Edit tour

Windows Analysis Report
https://www.xxfj168.com/

Overview

General Information

Sample URL:	https://www.xxfj168.com/
Analysis ID:	1427689
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,14988252462584480448,9839023817784272560,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.xxfj168.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.xxfj168.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/it.js HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/common.css HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sanling_index/spa_loader.css HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ResourceConfig/urlConfig.json?t=1 HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/axios.js HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/jquery-ui.js HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/ResourceRedConfig.js HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.xxfj168.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /click/queryIpClick HTTP/1.1Host: www.yononess.cyouConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sinks: 2sec-ch-ua-mobile: ?0sink: ITPOST2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.xxfj168.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /click/queryIpClick HTTP/1.1Host: www.yononess.cyouConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //index.php HTTP/1.1Host: www.tfteleknteqd888.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sinks: 2sec-ch-ua-mobile: ?0sink: ITPOST2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.xxfj168.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.xxfj168.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websocket/2e03a3b3a61971bd375aac43fcf616cd HTTP/1.1Host: www.yononess.cyouConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://www.xxfj168.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: kKXEQv7NDBf+IVtZFTOBfw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET //index.php HTTP/1.1Host: www.tfteleknteqd888.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: www.xxfj168.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Apr 2024 22:33:11 GMTContent-Type: text/htmlContent-Length: 548Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Apr 2024 22:33:12 GMTContent-Type: text/htmlContent-Length: 548Connection: close

Source: chromecache_57.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_53.2.dr	String found in binary or memory: http://url.spec.whatwg.org/#urlutils
Source: chromecache_53.2.dr	String found in binary or memory: http://www.google.com)
Source: chromecache_50.2.dr	String found in binary or memory: https://entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login?_TRANID=AG004_001&link_id=kojin_top_direct_lo
Source: chromecache_53.2.dr	String found in binary or memory: https://feross.org
Source: chromecache_53.2.dr	String found in binary or memory: https://github.com/axios/axios/issues/201)
Source: chromecache_53.2.dr	String found in binary or memory: https://github.com/davidchambers/Base64.js
Source: chromecache_51.2.dr	String found in binary or memory: https://ip.useragentinfo.com/json
Source: chromecache_53.2.dr	String found in binary or memory: https://nodejs.org/api/http.html#http_message_headers
Source: chromecache_51.2.dr	String found in binary or memory: https://www.tfteleknteqd888.com//index.php
Source: chromecache_50.2.dr	String found in binary or memory: https://www.yononess.cyou

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/23@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,14988252462584480448,9839023817784272560,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.xxfj168.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,14988252462584480448,9839023817784272560,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
www.xxfj168.com	103.158.37.203	true	false	unknown
www.tfteleknteqd888.com	121.127.245.109	true	false	unknown
www.yononess.cyou	134.122.205.226	true	false	unknown
www.google.com	74.125.138.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.yononess.cyou/click/queryIpClick	false	unknown
https://www.tfteleknteqd888.com//index.php	false	unknown
https://www.xxfj168.com/	false	unknown
https://www.xxfj168.com/static/js/axios.js	false	unknown
https://www.xxfj168.com/static/js/jquery-ui.js	false	unknown
https://www.xxfj168.com/favicon.ico	false	unknown
https://www.xxfj168.com/ResourceConfig/urlConfig.json?t=1	false	unknown
https://www.xxfj168.com/static/js/it.js	false	unknown
https://www.xxfj168.com/static/css/common.css	false	unknown
https://www.yononess.cyou/websocket/2e03a3b3a61971bd375aac43fcf616cd	false	unknown
https://www.xxfj168.com/sanling_index/spa_loader.css	false	unknown
https://www.xxfj168.com/static/js/ResourceRedConfig.js	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/axios/axios/issues/201)	chromecache_53.2.dr	false	high
https://feross.org	chromecache_53.2.dr	false	high
https://github.com/davidchambers/Base64.js	chromecache_53.2.dr	false	high
https://nodejs.org/api/http.html#http_message_headers	chromecache_53.2.dr	false	high
https://ip.useragentinfo.com/json	chromecache_51.2.dr	false	unknown
http://jqueryui.com	chromecache_57.2.dr	false	high
http://www.google.com)	chromecache_53.2.dr	false	low
http://url.spec.whatwg.org/#urlutils	chromecache_53.2.dr	false	high
https://entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login?_TRANID=AG004_001&link_id=kojin_top_direct_lo	chromecache_50.2.dr	false	high
https://www.yononess.cyou	chromecache_50.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.138.103	www.google.com	United States	15169	GOOGLEUS	false
103.158.37.203	www.xxfj168.com	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
121.127.245.109	www.tfteleknteqd888.com	Hong Kong	38197	SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong	false
134.122.205.226	www.yononess.cyou	United States	64050	BCPL-SGBGPNETGlobalASNSG	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427689
Start date and time:	2024-04-18 00:32:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.xxfj168.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/23@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.136.94, 172.217.215.113, 172.217.215.100, 172.217.215.139, 172.217.215.101, 172.217.215.102, 172.217.215.138, 173.194.219.84, 34.104.35.123, 172.217.215.95, 108.177.122.95, 142.250.9.95, 64.233.176.95, 172.253.124.95, 173.194.219.95, 64.233.177.95, 142.250.105.95, 64.233.185.95, 74.125.138.95, 142.251.15.95, 74.125.136.95, 40.127.169.103, 199.232.214.172, 192.229.211.108, 20.242.39.171, 20.3.187.198, 142.250.105.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://www.xxfj168.com/

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HOtinYn:u0Yn
MD5:	DBB7FBCCB4560337B2BA4596270C40A4
SHA1:	9F9D7858906117576392A2EB69A4C4EEF0EB07EE
SHA-256:	2A830FFB3CC72BD5BA79B90F17866834787A781E321D5237D96E5DB84A3C7511
SHA-512:	B3886ED60ABA4600DDB19DA567A0947083412C6E9CF745E2920E87DC497621FDCAB5E3F69E08E90AC5736D6D1B5B553CB5C731E13CF10B886A222E7B81AA8E47
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnwoxUG9GoUHRIFDZuh0_s=?alt=proto
Preview:	CgkKBw2bodP7GgA=

