < 48 \|\| charCode > 57)) return false; return true;};window.onload = () => { var x, i, j, l, ll, selElmnt, a, b, c;/* Look for any

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	162.159.135.42	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:02 UTC	639	OUT	GET /marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg HTTP/1.1 Host: www.reckon.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pp.45-61-132-44.cprapid.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:03 UTC	1043	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 23:06:03 GMT Content-Type: image/jpeg Content-Length: 31099 Connection: close CF-Ray: 86bb44b6babb7ff9-IAD CF-Cache-Status: DYNAMIC Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: max-age=315360000 ETag: "603db32a-797b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Last-Modified: Tue, 02 Mar 2021 03:38:18 GMT Strict-Transport-Security: max-age=86400; includeSubDomains ki-cache-type: None Ki-CF-Cache-Status: BYPASS ki-edge: v=20.2.7;mv=3.0.6 ki-origin: g1p referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff X-Edge-Location-Klb: 1 x-frame-options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncEx12aTcRPrCkfpyH0Y%2BKbVaUHH0wVLloBst2kRqvRRAGmiH%2F%2FVXF5E%2FYemxj8IONV6iNeSpKNHcvc6PvfdnzOifULbxQh9%2FxrgjKeMRwbbnJ738C8xFNcM6iMcarLp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Server: cloudflare alt-svc: h3=":443"; ma=86400
2024-03-28 23:06:03 UTC	326	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 02 00 1c 00 1c 00 00 ff ed 15 f2 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 07 1c 02 00 00 02 00 00 00 38 42 49 4d 04 25 00 00 00 00 00 10 e8 f1 5c f3 2f c1 18 a1 a2 7b 67 ad c5 64 d5 ba 38 42 49 4d 04 3a 00 00 00 00 00 e5 00 00 00 10 00 00 00 01 00 00 00 00 00 0b 70 72 69 6e 74 4f 75 74 70 75 74 00 00 00 05 00 00 00 00 50 73 74 53 62 6f 6f 6c 01 00 00 00 00 49 6e 74 65 65 6e 75 6d 00 00 00 00 49 6e 74 65 00 00 00 00 43 6c 72 6d 00 00 00 0f 70 72 69 6e 74 53 69 78 74 65 65 6e 42 69 74 62 6f 6f 6c 00 00 00 00 0b 70 72 69 6e 74 65 72 4e 61 6d 65 54 45 58 54 00 00 00 01 00 00 00 00 00 0f 70 72 69 6e 74 50 72 6f 6f 66 53 65 74 75 70 4f 62 6a 63 00 00 00 0c 00 50 00 72 00 6f 00 6f 00 66 00 Data Ascii: JFIFPhotoshop 3.08BIM8BIM%\/{gd8BIM:printOutputPstSboolInteenumInteClrmprintSixteenBitboolprinterNameTEXTprintProofSetupObjcProof
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 4b 00 38 42 49 4d 04 3b 00 00 00 00 02 2d 00 00 00 10 00 00 00 01 00 00 00 00 00 12 70 72 69 6e 74 4f 75 74 70 75 74 4f 70 74 69 6f 6e 73 00 00 00 17 00 00 00 00 43 70 74 6e 62 6f 6f 6c 00 00 00 00 00 43 6c 62 72 62 6f 6f 6c 00 00 00 00 00 52 67 73 4d 62 6f 6f 6c 00 00 00 00 00 43 72 6e 43 62 6f 6f 6c 00 00 00 00 00 43 6e 74 43 62 6f 6f 6c 00 00 00 00 00 4c 62 6c 73 62 6f 6f 6c 00 00 00 00 00 4e 67 74 76 62 6f 6f 6c 00 00 00 00 00 45 6d 6c 44 62 6f 6f 6c 00 00 00 00 00 49 6e 74 72 62 6f 6f 6c 00 00 00 00 00 42 63 6b 67 4f 62 6a 63 00 00 00 01 00 00 00 00 00 00 52 47 42 43 00 00 00 03 00 00 00 00 52 64 20 20 64 6f 75 62 40 6f e0 00 00 00 00 00 00 00 00 00 47 72 6e 20 64 6f 75 62 40 6f e0 00 00 00 00 00 00 00 00 00 42 6c 20 20 64 6f 75 62 40 6f e0 00 00 00 Data Ascii: K8BIM;-printOutputOptionsCptnboolClbrboolRgsMboolCrnCboolCntCboolLblsboolNgtvboolEmlDboolIntrboolBckgObjcRGBCRd doub@oGrn doub@oBl doub@o
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 6c 69 63 65 54 79 70 65 00 00 00 00 49 6d 67 20 00 00 00 06 62 6f 75 6e 64 73 4f 62 6a 63 00 00 00 01 00 00 00 00 00 00 52 63 74 31 00 00 00 04 00 00 00 00 54 6f 70 20 6c 6f 6e 67 00 00 00 00 00 00 00 00 4c 65 66 74 6c 6f 6e 67 00 00 00 00 00 00 00 00 42 74 6f 6d 6c 6f 6e 67 00 00 01 00 00 00 00 00 52 67 68 74 6c 6f 6e 67 00 00 01 00 00 00 00 03 75 72 6c 54 45 58 54 00 00 00 01 00 00 00 00 00 00 6e 75 6c 6c 54 45 58 54 00 00 00 01 00 00 00 00 00 00 4d 73 67 65 54 45 58 54 00 00 00 01 00 00 00 00 00 06 61 6c 74 54 61 67 54 45 58 54 00 00 00 01 00 00 00 00 00 0e 63 65 6c 6c 54 65 78 74 49 73 48 54 4d 4c 62 6f 6f 6c 01 00 00 00 08 63 65 6c 6c 54 65 78 74 54 45 58 54 00 00 00 01 00 00 00 00 00 09 68 6f 72 7a 41 6c 69 67 6e 65 6e 75 6d 00 00 00 0f 45 53 6c 69 Data Ascii: liceTypeImg boundsObjcRct1Top longLeftlongBtomlongRghtlongurlTEXTnullTEXTMsgeTEXTaltTagTEXTcellTextIsHTMLboolcellTextTEXThorzAlignenumESli
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 1a 37 39 4d 63 7d 71 ca 18 9f 55 7a ad c7 43 f6 6b 2b 69 fe 55 a3 d0 67 fd 3b 11 8c 78 a4 23 dc 81 f6 a0 9a 04 be 16 6d 7d ce 37 3f 57 dc 4d 8e 3e 6f 3e a3 bf ea 90 8d 8f 93 1c 7c 11 3e 88 d3 b7 0a 23 13 2c 98 18 f7 4f 87 a6 ff 00 fc 8a dc 9d e9 4e 78 22 c9 35 f5 61 ea 3f c4 7d cb d6 3f c5 5e 7b 1b d2 5b d3 6c 6e cb 6c 36 65 56 e9 d1 cd 73 b6 c6 df cd 76 dd 8f 5e 73 83 d0 32 ef 78 76 5b 4e 3e 3f e7 07 69 63 87 ee b1 9f 99 bb fd 25 8b d0 fe a4 e3 17 f5 91 63 1b b6 bc 6a 5d a0 1a 09 db 55 75 ff 00 9b bb fe db 51 67 87 16 09 99 de 82 e3 fd e6 21 cd 01 cc 62 c5 88 89 19 4b f5 9c 3a 8e 0e d6 f7 c9 24 92 c7 75 94 92 49 24 a5 24 92 49 29 49 24 92 4a 7f ff d3 f5 54 92 49 25 29 24 92 49 4a 49 24 92 52 97 21 fe 34 b2 8d 3f 55 5d 48 ff 00 b5 79 14 d4 7e 0d 77 da bf Data Ascii: 79Mc}qUzCk+iUg;x#m}7?WM>o>\|>#,ONx"5a?}?^{[lnl6eVsv^s2xv[N>?ic%cj]UuQg!bK:$uI$$I)I$JTI%)$IJI$R!4?U]Hy~w
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: b7 3d 95 de df 6b 77 b7 f9 ca bd 3f ea 32 d7 d5 3f af b6 fd 59 a2 fc 4f b3 b3 2f 1e eb 3d 50 c3 67 a4 f6 59 0d ad fe ef 4e dd cd 73 6b 67 e8 f6 7b 16 7f d6 be b5 d5 3a cf 55 7d fd 4a bf b3 e4 7a 6d af 1f 0e 08 35 d6 f1 ea 52 dd ae fd 23 ac b7 d5 f5 5c f7 b7 df fb 8c 66 c6 2b 71 19 bd e2 0d 0c 20 7a 47 a7 f0 fd 26 23 c3 c1 d7 8c ef bb d4 75 6f ab ad 7f f8 ae e9 59 21 80 dd d3 da 32 f8 93 e9 64 b9 d6 64 37 fc dc 8a ef ff 00 ac 2b 1f e2 e3 eb 1e 37 4d fa bb d5 19 9c e2 dc 7e 96 e1 90 c0 35 3b 2f f6 b6 8a 5a 76 fb 9d 95 5b f6 37 fd 26 42 ef 59 d3 31 ff 00 64 37 a4 d8 37 63 fd 9c 62 bd a3 49 66 cf 41 c3 fc c5 e0 ac c2 ca 76 69 e9 98 df ac e4 1b be cc c1 53 81 6d af 63 8d 75 b9 af 9f 4f d3 73 9b ea 7a 9f 99 fc e2 af 84 8c f0 c9 09 1a a9 fb 97 fd 59 1e 22 c9 90 Data Ascii: =kw?2?YO/=PgYNskg{:U}Jzm5R#\f+q zG&#uoY!2dd7+7M~5;/Zv[7&BY1d77cbIfAviSmcuOszY"