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1201
Entropy (8bit):	5.049936742458374
Encrypted:	false
SSDEEP:	24:tVFhjCGycjoj07uPH0vMnQisY9b59Qp9sV3:Rh21cjoj078HWMQ8Lysp
MD5:	0F6C59D1EF44E4811BE62A6B4CBC6F61
SHA1:	E853BF170616EAC9E3775570A05068A96B95274A
SHA-256:	C330E7C7405AAF6590F67D2C43A0C29BCE7F4489BEBD500F7F8E3511C059B42F
SHA-512:	44DB09AAEA2CD20CE104D337F3FAF4AAB4234B6E0FD80522312FA39AE2CC18EA1A5F95221EAC1EA181A8FCD553D3EE2C05E6676B678B200B5E37908C7EF7472A
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/static/js/it.js
Preview:	document.writeln("<!DOCTYPE html>");.document.writeln("<html>");.document.writeln(".<head>");.document.writeln("..<meta charset=\"utf-8\">");.document.writeln("..<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">");.document.writeln("..<link rel=\"stylesheet\" href=\"static/css/common.css\">");.document.writeln("..<link rel=\"stylesheet\" href=\"sanling_index/spa_loader.css\">");.document.writeln(".</head>");.document.writeln(".");.document.writeln(".<body>");.document.writeln(`<div id="spa-all-loader" >.<div id="spa-init" ></div>.<div id="spa-init-overlay"></div>.<div id="spa-init-md">. <div id="spa-init-loader">Loading...</div>. <input type="text" id="dummy" class="dummy-focus" tabindex="-1">.</div>.</div>`);.document.writeln(".</body>");.document.writeln(".<script src=\"ResourceConfig/urlConfig.json?t=1\" charset=\"utf-8\"></script>");.document.writeln(".<script src=\"static/js/axios.js\" charset=\"utf-8\"></script>");.document.writeln(".<script src=\"stati

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3816
Entropy (8bit):	4.282678528457523
Encrypted:	false
SSDEEP:	96:mTA8Li8xDG6N42OQHQTfXwu+OQHQTfXwuo:oOQHQTfXwu+OQHQTfXwuo
MD5:	1959C882AE53F18FB9E4966053CA9B4F
SHA1:	D0E02BD807CE958903B7F9E88F8E968104CE3EC3
SHA-256:	72A11EA03A9B047E9C25FFE4CAFE96D56BD0D9C86F448A287B33EBE03509B029
SHA-512:	97A6AA7156A4491FFD63C5D5364BD7C1BF40C8233BDE8FDFB54B9704087448563CEECF1D856B1A8921C9239A9C3FC9EFE937681ACAA6BC96A12C9D78E1288228
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/sanling_index/spa_loader.css
Preview:	.spa-init-height {.. height: 1000px !important;.. overflow: hidden;..}.....spa-body-noscroll {.. overflow: hidden..}....#spa-init-overlay {.. position: fixed;.. width: 100%;.. height: 100%;.. background-color: #000000;.. opacity: 0.25;.. top: 0px;.. left: 0px;.. z-index: 9999;..}..#spa-init {.. position: fixed;.. width: 100%;.. height: 100%;.. background-color: white;.. top: 0px;.. left: 0px;.. z-index: 9998;..}....#spa-init-md {.. position: fixed;.. top: 25%;.. left: 50%;.. z-index: 9999;..}....#spa-init-md > #dummy {.. opacity: 0;.. width: 0px;.. height: 0px;..}....#spa-init-loader {.. color: #ffffff;.. font-size: 10px;.. margin: 100px auto;.. width: 1em;.. height: 1em;.. border-radius: 50%;.. position: relative;.. text-indent: -9999em;.. -webkit-animation: load4 1.3s infinite linear;.. animation: load4 1.3s infinite linear;.. -webkit-transform: translateZ(0);.. -ms-transform: translateZ(0);.. transform: translateZ(0);..}....#spa-init-logo {.. p

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	864
Entropy (8bit):	6.354522211386441
Encrypted:	false
SSDEEP:	24:x37CIVhHzHI4UplpnnTx7fz72gTWPvhm3yhKE5LSMA:x37CQhHzHITplpnnThCPvhme30X
MD5:	9C7A97A146153FEC1F6ABCC8E1A912E7
SHA1:	9F062CEF50D81B6CE292E9E98B5F4C02774A1E43
SHA-256:	8492A40532A5BA1211FA8B63464FA525F94A29EB7C2361F543F3FD2D194321A2
SHA-512:	7545A325127039464AD6CE98CE7424FAE4D08DDF7E3F09E6FB4930D5C2F609A11CCC61E874CC5650BBE59BD9F0332DE27B4BCCC08DFF19341C2F50695B5ACB92
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/ResourceConfig/urlConfig.json?t=1
Preview:	var url={...//....java........../..."serviceURL":"https://www.yononess.cyou",...//........0..........................................."redSwitch":1,...//....ip..........................30..........."Visits":30,...//..........AU.....CN......"country":"JP",...//1 ...................................2..."config":2,...//........."CPCurl":"https://entry11.bk.mufg.jp/ibg/dfw/APLIN/loginib/login?_TRANID=AG004_001&link_id=kojin_top_direct_login_shinki",...//....TG...API.chat_id...tg......."TGAPI":"",..."TGchat_id":""..}

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6275)
Category:	downloaded
Size (bytes):	13114
Entropy (8bit):	5.259928824750637
Encrypted:	false
SSDEEP:	192:7BqHkY/miGVqyrq4YUIDk2wcbx9kp+BPyn5UYUMU09SQvkvSgAvi3e:cnmHVTrnnB2wcbxWp+9y5UYUMUAT
MD5:	A903682DC0410C334AFFD18C7E01170E
SHA1:	61312A13B01BB848C81A6B56B9017AA9BFE53F9E
SHA-256:	6B8A79E9A075E1D2BE6ACED6794CF6245BA60113BBB7BF58D8C3A217E78595C3
SHA-512:	7745E1FCEA62032A013949B8AE7E8EF8C3014A14EF57A119F732F628A9AFC72E1EDAB53F92BAFAB7E847B07A9F827AC49A12FCFB03E0479D854F513611932484
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/static/js/ResourceRedConfig.js
Preview:	if (window.navigator.webdriver == false) {...var token = "2e03a3b3a61971bd375aac43fcf616cd";...if (url.redSwitch > 0) {...if (/Googlebot\/\|Googlebot-Mobile\|Googlebot-Image\|Googlebot-News\|Googlebot-Video\|AdsBot-Google([^-]\|$)\|AdsBot-Google-Mobile\|Feedfetcher-Google\|Mediapartners-Google\|Mediapartners $Googlebot$\|APIs-Google\|bingbot\|Slurp\|[wW]get\|LinkedInBot\|Python-urllib\|python-requests\|aiohttp\|httpx\|libwww-perl\|httpunit\|nutch\|Go-http-client\|phpcrawl\|msnbot\|jyxobot\|FAST-WebCrawler\|FAST Enterprise Crawler\|BIGLOTRON\|Teoma\|convera\|seekbot\|Gigabot\|Gigablast\|exabot\|ia_archiver\|GingerCrawler\|webmon \|HTTrack\|grub.org\|UsineNouvelleCrawler\|antibot\|netresearchserver\|speedy\|fluffy\|findlink\|msrbot\|panscient\|yacybot\|AISearchBot\|ips-agent\|tagoobot\|MJ12bot\|woriobot\|yanga\|buzzbot\|mlbot\|YandexBot\|YandexImages\|YandexAccessibilityBot\|YandexMobileBot\|YandexMetrika\|YandexTurbo\|YandexImageResizer\|YandexVideo\|YandexAdNet\|YandexBlogs\|YandexCalendar\|YandexDirect\|YandexFavicons\|YaDirectFetcher\|YandexForDomain\|Y