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 c4 00 00 00 88 76 75 65 64 00 00 03 4c 00 00 00 86 76 69 65 77 00 00 03 d4 00 00 00 24 6c 75 6d 69 00 00 03 f8 00 00 00 14 6d 65 61 73 00 00 04 0c 00 00 00 24 74 65 63 68 00 00 04 30 00 00 00 0c 72 54 52 43 00 00 04 3c 00 00 08 0c 67 54 52 43 00 00 04 3c 00 00 08 0c 62 54 52 43 00 00 04 3c 00 00 08 0c 74 65 78 74 00 00 00 00 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 38 20 48 65 77 6c 65 74 74 2d 50 61 63 6b 61 72 64 20 43 6f 6d 70 61 6e 79 00 00 64 65 73 63 00 00 00 00 00 00 00 Data Ascii: desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmddvuedLview$lumimeas$tech0rTRC<gTRC<bTRC<textCopyright (c) 1998 Hewlett-Packard Companydesc
2024-03-28 23:06:03 UTC	685	IN	Data Raw: be 08 d2 08 e7 08 fb 09 10 09 25 09 3a 09 4f 09 64 09 79 09 8f 09 a4 09 ba 09 cf 09 e5 09 fb 0a 11 0a 27 0a 3d 0a 54 0a 6a 0a 81 0a 98 0a ae 0a c5 0a dc 0a f3 0b 0b 0b 22 0b 39 0b 51 0b 69 0b 80 0b 98 0b b0 0b c8 0b e1 0b f9 0c 12 0c 2a 0c 43 0c 5c 0c 75 0c 8e 0c a7 0c c0 0c d9 0c f3 0d 0d 0d 26 0d 40 0d 5a 0d 74 0d 8e 0d a9 0d c3 0d de 0d f8 0e 13 0e 2e 0e 49 0e 64 0e 7f 0e 9b 0e b6 0e d2 0e ee 0f 09 0f 25 0f 41 0f 5e 0f 7a 0f 96 0f b3 0f cf 0f ec 10 09 10 26 10 43 10 61 10 7e 10 9b 10 b9 10 d7 10 f5 11 13 11 31 11 4f 11 6d 11 8c 11 aa 11 c9 11 e8 12 07 12 26 12 45 12 64 12 84 12 a3 12 c3 12 e3 13 03 13 23 13 43 13 63 13 83 13 a4 13 c5 13 e5 14 06 14 27 14 49 14 6a 14 8b 14 ad 14 ce 14 f0 15 12 15 34 15 56 15 78 15 9b 15 bd 15 e0 16 03 16 26 16 49 16 6c Data Ascii: %:Ody'=Tj"9Qi*C\u&@Zt.Id%A^z&Ca~1Om&Ed#Cc'Ij4Vx&Il
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 40 64 40 a6 40 e7 41 29 41 6a 41 ac 41 ee 42 30 42 72 42 b5 42 f7 43 3a 43 7d 43 c0 44 03 44 47 44 8a 44 ce 45 12 45 55 45 9a 45 de 46 22 46 67 46 ab 46 f0 47 35 47 7b 47 c0 48 05 48 4b 48 91 48 d7 49 1d 49 63 49 a9 49 f0 4a 37 4a 7d 4a c4 4b 0c 4b 53 4b 9a 4b e2 4c 2a 4c 72 4c ba 4d 02 4d 4a 4d 93 4d dc 4e 25 4e 6e 4e b7 4f 00 4f 49 4f 93 4f dd 50 27 50 71 50 bb 51 06 51 50 51 9b 51 e6 52 31 52 7c 52 c7 53 13 53 5f 53 aa 53 f6 54 42 54 8f 54 db 55 28 55 75 55 c2 56 0f 56 5c 56 a9 56 f7 57 44 57 92 57 e0 58 2f 58 7d 58 cb 59 1a 59 69 59 b8 5a 07 5a 56 5a a6 5a f5 5b 45 5b 95 5b e5 5c 35 5c 86 5c d6 5d 27 5d 78 5d c9 5e 1a 5e 6c 5e bd 5f 0f 5f 61 5f b3 60 05 60 57 60 aa 60 fc 61 4f 61 a2 61 f5 62 49 62 9c 62 f0 63 43 63 97 63 eb 64 40 64 94 64 e9 65 3d 65 Data Ascii: @d@@A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JKKSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R\|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZVZZ[E[[\5\\]']x]^^l^__a_``W``aOaabIbbcCccd@dde=e