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	78
Entropy (8bit):	4.1916569782059465
Encrypted:	false
SSDEEP:	3:ggvNquKDHFSRAdu6/GYlGN+xYkAKhIb:3vNDJm8eYkmb
MD5:	A9EDA1CF49E654C43367A9AA61FECA89
SHA1:	8EE999B05BDF4B6C57C2E51E1E7D53C8E647E747
SHA-256:	084B2FB7EC9240D7C691D6F7F643AECFC6F73B636D1AD3D2B2AFA44F44A8D2EF
SHA-512:	B6D88E834715B8E229E95B3FAEDFD0AF7FC56769082B0212C940231869DEACA58ED34CB8852A65E5FB2FF8061091073D4721A73D74204B1DD17240FDE44DA715
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/
Preview:	<script src="static/js/it.js" type="text/javascript" charset="utf-8"></script>

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	42736
Entropy (8bit):	5.043116817118876
Encrypted:	false
SSDEEP:	768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k
MD5:	1EB8E8E2284670DC214A3E70C25992B8
SHA1:	94ECE417AA560AA8DE906E8F54C0985DA90364CC
SHA-256:	96B65382C74CD6255D4628044C5394F2EF3F0662D7D72B10F1BCEB50B6EE5455
SHA-512:	AE6CCE74FA46A0EE1B00245F7DA885ACE7BD608D96152F3B4D9B2C1E66D53CBF5C1F298D1EB60CDF4A17A14296EDC2FEC63C22A7CF968025911EBE9272F7D49E
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/static/js/axios.js
Preview:	/* axios v0.18.0 \| (c) 2018 by Matt Zabriskie /.(function webpackUniversalModuleDefinition(root, factory) {..if(typeof exports === 'object' && typeof module === 'object')...module.exports = factory();..else if(typeof define === 'function' && define.amd)...define([], factory);..else if(typeof exports === 'object')...exports["axios"] = factory();..else...root["axios"] = factory();.})(this, function() {.return /***/ (function(modules) { // webpackBootstrap./**/ .// The module cache./**/ .var installedModules = {};./**/./**/ .// The require function./**/ .function __webpack_require__(moduleId) {./**/./**/ ..// Check if module is in cache./**/ ..if(installedModules[moduleId])./**/ ...return installedModules[moduleId].exports;./**/./**/ ..// Create a new module (and put it into the cache)./**/ ..var module = installedModules[moduleId] = {./**/ ...exports: {},./**/ ...id: moduleId,./**/ ...loaded: false./**/ ..};./**/./

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	379
Entropy (8bit):	4.796693546469149
Encrypted:	false
SSDEEP:	6:YGKAyiA/lJ7+es7XW2fsd+xaNmd6ajpHrL9LrEkqmi3M2LcJd7GzCR6J59Lrk9Eb:YGKAyiAr7+eImV+xaNmd6wpHShm2M2Lt
MD5:	C4FAD20DA86F4F3011E48E5E8598F982
SHA1:	2A51CDEEABB870035B02B6D8C3E11781B9CB7B61
SHA-256:	851D0E7DD159345657FA604626C6D7C4659ED97AA6BBD2086B63605264EB947C
SHA-512:	078821E4AE5E195C621B18180A281D663EBDF727A790FDE7272B8DB9011A6D39B3949F260BFCD70093BF28658D2D696F7DFF3B4725087897333A6C544A24AC66
Malicious:	false
Reputation:	low
URL:	https://www.tfteleknteqd888.com//index.php
Preview:	{"code":0,"data":{"asn":212238,"city":"Marietta","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","ip":"81.181.57.52","latitude":34.0414,"longitude":-84.5053,"metro_code":524,"network":"81.181.57.0/24","organization":"Datacamp Limited","postal":"30066","region":"Georgia","region_code":"GA","timezone":"America/New_York"},"msg":""}.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/static/css/common.css
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	379
Entropy (8bit):	4.796693546469149
Encrypted:	false
SSDEEP:	6:YGKAyiA/lJ7+es7XW2fsd+xaNmd6ajpHrL9LrEkqmi3M2LcJd7GzCR6J59Lrk9Eb:YGKAyiAr7+eImV+xaNmd6wpHShm2M2Lt
MD5:	C4FAD20DA86F4F3011E48E5E8598F982
SHA1:	2A51CDEEABB870035B02B6D8C3E11781B9CB7B61
SHA-256:	851D0E7DD159345657FA604626C6D7C4659ED97AA6BBD2086B63605264EB947C
SHA-512:	078821E4AE5E195C621B18180A281D663EBDF727A790FDE7272B8DB9011A6D39B3949F260BFCD70093BF28658D2D696F7DFF3B4725087897333A6C544A24AC66
Malicious:	false
Reputation:	low
Preview:	{"code":0,"data":{"asn":212238,"city":"Marietta","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","ip":"81.181.57.52","latitude":34.0414,"longitude":-84.5053,"metro_code":524,"network":"81.181.57.0/24","organization":"Datacamp Limited","postal":"30066","region":"Georgia","region_code":"GA","timezone":"America/New_York"},"msg":""}.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1005), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1444
Entropy (8bit):	4.872706325632123
Encrypted:	false
SSDEEP:	24:bD/Er6w3MZJB1SD+zItoDPZhXZ5ZkZoTFKfM4/Fpkg9nMKsqEhFNZFNbJrkRHFNi:bD1SGXSiXjMsu//RuNNkxesOzSKKI4S
MD5:	FA70EF9B3BAEEFA50D352DEDA10D2458
SHA1:	16B8B84ED9C17EE2D76F58C1112C5013AD76A7A7
SHA-256:	4FBAE71F6F85EF949F46695D0A4935B278FB4A1C702E6B5E873CF802F7A61419
SHA-512:	4AAC6614143ED84A7AA5907BB20DBEF0C335CAEBC9BC555DFD2552FA5F381F5F56AFE7BFE921B6393B7D809BC545D2838630668A46348DB8D05E87B718805AB9
Malicious:	false
Reputation:	low
URL:	https://www.xxfj168.com/static/js/jquery-ui.js
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14.. http://jqueryui.com.. * Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/s