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 79 70 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 20 78 6d 6c 6e 73 3a 64 63 3d 22 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 65 6c 65 6d 65 6e 74 73 2f 31 2e 31 2f 22 20 78 6d 6c 6e 73 3a 70 68 6f 74 6f 73 68 6f 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 70 68 6f 74 6f 73 68 6f 70 2f 31 2e 30 2f 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 45 6c 65 6d 65 6e 74 73 20 31 31 2e 30 20 57 69 6e 64 6f 77 73 22 20 78 6d 70 3a 43 72 65 61 74 65 44 61 74 65 3d 22 32 30 31 36 2d 31 32 2d 31 32 54 31 35 3a 32 30 3a 34 31 5a 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 30 2d 30 37 2d 31 34 54 31 30 3a 32 34 3a 35 32 2b 31 30 3a 30 30 22 Data Ascii: ype/ResourceEvent#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmp:CreatorTool="Adobe Photoshop Elements 11.0 Windows" xmp:CreateDate="2016-12-12T15:20:41Z" xmp:MetadataDate="2020-07-14T10:24:52+10:00"
2024-03-28 23:06:03 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	45.61.132.44	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:03 UTC	613	OUT	GET /favicon.ico HTTP/1.1 Host: pp.45-61-132-44.cprapid.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pp.45-61-132-44.cprapid.com/pp/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:04 UTC	164	IN	HTTP/1.1 404 Not Found Date: Thu, 28 Mar 2024 23:06:04 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-03-28 23:06:04 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	23.41.168.93	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:04 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 23:06:04 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=147873 Date: Thu, 28 Mar 2024 23:06:04 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	162.159.135.42	443	5608	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:04 UTC	392	OUT	GET /marketplace/wp-content/uploads/2020/07/PayPal-Logo.jpg HTTP/1.1 Host: www.reckon.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 23:06:05 UTC	1045	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 23:06:05 GMT Content-Type: image/jpeg Content-Length: 31099 Connection: close CF-Ray: 86bb44c36e0d0579-IAD CF-Cache-Status: DYNAMIC Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: max-age=315360000 ETag: "603db32a-797b" Expires: Thu, 31 Dec 2037 23:55:55 GMT Last-Modified: Tue, 02 Mar 2021 03:38:18 GMT Strict-Transport-Security: max-age=86400; includeSubDomains ki-cache-type: None Ki-CF-Cache-Status: BYPASS ki-edge: v=20.2.7;mv=3.0.6 ki-origin: g1p referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff X-Edge-Location-Klb: 1 x-frame-options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AIfpxGiep6C%2FgSjiJamn3fa7Rn4jU8AvMFby7ZX%2FZ0F1O53%2Ft9J6gLcUCtkwfF6bB29Af1Y43DPudCc8Ma%2BLQF5Y9a%2FAuvpIAHubBwuwucgGwTbsT5bVo6NFQfcSe7n%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Server: cloudflare alt-svc: h3=":443"; ma=86400
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 02 00 1c 00 1c 00 00 ff ed 15 f2 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 07 1c 02 00 00 02 00 00 00 38 42 49 4d 04 25 00 00 00 00 00 10 e8 f1 5c f3 2f c1 18 a1 a2 7b 67 ad c5 64 d5 ba 38 42 49 4d 04 3a 00 00 00 00 00 e5 00 00 00 10 00 00 00 01 00 00 00 00 00 0b 70 72 69 6e 74 4f 75 74 70 75 74 00 00 00 05 00 00 00 00 50 73 74 53 62 6f 6f 6c 01 00 00 00 00 49 6e 74 65 65 6e 75 6d 00 00 00 00 49 6e 74 65 00 00 00 00 43 6c 72 6d 00 00 00 0f 70 72 69 6e 74 53 69 78 74 65 65 6e 42 69 74 62 6f 6f 6c 00 00 00 00 0b 70 72 69 6e 74 65 72 4e 61 6d 65 54 45 58 54 00 00 00 01 00 00 00 00 00 0f 70 72 69 6e 74 50 72 6f 6f 66 53 65 74 75 70 4f 62 6a 63 00 00 00 0c 00 50 00 72 00 6f 00 6f 00 66 00 Data Ascii: JFIFPhotoshop 3.08BIM8BIM%\/{gd8BIM:printOutputPstSboolInteenumInteClrmprintSixteenBitboolprinterNameTEXTprintProofSetupObjcProof
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 00 00 00 6e 75 6c 6c 00 00 00 02 00 00 00 06 62 6f 75 6e 64 73 4f 62 6a 63 00 00 00 01 00 00 00 00 00 00 52 63 74 31 00 00 00 04 00 00 00 00 54 6f 70 20 6c 6f 6e 67 00 00 00 00 00 00 00 00 4c 65 66 74 6c 6f 6e 67 00 00 00 00 00 00 00 00 42 74 6f 6d 6c 6f 6e 67 00 00 01 00 00 00 00 00 52 67 68 74 6c 6f 6e 67 00 00 01 00 00 00 00 06 73 6c 69 63 65 73 56 6c 4c 73 00 00 00 01 4f 62 6a 63 00 00 00 01 00 00 00 00 00 05 73 6c 69 63 65 00 00 00 12 00 00 00 07 73 6c 69 63 65 49 44 6c 6f 6e 67 00 00 00 00 00 00 00 07 67 72 6f 75 70 49 44 6c 6f Data Ascii: nullboundsObjcRct1Top longLeftlongBtomlongRghtlongslicesVlLsObjcslicesliceIDlonggroupIDlo
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: f6 27 37 47 57 67 77 87 97 a7 b7 c7 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f5 54 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4f ff d0 f5 54 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4f ff d1 f5 54 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 97 8d fd 61 fa e7 f5 90 75 ee a1 5e 2f 50 b2 8c 7a 72 2c a6 9a eb 0c da 1b 53 8d 3f 9c c7 fd 2d 9b d6 7f fc f3 fa d9 ff 00 96 b7 ff 00 e0 7f fa 49 5c 8f 21 90 80 78 a3 a8 be ac 27 98 80 24 6b a3 ee 89 2f 16 c1 ff 00 18 7f 5b 70 ed 6b 9d 98 33 2b 07 dd 4e 43 18 41 ff 00 ae d2 ca ae 6f f9 eb d6 7a 0f 59 c7 eb 9d 27 1f a9 e3 b4 b1 b7 83 ba b2 64 b1 ed 26 Data Ascii: '7GWgw?TI%)$IJI$RI$I%)$IJI$RI$I%)$IOTI%)$IJI$RI$I%)$IJI$RI$I%)$IOTI%)$IJI$RI$au^/Pzr,S?-I\!x'$k/[pk3+NCAozY'd&
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 33 fe ab 7a 9b d8 fd 41 cc 4f e9 70 88 b5 cf 33 fd 28 72 e2 37 e8 e3 94 bb 3d 22 49 24 a0 6c bf ff d5 f5 54 92 49 25 29 79 0f f8 d2 ca 17 7d 69 6d 2d 3a 62 e2 d6 c2 3f 94 f7 59 73 bf e8 3a a5 eb cb c3 7e b5 59 fb 5b eb ae 75 15 91 ea 5f 98 cc 36 37 bc b3 d2 c1 ff 00 aa 62 b7 c8 0f d6 99 1f d1 89 61 cf f2 50 ea 42 6a 3e bf 75 da 7a 2d 7d 0f 0c 51 45 0c a8 50 cb 6a 63 cd fb 63 6b 9c d7 9b 1d 5f ab 67 fa 46 d3 ff 00 16 ac 74 1e 99 9f f5 77 0e ef ad 99 d8 ee a3 ec 8c 35 74 bc 7b 81 61 b3 22 ef d5 99 6d 95 1d b6 b7 1e 9a 9f 63 bf c1 be ef f0 6b d8 da d6 b1 a1 8c 01 ad 68 86 b4 68 00 1d 82 e6 bf c6 1f 47 ca ea df 56 ec af 0d 8e b7 23 1a c6 64 b2 96 09 73 c3 25 b6 31 8d fc e7 fa 56 3d cc 67 e7 bf d8 9d 1e 6a 32 3c 02 03 1c 72 4b f5 86 ef 88 15 1c 44 7a 8c 8c 8c Data Ascii: 3zAOp3(r7="I$lTI%)y}im-:b?Ys:~Y[u_67baPBj>uz-}QEPjcck_gFtw5t{a"mckhhGV#ds%1V=gj2<rKDz