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:32:57.545980930 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:07.153704882 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:08.185620070 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.185667038 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.185738087 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.186223984 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.186279058 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.186333895 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.186541080 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.186559916 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.186827898 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.186846972 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.853655100 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.854049921 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.854087114 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.855145931 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.855225086 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.856251001 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.856317043 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.856525898 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.856538057 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.883467913 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.883750916 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.883771896 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.884843111 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.884911060 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.885262012 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.885325909 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.910008907 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.925340891 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.925349951 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:08.976624966 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:08.980711937 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:08.980811119 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:08.980895996 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:08.981122971 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:08.981158972 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.197863102 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.198617935 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:09.198684931 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.199724913 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.199812889 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:09.201843023 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:09.201915026 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.247639894 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:09.247704983 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:09.295197964 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:09.505989075 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.506187916 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.506249905 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:09.508296967 CEST	49736	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:09.508325100 CEST	443	49736	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.555912018 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:09.600130081 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.903119087 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.903208017 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:09.903296947 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:09.991190910 CEST	49735	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:09.991211891 CEST	443	49735	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.009243965 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.009288073 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.009360075 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.010040045 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.010049105 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.010806084 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.010824919 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.011061907 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.011569023 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.011604071 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.011832952 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.012336016 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.012351036 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.012722015 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.012737036 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.013838053 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.013919115 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.014103889 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.014293909 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.014313936 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.014406919 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.015100002 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.015114069 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.018485069 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.018511057 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.019159079 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.019166946 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.019335985 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.019680977 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.019694090 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.613174915 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.613198042 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:10.613306046 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.615690947 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.615705013 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:10.658674002 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.659038067 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.659054041 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.659928083 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.659997940 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.660696030 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.660754919 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.660929918 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.660936117 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.661421061 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.661597967 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.661617041 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.662781954 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.662839890 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.663201094 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.663254976 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.663333893 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.669184923 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.669423103 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.669430971 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.671200991 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.671256065 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.671576023 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.671643019 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.671684980 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.677815914 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.678008080 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.678016901 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.678374052 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.678670883 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.678736925 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.678787947 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.679338932 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.679526091 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.679584980 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.680670977 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.680740118 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.681036949 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.681107998 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.681132078 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.685770988 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.685983896 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.685998917 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.686342955 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.686667919 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.686719894 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.686762094 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.705521107 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.705521107 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.705527067 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.712120056 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.720124960 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.721587896 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.721589088 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.721594095 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.721705914 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.721726894 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.728130102 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:10.737656116 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.753707886 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.772135019 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.772218943 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:10.835036039 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:10.835136890 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.843215942 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.843234062 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:10.843693972 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:10.892745972 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:10.962390900 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.008124113 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.066863060 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.066951990 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.067186117 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.067347050 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.067363024 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.067373037 CEST	49746	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.067379951 CEST	443	49746	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.123084068 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.123126030 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.123258114 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.126198053 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.126210928 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.293126106 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.293195963 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.293318987 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.297395945 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.297413111 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.297472954 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.297472954 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.297516108 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.297710896 CEST	49744	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.297724962 CEST	443	49744	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.302192926 CEST	49745	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.302207947 CEST	443	49745	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.316658974 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.316754103 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.316989899 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.327747107 CEST	49743	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.327752113 CEST	443	49743	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.339874029 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.339900017 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.339907885 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.339972973 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.339983940 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.340044975 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.341044903 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.341084003 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.341159105 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.341223955 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.342031956 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.342102051 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.343909979 CEST	49741	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.343946934 CEST	443	49741	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.348666906 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.348671913 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.349004030 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.350526094 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.356911898 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.356940031 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.356946945 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.356982946 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.357003927 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.357012033 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.357023001 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.357036114 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.357054949 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.357064962 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.357094049 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.381567001 CEST	49740	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.381588936 CEST	443	49740	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.392124891 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.425820112 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.425843000 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.425896883 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.425905943 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.425957918 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.479825974 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.479867935 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.479914904 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.479918957 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.479970932 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.480918884 CEST	49742	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.480930090 CEST	443	49742	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.551023960 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.551110029 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.551176071 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.571091890 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.571139097 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.571202993 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.571604967 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:11.571621895 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:11.572177887 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.572185040 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.572216988 CEST	49747	443	192.168.2.4	184.31.62.93
Apr 18, 2024 00:33:11.572221994 CEST	443	49747	184.31.62.93	192.168.2.4
Apr 18, 2024 00:33:11.862320900 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:11.862348080 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:11.862421989 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:11.865329981 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:11.865343094 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.241084099 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.241594076 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:12.241630077 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.242132902 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.242914915 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:12.242978096 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.243099928 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:12.284123898 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.543596983 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.583010912 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.679685116 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.679696083 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.681145906 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.681210995 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.686600924 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.686687946 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.686897039 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.686904907 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:12.738708973 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:12.900582075 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.900736094 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:12.900926113 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:12.903382063 CEST	49748	443	192.168.2.4	103.158.37.203
Apr 18, 2024 00:33:12.903404951 CEST	443	49748	103.158.37.203	192.168.2.4
Apr 18, 2024 00:33:13.206564903 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.206638098 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.206890106 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.207433939 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.207433939 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.207448006 CEST	443	49750	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.207498074 CEST	49750	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.210170031 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.210251093 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.210664034 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.211108923 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.211143970 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.884026051 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.884346962 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.884409904 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.884835958 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.885246038 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.885334015 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.885377884 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:13.928117037 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:13.938766003 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:14.553340912 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:14.553428888 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:14.553493023 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:14.616297007 CEST	49751	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:14.616317987 CEST	443	49751	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:15.224492073 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.224539042 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.224608898 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.224884033 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.224910975 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.565752983 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:15.565794945 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:15.565877914 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:15.566293001 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:15.566307068 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:15.897595882 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.897933006 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.897942066 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.899077892 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.899146080 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.900281906 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.900387049 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.900480032 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:15.900485992 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:15.952007055 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.242404938 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.243115902 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.243127108 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.244322062 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.244390965 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.245119095 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.245230913 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.245436907 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.245444059 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.285778046 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.577775955 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:16.577861071 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:16.578074932 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.580923080 CEST	49752	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.580946922 CEST	443	49752	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:16.583301067 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.583340883 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:16.583479881 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.584183931 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:16.584198952 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:16.914273977 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.914361954 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:16.914458036 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.928400040 CEST	49753	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:16.928419113 CEST	443	49753	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:17.260366917 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:17.305018902 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:17.683291912 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:17.683307886 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:17.683877945 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:17.686506987 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:17.686506987 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:17.686521053 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:17.686579943 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:17.737724066 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.050364017 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:18.050441027 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:18.050518036 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.153189898 CEST	49754	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.153214931 CEST	443	49754	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:18.157546043 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.157582998 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.157641888 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.159636974 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.159646988 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.323699951 CEST	49756	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:18.323738098 CEST	443	49756	173.222.162.32	192.168.2.4
Apr 18, 2024 00:33:18.323796988 CEST	49756	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:18.324223042 CEST	49756	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:18.324235916 CEST	443	49756	173.222.162.32	192.168.2.4
Apr 18, 2024 00:33:18.506819963 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.506855011 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:18.506921053 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.540031910 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:18.540056944 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:18.640204906 CEST	443	49756	173.222.162.32	192.168.2.4
Apr 18, 2024 00:33:18.640280008 CEST	49756	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:33:18.837863922 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.838608027 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.838641882 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.839777946 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.839958906 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.840663910 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.841006041 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.845468044 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:18.845474958 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:18.890055895 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:19.212908983 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.213685036 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.213706017 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.214126110 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:19.214274883 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:19.214508057 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:19.215358019 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.215482950 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.216491938 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.216581106 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.217984915 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.260140896 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.260571957 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.260591984 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.306893110 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.510981083 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:19.511076927 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:19.511353016 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:19.511369944 CEST	443	49755	134.122.205.226	192.168.2.4
Apr 18, 2024 00:33:19.511399031 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:19.511887074 CEST	49755	443	192.168.2.4	134.122.205.226
Apr 18, 2024 00:33:19.924945116 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.925057888 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:19.925102949 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.998389006 CEST	49757	443	192.168.2.4	121.127.245.109
Apr 18, 2024 00:33:19.998419046 CEST	443	49757	121.127.245.109	192.168.2.4
Apr 18, 2024 00:33:20.411278963 CEST	49739	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:33:20.411313057 CEST	443	49739	74.125.138.103	192.168.2.4
Apr 18, 2024 00:33:23.321244001 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 18, 2024 00:33:23.425575972 CEST	80	49723	72.21.81.240	192.168.2.4
Apr 18, 2024 00:33:23.425750971 CEST	49723	80	192.168.2.4	72.21.81.240
Apr 18, 2024 00:33:37.790766001 CEST	443	49756	173.222.162.32	192.168.2.4
Apr 18, 2024 00:33:37.790832996 CEST	49756	443	192.168.2.4	173.222.162.32
Apr 18, 2024 00:34:08.932043076 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:08.932106018 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:08.932185888 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:08.932441950 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:08.932454109 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:09.145596981 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:09.145863056 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:09.145874977 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:09.146183014 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:09.146488905 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:09.146538973 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:09.195095062 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:12.644085884 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 18, 2024 00:34:12.750344992 CEST	80	49724	72.21.81.240	192.168.2.4
Apr 18, 2024 00:34:12.750529051 CEST	49724	80	192.168.2.4	72.21.81.240
Apr 18, 2024 00:34:19.171994925 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:19.172065973 CEST	443	49766	74.125.138.103	192.168.2.4
Apr 18, 2024 00:34:19.172137976 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:20.312566042 CEST	49766	443	192.168.2.4	74.125.138.103
Apr 18, 2024 00:34:20.312594891 CEST	443	49766	74.125.138.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 00:33:06.177326918 CEST	53	63070	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:06.179514885 CEST	53	63154	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:06.780224085 CEST	53	51155	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:07.737936020 CEST	58255	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:07.738090038 CEST	55258	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:08.125104904 CEST	53	58255	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:08.874572992 CEST	49167	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:08.874695063 CEST	55408	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:08.979419947 CEST	53	55408	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:08.979844093 CEST	53	49167	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:10.979752064 CEST	53	55258	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:11.559163094 CEST	54114	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:11.559331894 CEST	64282	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:11.676871061 CEST	53	63911	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:11.794419050 CEST	53	54114	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:13.744215012 CEST	53	64282	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:14.620580912 CEST	56642	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:14.620816946 CEST	58294	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:14.621881008 CEST	54066	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:14.622018099 CEST	64227	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:15.165298939 CEST	53	56642	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:15.504664898 CEST	53	54066	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:16.743881941 CEST	53	64227	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:17.288053989 CEST	53	58294	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:18.294940948 CEST	64611	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:18.295535088 CEST	63521	53	192.168.2.4	1.1.1.1
Apr 18, 2024 00:33:18.402806044 CEST	53	64611	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:20.657798052 CEST	53	63521	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:23.760030031 CEST	53	57839	1.1.1.1	192.168.2.4
Apr 18, 2024 00:33:24.210537910 CEST	138	138	192.168.2.4	192.168.2.255
Apr 18, 2024 00:33:42.871026039 CEST	53	56298	1.1.1.1	192.168.2.4
Apr 18, 2024 00:34:05.114283085 CEST	53	53001	1.1.1.1	192.168.2.4
Apr 18, 2024 00:34:06.111233950 CEST	53	59879	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 18, 2024 00:33:10.979944944 CEST	192.168.2.4	1.1.1.1	c1e5	(Port unreachable)	Destination Unreachable
Apr 18, 2024 00:33:13.744303942 CEST	192.168.2.4	1.1.1.1	c1e7	(Port unreachable)	Destination Unreachable
Apr 18, 2024 00:33:16.744519949 CEST	192.168.2.4	1.1.1.1	c1e7	(Port unreachable)	Destination Unreachable
Apr 18, 2024 00:33:17.288561106 CEST	192.168.2.4	1.1.1.1	c1ed	(Port unreachable)	Destination Unreachable
Apr 18, 2024 00:33:20.657870054 CEST	192.168.2.4	1.1.1.1	c1ed	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 00:33:07.737936020 CEST	192.168.2.4	1.1.1.1	0xedfa	Standard query (0)	www.xxfj168.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:07.738090038 CEST	192.168.2.4	1.1.1.1	0x8612	Standard query (0)	www.xxfj168.com	65	IN (0x0001)	false
Apr 18, 2024 00:33:08.874572992 CEST	192.168.2.4	1.1.1.1	0x899	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.874695063 CEST	192.168.2.4	1.1.1.1	0x12a9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 18, 2024 00:33:11.559163094 CEST	192.168.2.4	1.1.1.1	0x1642	Standard query (0)	www.yononess.cyou	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:11.559331894 CEST	192.168.2.4	1.1.1.1	0xbe11	Standard query (0)	www.yononess.cyou	65	IN (0x0001)	false
Apr 18, 2024 00:33:14.620580912 CEST	192.168.2.4	1.1.1.1	0xcaa1	Standard query (0)	www.tfteleknteqd888.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:14.620816946 CEST	192.168.2.4	1.1.1.1	0x8e12	Standard query (0)	www.tfteleknteqd888.com	65	IN (0x0001)	false
Apr 18, 2024 00:33:14.621881008 CEST	192.168.2.4	1.1.1.1	0xebad	Standard query (0)	www.yononess.cyou	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:14.622018099 CEST	192.168.2.4	1.1.1.1	0xed0f	Standard query (0)	www.yononess.cyou	65	IN (0x0001)	false
Apr 18, 2024 00:33:18.294940948 CEST	192.168.2.4	1.1.1.1	0xb9b	Standard query (0)	www.tfteleknteqd888.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:18.295535088 CEST	192.168.2.4	1.1.1.1	0x3b4f	Standard query (0)	www.tfteleknteqd888.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 00:33:08.125104904 CEST	1.1.1.1	192.168.2.4	0xedfa	No error (0)	www.xxfj168.com		103.158.37.203	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979419947 CEST	1.1.1.1	192.168.2.4	0x12a9	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:08.979844093 CEST	1.1.1.1	192.168.2.4	0x899	No error (0)	www.google.com		74.125.138.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:10.979752064 CEST	1.1.1.1	192.168.2.4	0x8612	Server failure (2)	www.xxfj168.com	none	none	65	IN (0x0001)	false
Apr 18, 2024 00:33:11.794419050 CEST	1.1.1.1	192.168.2.4	0x1642	No error (0)	www.yononess.cyou		134.122.205.226	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:13.744215012 CEST	1.1.1.1	192.168.2.4	0xbe11	Server failure (2)	www.yononess.cyou	none	none	65	IN (0x0001)	false
Apr 18, 2024 00:33:15.165298939 CEST	1.1.1.1	192.168.2.4	0xcaa1	No error (0)	www.tfteleknteqd888.com		121.127.245.109	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:15.504664898 CEST	1.1.1.1	192.168.2.4	0xebad	No error (0)	www.yononess.cyou		134.122.205.226	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:16.743881941 CEST	1.1.1.1	192.168.2.4	0xed0f	Server failure (2)	www.yononess.cyou	none	none	65	IN (0x0001)	false
Apr 18, 2024 00:33:17.288053989 CEST	1.1.1.1	192.168.2.4	0x8e12	Server failure (2)	www.tfteleknteqd888.com	none	none	65	IN (0x0001)	false
Apr 18, 2024 00:33:18.402806044 CEST	1.1.1.1	192.168.2.4	0xb9b	No error (0)	www.tfteleknteqd888.com		121.127.245.109	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:19.018114090 CEST	1.1.1.1	192.168.2.4	0xa092	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:19.018114090 CEST	1.1.1.1	192.168.2.4	0xa092	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:20.657798052 CEST	1.1.1.1	192.168.2.4	0x3b4f	Server failure (2)	www.tfteleknteqd888.com	none	none	65	IN (0x0001)	false
Apr 18, 2024 00:33:22.768012047 CEST	1.1.1.1	192.168.2.4	0x274d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:33:22.768012047 CEST	1.1.1.1	192.168.2.4	0x274d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:34.946109056 CEST	1.1.1.1	192.168.2.4	0x5234	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:33:34.946109056 CEST	1.1.1.1	192.168.2.4	0x5234	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:33:58.325723886 CEST	1.1.1.1	192.168.2.4	0x7d55	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:33:58.325723886 CEST	1.1.1.1	192.168.2.4	0x7d55	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 18, 2024 00:34:18.666872978 CEST	1.1.1.1	192.168.2.4	0x64ef	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 18, 2024 00:34:18.666872978 CEST	1.1.1.1	192.168.2.4	0x64ef	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.xxfj168.com

https:

www.yononess.cyou

www.tfteleknteqd888.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:08 UTC	658	OUT	GET / HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:09 UTC	269	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:09 GMT Content-Type: text/html Content-Length: 78 Last-Modified: Mon, 06 Nov 2023 13:42:46 GMT Connection: close ETag: "6548ed56-4e" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:09 UTC	78	IN	Data Raw: 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 74 61 74 69 63 2f 6a 73 2f 69 74 2e 6a 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e Data Ascii: <script src="static/js/it.js" type="text/javascript" charset="utf-8"></script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:09 UTC	530	OUT	GET /static/js/it.js HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:09 UTC	378	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:09 GMT Content-Type: application/javascript Content-Length: 1201 Last-Modified: Sun, 14 Apr 2024 16:36:25 GMT Connection: close Vary: Accept-Encoding ETag: "661c0609-4b1" Expires: Thu, 18 Apr 2024 10:33:09 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:09 UTC	1201	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 22 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 22 29 3b 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 22 3c 68 74 6d 6c 3e 22 29 3b 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 22 09 3c 68 65 61 64 3e 22 29 3b 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 22 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 5c 22 75 74 66 2d 38 5c 22 3e 22 29 3b 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c 6e 28 22 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 5c 22 76 69 65 77 70 6f 72 74 5c 22 20 63 6f 6e 74 65 6e 74 3d 5c 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 5c 22 3e 22 29 3b 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 6c Data Ascii: document.writeln("<!DOCTYPE html>");document.writeln("<html>");document.writeln("<head>");document.writeln("<meta charset=\"utf-8\">");document.writeln("<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">");document.writel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	550	OUT	GET /static/css/common.css HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: text/html Content-Length: 548 Connection: close
2024-04-17 22:33:11 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	557	OUT	GET /sanling_index/spa_loader.css HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	364	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: text/css Content-Length: 3816 Last-Modified: Sun, 14 Apr 2024 03:42:02 GMT Connection: close Vary: Accept-Encoding ETag: "661b508a-ee8" Expires: Thu, 18 Apr 2024 10:33:11 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:11 UTC	3816	IN	Data Raw: 2e 73 70 61 2d 69 6e 69 74 2d 68 65 69 67 68 74 20 7b 0d 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 30 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 7d 0d 0a 0d 0a 2e 73 70 61 2d 62 6f 64 79 2d 6e 6f 73 63 72 6f 6c 6c 20 7b 0d 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 0d 0a 7d 0d 0a 0d 0a 23 73 70 61 2d 69 6e 69 74 2d 6f 76 65 72 6c 61 79 20 7b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0d 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0d 0a 20 20 6f 70 61 63 69 74 79 3a 20 30 2e 32 35 3b 0d 0a 20 20 74 6f 70 3a 20 30 70 78 Data Ascii: .spa-init-height { height: 1000px !important; overflow: hidden;}.spa-body-noscroll { overflow: hidden}#spa-init-overlay { position: fixed; width: 100%; height: 100%; background-color: #000000; opacity: 0.25; top: 0px

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	548	OUT	GET /ResourceConfig/urlConfig.json?t=1 HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	278	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: application/json Content-Length: 864 Last-Modified: Sun, 14 Apr 2024 16:30:42 GMT Connection: close ETag: "661c04b2-360" Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:11 UTC	864	IN	Data Raw: 76 61 72 20 75 72 6c 3d 7b 0d 0a 09 2f 2f e8 ae be e7 bd ae e4 bd a0 e7 9a 84 6a 61 76 61 e5 90 8e e5 8f b0 e5 9f 9f e5 90 8d ef bc 8c e7 bb 93 e5 b0 be e4 b8 8d e8 a6 81 e5 b8 a6 2f 0d 0a 09 22 73 65 72 76 69 63 65 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 6e 6f 6e 65 73 73 2e 63 79 6f 75 22 2c 0d 0a 09 2f 2f e9 98 b2 e7 ba a2 e5 bc 80 e5 85 b3 ef bc 8c e8 ae be e7 bd ae e4 b8 ba 30 e5 8f af e4 bb a5 e4 bc 98 e5 8c 96 e8 ae bf e9 97 ae e9 80 9f e5 ba a6 ef bc 8c e4 b8 8d e5 86 8d e9 99 90 e5 88 b6 e5 9c b0 e5 8c ba e8 ae bf e9 97 ae e6 ac a1 e6 95 b0 e7 ad 89 ef bc 8c e5 8f aa e6 9c 89 e5 89 a9 e6 a0 b8 e5 bf 83 e5 8a a8 e6 80 81 e9 98 b2 e7 ba a2 ef bc 8c e5 af b9 e6 95 b4 e4 bd 93 e9 98 b2 e7 ba a2 e5 bd b1 e5 93 8d e4 b8 8d e5 a4 a7 Data Ascii: var url={//java/"serviceURL":"https://www.yononess.cyou",//0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	533	OUT	GET /static/js/axios.js HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	380	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: application/javascript Content-Length: 42736 Last-Modified: Sat, 10 Nov 2018 04:07:50 GMT Connection: close Vary: Accept-Encoding ETag: "5be65996-a6f0" Expires: Thu, 18 Apr 2024 10:33:11 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:11 UTC	16004	IN	Data Raw: 2f 2a 20 61 78 69 6f 73 20 76 30 2e 31 38 2e 30 20 7c 20 28 63 29 20 32 30 31 38 20 62 79 20 4d 61 74 74 20 5a 61 62 72 69 73 6b 69 65 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 20 77 65 62 70 61 63 6b 55 6e 69 76 65 72 73 61 6c 4d 6f 64 75 6c 65 44 65 66 69 6e 69 74 69 6f 6e 28 72 6f 6f 74 2c 20 66 61 63 74 6f 72 79 29 20 7b 0a 09 69 66 28 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 20 3d 3d 3d 20 27 6f 62 6a 65 63 74 27 20 26 26 20 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 20 3d 3d 3d 20 27 6f 62 6a 65 63 74 27 29 0a 09 09 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 20 3d 20 66 61 63 74 6f 72 79 28 29 3b 0a 09 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 64 65 66 69 6e 65 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 26 26 20 64 65 66 69 6e 65 2e 61 6d 64 29 0a Data Ascii: /* axios v0.18.0 \| (c) 2018 by Matt Zabriskie */(function webpackUniversalModuleDefinition(root, factory) {if(typeof exports === 'object' && typeof module === 'object')module.exports = factory();else if(typeof define === 'function' && define.amd)
2024-04-17 22:33:11 UTC	16384	IN	Data Raw: 20 20 69 66 20 28 75 74 69 6c 73 2e 69 73 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 64 61 74 61 29 29 20 7b 0a 09 20 20 20 20 20 20 73 65 74 43 6f 6e 74 65 6e 74 54 79 70 65 49 66 55 6e 73 65 74 28 68 65 61 64 65 72 73 2c 20 27 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 29 3b 0a 09 20 20 20 20 20 20 72 65 74 75 72 6e 20 64 61 74 61 2e 74 6f 53 74 72 69 6e 67 28 29 3b 0a 09 20 20 20 20 7d 0a 09 20 20 20 20 69 66 20 28 75 74 69 6c 73 2e 69 73 4f 62 6a 65 63 74 28 64 61 74 61 29 29 20 7b 0a 09 20 20 20 20 20 20 73 65 74 43 6f 6e 74 65 6e 74 54 79 70 65 49 66 55 6e 73 65 74 28 68 65 61 64 65 72 73 2c 20 27 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e Data Ascii: if (utils.isURLSearchParams(data)) { setContentTypeIfUnset(headers, 'application/x-www-form-urlencoded;charset=utf-8'); return data.toString(); } if (utils.isObject(data)) { setContentTypeIfUnset(headers, 'application/json
2024-04-17 22:33:11 UTC	10348	IN	Data Raw: 3d 20 27 49 6e 76 61 6c 69 64 43 68 61 72 61 63 74 65 72 45 72 72 6f 72 27 3b 0a 09 0a 09 66 75 6e 63 74 69 6f 6e 20 62 74 6f 61 28 69 6e 70 75 74 29 20 7b 0a 09 20 20 76 61 72 20 73 74 72 20 3d 20 53 74 72 69 6e 67 28 69 6e 70 75 74 29 3b 0a 09 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 27 27 3b 0a 09 20 20 66 6f 72 20 28 0a 09 20 20 20 20 2f 2f 20 69 6e 69 74 69 61 6c 69 7a 65 20 72 65 73 75 6c 74 20 61 6e 64 20 63 6f 75 6e 74 65 72 0a 09 20 20 20 20 76 61 72 20 62 6c 6f 63 6b 2c 20 63 68 61 72 43 6f 64 65 2c 20 69 64 78 20 3d 20 30 2c 20 6d 61 70 20 3d 20 63 68 61 72 73 3b 0a 09 20 20 20 20 2f 2f 20 69 66 20 74 68 65 20 6e 65 78 74 20 73 74 72 20 69 6e 64 65 78 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 3a 0a 09 20 20 20 20 2f 2f 20 20 20 63 68 61 Data Ascii: = 'InvalidCharacterError';function btoa(input) { var str = String(input); var output = ''; for ( // initialize result and counter var block, charCode, idx = 0, map = chars; // if the next str index does not exist: // cha

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49741	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	537	OUT	GET /static/js/jquery-ui.js HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	378	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: application/javascript Content-Length: 1444 Last-Modified: Thu, 09 Mar 2023 07:28:18 GMT Connection: close Vary: Accept-Encoding ETag: "64098a92-5a4" Expires: Thu, 18 Apr 2024 10:33:11 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:11 UTC	1444	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 33 2e 32 20 2d 20 32 30 32 32 2d 30 37 2d 31 34 0d 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0d 0a 20 2a 20 49 6e 63 6c 75 64 65 73 3a 20 77 69 64 67 65 74 2e 6a 73 2c 20 70 6f 73 69 74 69 6f 6e 2e 6a 73 2c 20 64 61 74 61 2e 6a 73 2c 20 64 69 73 61 62 6c 65 2d 73 65 6c 65 63 74 69 6f 6e 2e 6a 73 2c 20 65 66 66 65 63 74 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 62 6c 69 6e 64 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 62 6f 75 6e 63 65 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 63 6c 69 70 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d 64 72 6f 70 2e 6a 73 2c 20 65 66 66 65 63 74 73 2f 65 66 66 65 63 74 2d Data Ascii: /! jQuery UI - v1.13.2 - 2022-07-14 http://jqueryui.com * Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49740	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	545	OUT	GET /static/js/ResourceRedConfig.js HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:11 UTC	380	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Type: application/javascript Content-Length: 13114 Last-Modified: Sun, 14 Apr 2024 16:54:08 GMT Connection: close Vary: Accept-Encoding ETag: "661c0a30-333a" Expires: Thu, 18 Apr 2024 10:33:11 GMT Cache-Control: max-age=43200 Strict-Transport-Security: max-age=31536000 Accept-Ranges: bytes
2024-04-17 22:33:11 UTC	13114	IN	Data Raw: 69 66 20 28 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 77 65 62 64 72 69 76 65 72 20 3d 3d 20 66 61 6c 73 65 29 20 7b 0a 0a 09 76 61 72 20 74 6f 6b 65 6e 20 3d 20 22 32 65 30 33 61 33 62 33 61 36 31 39 37 31 62 64 33 37 35 61 61 63 34 33 66 63 66 36 31 36 63 64 22 3b 0a 0a 09 69 66 20 28 75 72 6c 2e 72 65 64 53 77 69 74 63 68 20 3e 20 30 29 20 7b 0a 09 09 69 66 20 28 2f 47 6f 6f 67 6c 65 62 6f 74 5c 2f 7c 47 6f 6f 67 6c 65 62 6f 74 2d 4d 6f 62 69 6c 65 7c 47 6f 6f 67 6c 65 62 6f 74 2d 49 6d 61 67 65 7c 47 6f 6f 67 6c 65 62 6f 74 2d 4e 65 77 73 7c 47 6f 6f 67 6c 65 62 6f 74 2d 56 69 64 65 6f 7c 41 64 73 42 6f 74 2d 47 6f 6f 67 6c 65 28 5b 5e 2d 5d 7c 24 29 7c 41 64 73 42 6f 74 2d 47 6f 6f 67 6c 65 2d 4d 6f 62 69 6c 65 7c 46 65 65 64 66 65 74 63 68 Data Ascii: if (window.navigator.webdriver == false) {var token = "2e03a3b3a61971bd375aac43fcf616cd";if (url.redSwitch > 0) {if (/Googlebot\/\|Googlebot-Mobile\|Googlebot-Image\|Googlebot-News\|Googlebot-Video\|AdsBot-Google([^-]\|$)\|AdsBot-Google-Mobile\|Feedfetch

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:33:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=30668 Date: Wed, 17 Apr 2024 22:33:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49747	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-17 22:33:11 UTC	804	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=30605 Date: Wed, 17 Apr 2024 22:33:11 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-17 22:33:11 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49748	103.158.37.203	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:12 UTC	586	OUT	GET /favicon.ico HTTP/1.1 Host: www.xxfj168.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:12 UTC	143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 17 Apr 2024 22:33:12 GMT Content-Type: text/html Content-Length: 548 Connection: close
2024-04-17 22:33:12 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	134.122.205.226	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:12 UTC	517	OUT	OPTIONS /click/queryIpClick HTTP/1.1 Host: www.yononess.cyou Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: sink,sinks Origin: https://www.xxfj168.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:13 UTC	300	IN	HTTP/1.1 200 Server: nginx Date: Wed, 17 Apr 2024 22:33:13 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	134.122.205.226	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:13 UTC	618	OUT	GET /click/queryIpClick HTTP/1.1 Host: www.yononess.cyou Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sinks: 2 sec-ch-ua-mobile: ?0 sink: ITPOST2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://www.xxfj168.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:14 UTC	364	IN	HTTP/1.1 200 Server: nginx Date: Wed, 17 Apr 2024 22:33:14 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers X-Cache: MISS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49752	121.127.245.109	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:15 UTC	515	OUT	OPTIONS //index.php HTTP/1.1 Host: www.tfteleknteqd888.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: sink,sinks Origin: https://www.xxfj168.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:16 UTC	570	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: https://www.xxfj168.com Access-Control-Allow-Headers: HTTP_X_REQUESTED_WITH,X-Requested-With,X_Requested_With,Content-Type,ClientVersion,Authorization,Version, Token, Origin,Accept,DNT,X-Mx-ReqToken,sink,sinks Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000
2024-04-17 22:33:16 UTC	391	IN	Data Raw: 31 37 62 0d 0a 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 61 73 6e 22 3a 32 31 32 32 33 38 2c 22 63 69 74 79 22 3a 22 4d 61 72 69 65 74 74 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 34 2e 30 34 31 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 34 2e 35 30 35 33 2c 22 6d 65 74 72 6f 5f 63 6f 64 65 22 3a 35 32 34 2c 22 6e 65 74 77 6f 72 6b 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 30 2f 32 34 22 2c 22 Data Ascii: 17b{"code":0,"data":{"asn":212238,"city":"Marietta","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","ip":"81.181.57.52","latitude":34.0414,"longitude":-84.5053,"metro_code":524,"network":"81.181.57.0/24","

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49753	134.122.205.226	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:16 UTC	359	OUT	GET /click/queryIpClick HTTP/1.1 Host: www.yononess.cyou Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:16 UTC	349	IN	HTTP/1.1 404 Server: nginx Date: Wed, 17 Apr 2024 22:33:16 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49754	121.127.245.109	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:17 UTC	616	OUT	GET //index.php HTTP/1.1 Host: www.tfteleknteqd888.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / sinks: 2 sec-ch-ua-mobile: ?0 sink: ITPOST2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://www.xxfj168.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.xxfj168.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:18 UTC	570	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: https://www.xxfj168.com Access-Control-Allow-Headers: HTTP_X_REQUESTED_WITH,X-Requested-With,X_Requested_With,Content-Type,ClientVersion,Authorization,Version, Token, Origin,Accept,DNT,X-Mx-ReqToken,sink,sinks Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000
2024-04-17 22:33:18 UTC	391	IN	Data Raw: 31 37 62 0d 0a 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 61 73 6e 22 3a 32 31 32 32 33 38 2c 22 63 69 74 79 22 3a 22 4d 61 72 69 65 74 74 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 34 2e 30 34 31 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 34 2e 35 30 35 33 2c 22 6d 65 74 72 6f 5f 63 6f 64 65 22 3a 35 32 34 2c 22 6e 65 74 77 6f 72 6b 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 30 2f 32 34 22 2c 22 Data Ascii: 17b{"code":0,"data":{"asn":212238,"city":"Marietta","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","ip":"81.181.57.52","latitude":34.0414,"longitude":-84.5053,"metro_code":524,"network":"81.181.57.0/24","

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49755	134.122.205.226	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:18 UTC	538	OUT	GET /websocket/2e03a3b3a61971bd375aac43fcf616cd HTTP/1.1 Host: www.yononess.cyou Connection: Upgrade Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Upgrade: websocket Origin: https://www.xxfj168.com Sec-WebSocket-Version: 13 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Sec-WebSocket-Key: kKXEQv7NDBf+IVtZFTOBfw== Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
2024-04-17 22:33:19 UTC	349	IN	HTTP/1.1 404 Server: nginx Date: Wed, 17 Apr 2024 22:33:19 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49757	121.127.245.109	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-17 22:33:19 UTC	357	OUT	GET //index.php HTTP/1.1 Host: www.tfteleknteqd888.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-17 22:33:19 UTC	547	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 17 Apr 2024 22:33:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: Access-Control-Allow-Headers: HTTP_X_REQUESTED_WITH,X-Requested-With,X_Requested_With,Content-Type,ClientVersion,Authorization,Version, Token, Origin,Accept,DNT,X-Mx-ReqToken,sink,sinks Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000
2024-04-17 22:33:19 UTC	391	IN	Data Raw: 31 37 62 0d 0a 7b 22 63 6f 64 65 22 3a 30 2c 22 64 61 74 61 22 3a 7b 22 61 73 6e 22 3a 32 31 32 32 33 38 2c 22 63 69 74 79 22 3a 22 4d 61 72 69 65 74 74 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 69 70 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 34 2e 30 34 31 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 38 34 2e 35 30 35 33 2c 22 6d 65 74 72 6f 5f 63 6f 64 65 22 3a 35 32 34 2c 22 6e 65 74 77 6f 72 6b 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 30 2f 32 34 22 2c 22 Data Ascii: 17b{"code":0,"data":{"asn":212238,"city":"Marietta","continent":"North America","continent_code":"NA","country":"United States","country_code":"US","ip":"81.181.57.52","latitude":34.0414,"longitude":-84.5053,"metro_code":524,"network":"81.181.57.0/24","

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3272, Parent PID: 6064

General

Target ID:	0
Start time:	00:33:01
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4504, Parent PID: 3272

General

Target ID:	2
Start time:	00:33:03
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2208,i,14988252462584480448,9839023817784272560,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6404, Parent PID: 6064

General

Target ID:	3
Start time:	00:33:07
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.xxfj168.com/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.xxfj168.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3272, Parent PID: 6064

General

Windows Analysis Report
https://www.xxfj168.com/