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4f ff d9 00 38 42 49 4d 04 21 00 00 00 00 00 57 00 00 00 01 01 00 00 00 0f 00 41 00 64 00 6f 00 62 00 65 00 20 00 50 00 68 00 6f 00 74 00 6f 00 73 00 68 00 6f 00 70 00 00 00 14 00 41 00 64 00 6f 00 62 00 65 00 20 00 50 00 68 00 6f 00 74 00 6f 00 73 00 68 00 6f 00 70 00 20 00 32 00 30 00 32 00 30 00 00 00 01 00 38 42 49 4d 04 06 00 00 00 00 00 07 00 08 01 01 00 01 01 00 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 01 00 00 f6 d6 00 Data Ascii: I%)$IJI$RI$I%)$IJI$RI$I%)$IO8BIM!WAdobe PhotoshopAdobe Photoshop 20208BIMXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: e0 00 e5 00 eb 00 f0 00 f6 00 fb 01 01 01 07 01 0d 01 13 01 19 01 1f 01 25 01 2b 01 32 01 38 01 3e 01 45 01 4c 01 52 01 59 01 60 01 67 01 6e 01 75 01 7c 01 83 01 8b 01 92 01 9a 01 a1 01 a9 01 b1 01 b9 01 c1 01 c9 01 d1 01 d9 01 e1 01 e9 01 f2 01 fa 02 03 02 0c 02 14 02 1d 02 26 02 2f 02 38 02 41 02 4b 02 54 02 5d 02 67 02 71 02 7a 02 84 02 8e 02 98 02 a2 02 ac 02 b6 02 c1 02 cb 02 d5 02 e0 02 eb 02 f5 03 00 03 0b 03 16 03 21 03 2d 03 38 03 43 03 4f 03 5a 03 66 03 72 03 7e 03 8a 03 96 03 a2 03 ae 03 ba 03 c7 03 d3 03 e0 03 ec 03 f9 04 06 04 13 04 20 04 2d 04 3b 04 48 04 55 04 63 04 71 04 7e 04 8c 04 9a 04 a8 04 b6 04 c4 04 d3 04 e1 04 f0 04 fe 05 0d 05 1c 05 2b 05 3a 05 49 05 58 05 67 05 77 05 86 05 96 05 a6 05 b5 05 c5 05 d5 05 e5 05 f6 06 06 06 16 06 27 Data Ascii: %+28>ELRY`gnu\|&/8AKT]gqz!-8COZfr~ -;HUcq~+:IXgw'
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 77 b3 78 11 78 6e 78 cc 79 2a 79 89 79 e7 7a 46 7a a5 7b 04 7b 63 7b c2 7c 21 7c 81 7c e1 7d 41 7d a1 7e 01 7e 62 7e c2 7f 23 7f 84 7f e5 80 47 80 a8 81 0a 81 6b 81 cd 82 30 82 92 82 f4 83 57 83 ba 84 1d 84 80 84 e3 85 47 85 ab 86 0e 86 72 86 d7 87 3b 87 9f 88 04 88 69 88 ce 89 33 89 99 89 fe 8a 64 8a ca 8b 30 8b 96 8b fc 8c 63 8c ca 8d 31 8d 98 8d ff 8e 66 8e ce 8f 36 8f 9e 90 06 90 6e 90 d6 91 3f 91 a8 92 11 92 7a 92 e3 93 4d 93 b6 94 20 94 8a 94 f4 95 5f 95 c9 96 34 96 9f 97 0a 97 75 97 e0 98 4c 98 b8 99 24 99 90 99 fc 9a 68 9a d5 9b 42 9b af 9c 1c 9c 89 9c f7 9d 64 9d d2 9e 40 9e ae 9f 1d 9f 8b 9f fa a0 69 a0 d8 a1 47 a1 b6 a2 26 a2 96 a3 06 a3 76 a3 e6 a4 56 a4 c7 a5 38 a5 a9 a6 1a a6 8b a6 fd a7 6e a7 e0 a8 52 a8 c4 a9 37 a9 a9 aa 1c aa 8f ab 02 ab Data Ascii: wxxnxy*yyzFz{{c{\|!\|\|}A}~~b~#Gk0WGr;i3d0c1f6n?zM _4uL$hBd@iG&vV8nR7
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 61 38 35 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 31 36 38 37 39 45 32 35 37 44 43 30 45 36 31 31 41 38 32 31 38 31 36 45 35 42 35 42 31 32 43 36 22 20 78 6d 70 4d 4d 3a 4f 72 69 67 69 6e 61 6c 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 31 36 38 37 39 45 32 35 37 44 43 30 45 36 31 31 41 38 32 31 38 31 36 45 35 42 35 42 31 32 43 36 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 65 2f 6a 70 65 67 22 20 70 68 6f 74 6f 73 68 6f 70 3a 4c 65 67 61 63 79 49 50 54 43 44 69 67 65 73 74 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 22 20 70 68 6f 74 6f 73 68 6f 70 3a 43 6f 6c 6f 72 4d 6f 64 65 3d 22 33 22 20 70 68 6f 74 6f 73 68 6f 70 3a 49 43 43 Data Ascii: a85" xmpMM:DocumentID="xmp.did:16879E257DC0E611A821816E5B5B12C6" xmpMM:OriginalDocumentID="xmp.did:16879E257DC0E611A821816E5B5B12C6" dc:format="image/jpeg" photoshop:LegacyIPTCDigest="00000000000000000000000000000001" photoshop:ColorMode="3" photoshop:ICC
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2024-03-28 23:06:05 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49746	23.41.168.93	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 23:06:05 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 08K+nYgAAAACXC/Ywsy9UQ60qHfPpvzYzU0pDRURHRTA1MTIAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=147806 Date: Thu, 28 Mar 2024 23:06:05 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-28 23:06:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdlKr4cOs1pPp7G&MD=LAMPD8ds HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 23:06:16 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: a9a161ed-ea52-4f30-9b2e-b3cf3a8543ab MS-RequestId: 7c2734bd-eb29-421a-b790-a975fdd34cc3 MS-CV: Vb3Dc66hY0CW/7w1.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 23:06:15 GMT Connection: close Content-Length: 24490
2024-03-28 23:06:16 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-28 23:06:16 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49753	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 23:06:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=hdlKr4cOs1pPp7G&MD=LAMPD8ds HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 23:06:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 2b78982a-7967-4d86-9d1a-73fc4de8d26e MS-RequestId: cb843cce-2af5-45ed-87f7-be61ec8bed04 MS-CV: QHvlVFfjA0SVrq4n.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 23:06:53 GMT Connection: close Content-Length: 25457
2024-03-28 23:06:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-28 23:06:54 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5672, Parent PID: 2652

General

Target ID:	0
Start time:	00:05:55
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5608, Parent PID: 5672

General

Target ID:	1
Start time:	00:05:56
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2272,i,16570902960174803713,1275465301685057893,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6508, Parent PID: 2652

General

Target ID:	3
Start time:	00:06:00
Start date:	29/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pp.45-61-132-44.cprapid.com/pp/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly