Edit tour

Windows Analysis Report
https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U

Overview

General Information

Sample URL:	https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ
Analysis ID:	1428404
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,7235554893301753609,8371469218369999470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216

Source: global traffic	HTTP traffic detected: GET /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/style.css?v=14 HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/prove.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/enter_captcha_text.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/proceed_button.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/prove.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/enter_captcha_text.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /img/proceed_button.png HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n5aMMmRX8OBdL8b&MD=NASDykN5 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfv0eHCnLomrwdFDDXd9sXJ1TPrczyXqV7gQRxYYM33TA%2BpV/CpxFaWNXrbaoUL3srUWjWBLyLBmZGmhOarf3rmV4NGixLOmIUPBvAzEXFIU6DRcziU8BWHjpNRPUUhofj/ciJ7nfNm0hNLXvvTKuIzn5Cb2ay8KIaUpqRZFS9z2q1h/4LUYQuvX63E3gHZFheLGhuk4Am48e9auz1RXWuBw6lI9b7SgcZQ6d1LKKzYaZhip4phKoUhyQ6bKqLaj/QwLtZUb9BjUGpFsHPIw07dpRzFqCqI8iUF7ibop7Wmh5t5DAl%2BaCnwiObmBlEtp1XTEvojNHkkkgtH8FWcvBAcDZgAACG4GLfaCtw9yqAHy7JV45z/lNRzsn7fkHC/sqrx18d/vdM0WXod/JU2Aog8D38OVN8pqqCovkfp%2BCWrAXHhqdw4LVZMvZsLycMfi5s8ttXLKPbbslcaSAdT%2B0k0OkqJnTIn6WWG49fFyzRVcpPhqXpQerZ75rwpJ%2BJsxlb1erRYhvEfu2ILYhqUQa3RWwjBWv6anEEPYkDfqSFnx3q6w5XdheGXELbgMXtmvGS1H2tE2vfJCwDlaLNIqh4H0uTvLgKjxeMM9nSag4tD98QP2%2BEAFaX30UgLeoXaCp/gUZwl%2BVhYLqOncczyNyTIcsYdOCFCGHGqpNdUHAeUTfAu3PqYkA9zo5ihlZLElpt9%2BI%2B/Uf75hjqGaFTcow/Nl0Zi5b4IF1MN3aX7bMVE43vWuo9K2EBva%2BT1Zgx/GV0MPD25j%2BXPG2SWP/vNIb%2BHQNkR005FffrMSzpmAaiqOHBELzigxSVT/MpR1hZroJA//Z4boEilliRU/xRFWeenEvO7raZ9sxexinRfq1MJ9/U37j775mTlX2crr727tA4paHYwosNUaULqZm/REACuhqXJTVSAG2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713471162User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: E8E11580235E4AEDB4EF5ED933B377ACX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /captchaImageSource.php HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n5aMMmRX8OBdL8b&MD=NASDykN5 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: tnxqbx.vaptt.log.br

Source: unknown

HTTP traffic detected: POST /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1Host: tnxqbx.vaptt.log.brConnection: keep-aliveContent-Length: 41Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://tnxqbx.vaptt.log.brContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.6:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.200:443 -> 192.168.2.17:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49752 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@14/19@6/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,7235554893301753609,8371469218369999470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,7235554893301753609,8371469218369999470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.253.124.106	true	false		high
tnxqbx.vaptt.log.br	216.172.172.52	true	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=	false	unknown
https://tnxqbx.vaptt.log.br/img/enter_captcha_text.png	false	unknown
https://tnxqbx.vaptt.log.br/assets/css/style.css?v=14	false	unknown
https://tnxqbx.vaptt.log.br/favicon.ico	false	unknown
https://tnxqbx.vaptt.log.br/captchaImageSource.php	false	unknown
https://tnxqbx.vaptt.log.br/img/prove.png	false	unknown
https://tnxqbx.vaptt.log.br/img/proceed_button.png	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.172.172.52	tnxqbx.vaptt.log.br	United States	46606	UNIFIEDLAYER-AS-1US	false
172.253.124.106	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.13
192.168.2.14
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428404
Start date and time:	2024-04-18 22:11:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@14/19@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.124.94, 172.253.124.138, 172.253.124.101, 172.253.124.113, 172.253.124.139, 172.253.124.100, 172.253.124.102, 142.250.9.84, 34.104.35.123, 142.250.105.95, 173.194.219.95, 74.125.138.95, 172.217.215.95, 142.251.15.95, 64.233.177.95, 64.233.176.95, 74.125.136.95, 172.253.124.95, 64.233.185.95, 142.250.9.95, 172.217.215.138, 172.217.215.101, 172.217.215.102, 172.217.215.100, 172.217.215.113, 172.217.215.139, 192.229.211.108, 142.251.15.102, 142.251.15.100, 142.251.15.138, 142.251.15.113, 142.251.15.101, 142.251.15.139, 64.233.176.113, 64.233.176.138, 64.233.176.139, 64.233.176.102, 64.233.176.100, 64.233.176.101, 108.177.122.94
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, ocsp.digicert.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:12:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.000695906809316
Encrypted:	false
SSDEEP:	48:8jgTdkTN7azH4CidAKZdA1JehwiZUklqehqy+3:8MGUkM9y
MD5:	A6B93FB151FDB0AE86E0C2A8EB014F57
SHA1:	BC0562FD2104C0DC1E996593F90A3CD8C84DC8EF
SHA-256:	6E9802A10BF29E0DC75B9F7C2C8A12B0F8F7AA2776E894019755215714FD264E
SHA-512:	3F9603E0A72752EC0C71BC2C1DC8C76C27307E721B2BB5E74A8C0A78CA7F1B97E7C4591EA321337F2682449BF635558209417CA4585DD7F763CB711B147E7984
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:12:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.019278918499257
Encrypted:	false
SSDEEP:	48:8CgTdkTN7azH4CidAKZdA10eh/iZUkAQkqehty+2:8lGUku9QAy
MD5:	D42DF6BD8CACDD712C7FC8FC0064C631
SHA1:	2EC677260055B4FBD07AEC6472D6E2F324D5E50D
SHA-256:	E295121BBA7E237926698B4696A35FF04FFD8AD874E2AD95B19CFE42469E5C75
SHA-512:	EF03A57D107FC03E5E90941906C3BCBAAB5FB1E1A65B826120B3363D3C4EB8F2CF8F4CEAC7DB5A6C20E88D5BE5FFDD3176400BF601657A33A53BB64F831F1E96
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.022844728801668
Encrypted:	false
SSDEEP:	48:8eTdkTN7ajH4CidAKZdA14tIeh7sFiZUkmgqeh7s7y+BX:8eGUUmnBy
MD5:	BC56B927F7E832F72ABE7EF00DE82127
SHA1:	BB7E5FBA240DAF0BE000F831E4504BEF3B43F44E
SHA-256:	14EBF6AEE43664CA14D223FB5AFA91B833BBE814426DE508CEE4C18D8BB4D830
SHA-512:	BA28EE3E720AFA65713609ADBD896F8E8AF13279B39EB2E5A047DE78ED5CF7AA65F90EFF6B34BCF33961979C5E9F1AA2A0C80B061DA1336D6D7838163DBC1E14
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:12:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.01491677052738
Encrypted:	false
SSDEEP:	48:8CgTdkTN7azH4CidAKZdA1behDiZUkwqehpy+R:8lGUklDy
MD5:	D815C3DF9229C5FA03A2E6D095EB485E
SHA1:	58950B683105D1A4CFCE6DE0011B21C95A4BE643
SHA-256:	7C281FA5F45B33B38E075C836A18B50722C8D8ACFECF24DB61D53B154AC38AC1
SHA-512:	B570A8D1B2BC7C537AEC096D5D944299FBB3258782427C0143D15BB536868575CEB99F113995E1C15A856669D507DAD2B638CB0E72FC8596AF2F80042536C67E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:12:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0030029808903915
Encrypted:	false
SSDEEP:	48:8ngTdkTN7azH4CidAKZdA1VehBiZUk1W1qeh/y+C:8gGUk19fy
MD5:	3FAEE40E07A9ADB2C98E2FF75D3F0A65
SHA1:	D2349280EC4DC0E0D6DB6DAB7A6C68F418F49FB0
SHA-256:	46A2E16ED6C29541F408E939B04CB29EE86073436ECBC8FB8BB12577D21685AD
SHA-512:	06B62E6C479FB6249E5F101E6C2BDBD7ACD010723F00E24FCC3724D368E87D34CB41823F5D1AEBC14E602E24B1D7233B8DA57BD37FCFFA8E6F8CEEEC3A97F95E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 19:12:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.01464018710772
Encrypted:	false
SSDEEP:	48:8OgTdkTN7azH4CidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbBy+yT+:8RGUkVTTTbxWOvTbBy7T
MD5:	BF09AC79F5A37ABFAAFE8EEEFE203161
SHA1:	2D9910591B2CF437C94CBD30F8CB51C958915D15
SHA-256:	F4578B6F80985DA1208E710DF5F4450B1008D063AC38A8618EE94DC4F3809C78
SHA-512:	9F01EF02BB34DBF6B8273DE1B16342CE94F3CDA3E629157B59E274645BE2C81757502518D72B7EEEADC904A4A1B0A48753096B53113CD8112FCAEF47A0D14FDB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....H..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........1........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:HycMK:S9K
MD5:	F20C48603763A982D7F6B2C8830F01AD
SHA1:	DEA4D0A2ABFADDA68DB41B134271C3A4A84475F7
SHA-256:	C91C7EEE4E89FF52C17776184F3134DB98F2C1C8A9AFB98F0D5E0A9EC7D6BC43
SHA-512:	7BFDED2053A938E532B5FC31D18FB3023BC8DC8A22D64ACAF4B39B45C94F3763D76C9030053EBEBBFA7F9152EBDF9663126062C7327AEB84B4F87EAB4C3E8E2D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAksNfQ6i5ChGRIFDczKJGA=?alt=proto
Preview:	CgkKBw3MyiRgGgA=

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	952
Entropy (8bit):	7.653006656777726
Encrypted:	false
SSDEEP:	24:DUR4BBPn71uE0xaKmAuEKpAmuy25imf3rBpkzOQKvn:DURiBfRMZKpFO5DfVpUhK/
MD5:	65B771C46B0ACAAE555F6A17E501D834
SHA1:	9217C618CC597F0FED631BBC74DB2260E652BB0A
SHA-256:	275BEDB3E4EDC5764E831DDF8106B719010E5B7991D9DB778BF3C2A1284E3C6E
SHA-512:	783E80579F905DC029ED7ACEDF062B7C83F6402519B853AC5FF2A41CA8AE7B3EA1E831D8631E606C46CA29B4C24056A5435C74EEAD157249C9E7710231887CB0
Malicious:	false
Reputation:	low
URL:	https://tnxqbx.vaptt.log.br/img/enter_captcha_text.png
Preview:	.PNG........IHDR...............ed....sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^.X..0....1z..j..........C;..#.v.s...cbx@.S.....P....:....15....O.\|Zk....G......]..8..:iv.....k.-..H..=..gy..N@...).a[..@........[Xb..........,[...<....5.!..P.4.M...3.'.h~..xa.....f<.e......._.p.{..8..yV.............t....V7.G..Pz..G...k....y...?...h.O..k.........}.p..a-.s.@A..Z.X1Z....G4.\..j.^...o..jX.H..].F....?.H.;.....{..F.......2>...y..r...u.Q.s....u)s.u.....lS..^..2.m....sF/....@..(..I"...T.&E...#....`AX...;.Lw.....w..>^.h.P.&.!..1bt.mC".`.&b.C...T@...l...P.y....@.........E.4.C>......v....Q{E].Zx.k......^...\|aD.....s..F..jR>7<......'.....Z....$..P.g..U.e ..q.i..6..j.....Q..*\|. .4.<......5.`..^S"..h..\|@d.K.......P0x.5V.....v@a~6.^.m.^..@nB'~8..Y. .......C'..F.Z.f...w.w..a.7K.N.J.2!1D...i..JO...p-.];...F....F..k."......Z7....K...j@..;D......../......Kx@.S.....P....:&F...v...J.w....IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1433
Entropy (8bit):	4.7213378643499935
Encrypted:	false
SSDEEP:	24:U9KL8SvTdJYF0Z+AluGDXeOFU9sYLdFUShCYhsox9o+IYxc4TZgFgCKqyp9eT:UA8uyF0Z+qDuqpKFUAhsog+IyAFko
MD5:	8E649F7D63D8E0B4831190B16B618C38
SHA1:	B03BCDA706720DF86970FB6C93091399BBE358D4
SHA-256:	E524AC5A41F4658D6A5D958F9B09DF9CAFC3D9101672ABAE483065BF3D61D05B
SHA-512:	74066E6C0E651C6C7B216605AC29C8D83F0BC21EEEB9CA977980D64A1A558E6A1BAA0F0DE60842A90D7316513C7A89A14E4E50F5DBD771FF08FFEC83CA91567D
Malicious:	false
Reputation:	low
URL:	https://tnxqbx.vaptt.log.br/assets/css/style.css?v=14
Preview:	body {. font-family: arial;. max-width: 610px;. font-size: 0.95em;. color: #232323;.}..demo-error {. color:#FF0000;. font-size: 0.95em;.}..demo-input {. width: 100%;. border-radius: 5px;. border: #CCC 1px solid;. padding: 12px;. margin-top: 5px;.}..demo-btn img{. width: 100%;. cursor: pointer;. margin-top: 4px;. max-width: 150px;. margin: 0 auto;. font-family: cursive;. font-size: 18px;.}.button.demo-btn {. border: none !important;. background: transparent;. margin: 0;.}..demo-table {. border-radius: 0;. padding: 10px;. border: #1A9CA1 1px solid;.}..demo-success {. margin-top: 5px;. color: #478347;. background: #e2ead1;. padding: 10px;. border-radius: 5px;.}...div-main {. position: absolute;. left: 50%;. top: 50%;. border-radius: 0;. padding: 20px;. transform: translate(-50%, -50%);. box-shadow: 0px 0px 9px 2px #1A9CA1;.}..div-main .image img {. width: 400px;. margin: 30px

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 151 x 54, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3295
Entropy (8bit):	7.917520117844282
Encrypted:	false
SSDEEP:	96:AIxE3gFKFGZZ+OL4H6URXlXo1nOnZl2yFYDMD:AshKMaOL4HJVX+On3iMD
MD5:	D571E2186D680501B31A1AB0E84FBF9E
SHA1:	226661125A4B67F3E374303487E72E63FB759437
SHA-256:	CB661B9F603308C67D4709BC1A5BA98F217EA0B67F07B637FDA739823A588A80
SHA-512:	E49DC55433E55EE31E664DFDBFAF9001E550B0F7B87F1B818A74DBEB42643F7F984AF046AC54B6C3AAE5B8DEB3DC27EDC0603FAEFD29648627DB321183F10B6F
Malicious:	false
Reputation:	low
URL:	https://tnxqbx.vaptt.log.br/img/proceed_button.png
Preview:	.PNG........IHDR.......6........2....sRGB.........gAMA......a.....pHYs..........o.d...tIDATx^.].WU...WD.Q.h.&.4.f.i.X...j.c..5j.L.RL.....&..g....QC..dV@P.I.QQQA.A.eh.~.>.^....<.:o..{.>..;..~{......~BcS.....&477.....F446h}e.dk.GH[G........G#..k...T.i.d.!.D....IG.![#......_.c.f..._.c.f..._.c.v$/.YE',.\.-...W...1..HBF.1.....x..6f....].a.1.u..../.AiY.Fz.....J1..\...>........1H....5..?.Lz..[.f..a........z...N.<k..................Y.2..4...mC>c..l..&...ek.7....&.Y...\..d...Y.u..6..[.g.LC..C....-..V..0.1.Tl[[O.mAo.@8o.'.yc...8...4.....a.5.#....C....}.m..#.c{g.f........;.7.w.kf........#.c{g.f....o.....w5....r..-F..6...........b:.....s.d8....._@.SP.Z..i.......p.2o.z..i!.I'....y./.....9i$..$.Q.R.&h.....M.Q..$.J....Sr).R...I..\..V.2.K.E..MZ...YmY..rV..8....6.5..s.X.V)..BH...`.\..va..6.\v...!x%<..S...#..=...r....}.V.\v..B..mv...,..jl+,...`...6...,.~.F..0lg(6.. ..9.I=...S...{....`........@...'..O..-....W..../..`... ....'I..W.W.............6i.Q..y.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 508 x 38, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2657
Entropy (8bit):	7.802680808206363
Encrypted:	false
SSDEEP:	48:lrrrraVmfFwk5guMv6sAnI43TAFBYJAelOXo3/XbPdwNizl8wVLjIrrrt:ym+RgFDAQ8Xa/BAiQ
MD5:	F3619845D25CDAE1C75662C74EB6686E
SHA1:	78DE0EFC33DF38BDBFF5DB74C0BB909A5F3E9C2C
SHA-256:	46681720E817891818E1D77D60B9E80E57903A61ABE3744E572655F684E9BA2B
SHA-512:	245784E1EF60B84C2E884A3CDAB8CEC6A821ADE4FCB14BC8B3D922F8FBC279F0F585FF4C753E9A4002F64D1510134C25BC69BDAA406428423DC3DFF156FC89CB
Malicious:	false
Reputation:	low
URL:	https://tnxqbx.vaptt.log.br/img/prove.png
Preview:	.PNG........IHDR.......&.....!.).....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.m.9.D.K.I-)%....Z\|...0..JZ.........D..U\|.OO..RJ..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...._.>}...?{.\|.x..\|........7...u=...\|.........................K$..}T.......5.\|.V.y...wDk.....y...s_...c.[.....h.{.g...DI~j:g.+....'.{._e......:..:0j.........a....S.@<A:.b.3..h.M.h.....a.o...~o....P.....#.1r{...h..\...<s..6.A........U.j..iO.....EE...+.h..<z...4......S...os..N.g._.h...(.%..........p.....usM.x.O.<.G?N.._RW./u.W..h...>n.BH~0...o2.]....~..s.O..~.N5.Gs.o}F.M<t.R.......!....U.`*^Zs%...8G.....p2.).DZ....Q...T...{.\o:.:...s..}.iH...?kn......0.(b]..k...&].....G..{?.L.....IzG..}....r.....@.=L.K.:aL.i....g.Tc.Z.<..c....khOj...\|V..{.9_+qEc.e...E....4..S....\...<......i>....>.q.....Td7..~D.(.7....x.4~..4..q'.....Ec{.j....LF.<w..t.....i2.....s2.....p\W.)..Q.U.V.s..7'c^..Y.XW.R.U...}w:..+-W..}.\|Vh\...~.=......k......V..

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 25, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	952
Entropy (8bit):	7.653006656777726
Encrypted:	false
SSDEEP:	24:DUR4BBPn71uE0xaKmAuEKpAmuy25imf3rBpkzOQKvn:DURiBfRMZKpFO5DfVpUhK/
MD5:	65B771C46B0ACAAE555F6A17E501D834
SHA1:	9217C618CC597F0FED631BBC74DB2260E652BB0A
SHA-256:	275BEDB3E4EDC5764E831DDF8106B719010E5B7991D9DB778BF3C2A1284E3C6E
SHA-512:	783E80579F905DC029ED7ACEDF062B7C83F6402519B853AC5FF2A41CA8AE7B3EA1E831D8631E606C46CA29B4C24056A5435C74EEAD157249C9E7710231887CB0
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ed....sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^.X..0....1z..j..........C;..#.v.s...cbx@.S.....P....:....15....O.\|Zk....G......]..8..:iv.....k.-..H..=..gy..N@...).a[..@........[Xb..........,[...<....5.!..P.4.M...3.'.h~..xa.....f<.e......._.p.{..8..yV.............t....V7.G..Pz..G...k....y...?...h.O..k.........}.p..a-.s.@A..Z.X1Z....G4.\..j.^...o..jX.H..].F....?.H.;.....{..F.......2>...y..r...u.Q.s....u)s.u.....lS..^..2.m....sF/....@..(..I"...T.&E...#....`AX...;.Lw.....w..>^.h.P.&.!..1bt.mC".`.&b.C...T@...l...P.y....@.........E.4.C>......v....Q{E].Zx.k......^...\|aD.....s..F..jR>7<......'.....Z....$..P.g..U.e ..q.i..6..j.....Q..*\|. .4.<......5.`..^S"..h..\|@d.K.......P0x.5V.....v@a~6.^.m.^..@nB'~8..Y. .......C'..F.Z.f...w.w..a.7K.N.J.2!1D...i..JO...p-.];...F....F..k."......Z7....K...j@..;D......../......Kx@.S.....P....:&F...v...J.w....IEND.B`.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 508 x 38, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2657
Entropy (8bit):	7.802680808206363
Encrypted:	false
SSDEEP:	48:lrrrraVmfFwk5guMv6sAnI43TAFBYJAelOXo3/XbPdwNizl8wVLjIrrrt:ym+RgFDAQ8Xa/BAiQ
MD5:	F3619845D25CDAE1C75662C74EB6686E
SHA1:	78DE0EFC33DF38BDBFF5DB74C0BB909A5F3E9C2C
SHA-256:	46681720E817891818E1D77D60B9E80E57903A61ABE3744E572655F684E9BA2B
SHA-512:	245784E1EF60B84C2E884A3CDAB8CEC6A821ADE4FCB14BC8B3D922F8FBC279F0F585FF4C753E9A4002F64D1510134C25BC69BDAA406428423DC3DFF156FC89CB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......&.....!.).....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.m.9.D.K.I-)%....Z\|...0..JZ.........D..U\|.OO..RJ..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...R..._J)..^...._.>}...?{.\|.x..\|........7...u=...\|.........................K$..}T.......5.\|.V.y...wDk.....y...s_...c.[.....h.{.g...DI~j:g.+....'.{._e......:..:0j.........a....S.@<A:.b.3..h.M.h.....a.o...~o....P.....#.1r{...h..\...<s..6.A........U.j..iO.....EE...+.h..<z...4......S...os..N.g._.h...(.%..........p.....usM.x.O.<.G?N.._RW./u.W..h...>n.BH~0...o2.]....~..s.O..~.N5.Gs.o}F.M<t.R.......!....U.`*^Zs%...8G.....p2.).DZ....Q...T...{.\o:.:...s..}.iH...?kn......0.(b]..k...&].....G..{?.L.....IzG..}....r.....@.=L.K.:aL.i....g.Tc.Z.<..c....khOj...\|V..{.9_+qEc.e...E....4..S....\...<......i>....>.q.....Td7..~D.(.7....x.4~..4..q'.....Ec{.j....LF.<w..t.....i2.....s2.....p\W.)..Q.U.V.s..7'c^..Y.XW.R.U...}w:..+-W..}.\|Vh\...~.=......k......V..

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 151 x 54, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3295
Entropy (8bit):	7.917520117844282
Encrypted:	false
SSDEEP:	96:AIxE3gFKFGZZ+OL4H6URXlXo1nOnZl2yFYDMD:AshKMaOL4HJVX+On3iMD
MD5:	D571E2186D680501B31A1AB0E84FBF9E
SHA1:	226661125A4B67F3E374303487E72E63FB759437
SHA-256:	CB661B9F603308C67D4709BC1A5BA98F217EA0B67F07B637FDA739823A588A80
SHA-512:	E49DC55433E55EE31E664DFDBFAF9001E550B0F7B87F1B818A74DBEB42643F7F984AF046AC54B6C3AAE5B8DEB3DC27EDC0603FAEFD29648627DB321183F10B6F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......6........2....sRGB.........gAMA......a.....pHYs..........o.d...tIDATx^.].WU...WD.Q.h.&.4.f.i.X...j.c..5j.L.RL.....&..g....QC..dV@P.I.QQQA.A.eh.~.>.^....<.:o..{.>..;..~{......~BcS.....&477.....F446h}e.dk.GH[G........G#..k...T.i.d.!.D....IG.![#......_.c.f..._.c.f..._.c.v$/.YE',.\.-...W...1..HBF.1.....x..6f....].a.1.u..../.AiY.Fz.....J1..\...>........1H....5..?.Lz..[.f..a........z...N.<k..................Y.2..4...mC>c..l..&...ek.7....&.Y...\..d...Y.u..6..[.g.LC..C....-..V..0.1.Tl[[O.mAo.@8o.'.yc...8...4.....a.5.#....C....}.m..#.c{g.f........;.7.w.kf........#.c{g.f....o.....w5....r..-F..6...........b:.....s.d8....._@.SP.Z..i.......p.2o.z..i!.I'....y./.....9i$..$.Q.R.&h.....M.Q..$.J....Sr).R...I..\..V.2.K.E..MZ...YmY..rV..8....6.5..s.X.V)..BH...`.\..va..6.\v...!x%<..S...#..=...r....}.V.\v..B..mv...,..jl+,...`...6...,.~.F..0lg(6.. ..9.I=...S...{....`........@...'..O..-....W..../..`... ....'I..W.W.............6i.Q..y.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 22:12:14.809314966 CEST	49678	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:14.809341908 CEST	49676	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:14.809511900 CEST	49677	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:15.956993103 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:15.957058907 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:15.957227945 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:15.957612038 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:15.957628012 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.177860975 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.178749084 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.178774118 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.179837942 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.179958105 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.180963993 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.181055069 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.181216955 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.181225061 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.224323034 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.405199051 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.405261040 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.405314922 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.405328989 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.405421972 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.405486107 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.406095982 CEST	49708	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.406107903 CEST	443	49708	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.425750971 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.425795078 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.425868034 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.426130056 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.426142931 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.428693056 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.428718090 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.428781986 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.428977013 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429008961 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.429063082 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429195881 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429208040 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.429272890 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429630995 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429639101 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.429691076 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429944038 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.429958105 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.430105925 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.430125952 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.430253983 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.430267096 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.430394888 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.430404902 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.642354012 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.642699957 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.642731905 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.643229961 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.643656969 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.643738031 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.643878937 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.646378040 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.646596909 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.646626949 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.647738934 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.647813082 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.647933960 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.648154974 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.648296118 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.648318052 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.648333073 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.648420095 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.648433924 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.649385929 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.649446964 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.649741888 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.649835110 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.649863958 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.652195930 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.652435064 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.652451038 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.652796030 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.653079033 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.653136969 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.653208017 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.654485941 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.654758930 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.654766083 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.658351898 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.658427000 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.658766031 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.658864975 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.658921957 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.658930063 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.684165001 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.692161083 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.696139097 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.702301979 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.702321053 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.702322960 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.702337027 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.750438929 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.859448910 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.859530926 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.859661102 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.859736919 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.859788895 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.860913038 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.860933065 CEST	443	49709	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.860955000 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.861000061 CEST	49709	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.864249945 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.864267111 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.864352942 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.864384890 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.865298986 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.865379095 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.865497112 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.865685940 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.865746021 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.866353035 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.866377115 CEST	443	49711	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.866391897 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.866436005 CEST	49711	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.868110895 CEST	49712	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.868134022 CEST	443	49712	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.868411064 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.868454933 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.868515015 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.868531942 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.868545055 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.868623972 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.870560884 CEST	49713	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.870570898 CEST	443	49713	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.873790979 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.874166012 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.874277115 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.874358892 CEST	49710	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.874366045 CEST	443	49710	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.916399956 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.916471004 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:16.916587114 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.916870117 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:16.916882992 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.131664038 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.132029057 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.132055044 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.132374048 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.132688046 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.132756948 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.132940054 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.175729036 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.175772905 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.175879002 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.175966978 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176000118 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.176064014 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176158905 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176183939 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.176270962 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176333904 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176376104 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.176438093 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176704884 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176724911 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.176918030 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.176929951 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.177112103 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.177124023 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.177314997 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.177330971 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.180119991 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.358473063 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.358563900 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.358665943 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.358692884 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.359272957 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.359318018 CEST	443	49714	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.359405994 CEST	49714	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.362122059 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.362173080 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.362270117 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.362525940 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.362540960 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.394480944 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.394824982 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.394889116 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.395160913 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.395347118 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.395371914 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.396033049 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.396174908 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.396414042 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.396488905 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.396572113 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.396591902 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.396876097 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.396941900 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.397176027 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.397268057 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.397269964 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.398540020 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.398741961 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.398767948 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.402523041 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.402647972 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.402713060 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.402879953 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.402997017 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.403014898 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.403053045 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.403090000 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.407371998 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.407468081 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.407706976 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.407872915 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.407907009 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.444116116 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.446304083 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.446319103 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.446435928 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.446468115 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.446492910 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.462348938 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.462367058 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.494694948 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.494700909 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.510332108 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.581038952 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.581516027 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.581543922 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.582545996 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.582612038 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.583089113 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.583162069 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.583379984 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.583396912 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.609299898 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.609472036 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.609559059 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.610188961 CEST	49717	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.610208988 CEST	443	49717	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.610729933 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.610754013 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.610820055 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.610841036 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.611918926 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.611982107 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.612437963 CEST	49719	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.612447977 CEST	443	49719	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.612524033 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.612556934 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.612606049 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.612632036 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.612668037 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.612963915 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.613032103 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.613069057 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.614183903 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.614193916 CEST	443	49718	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.614206076 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.614240885 CEST	49718	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.623337030 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.623455048 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.623518944 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.623816967 CEST	49720	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.623835087 CEST	443	49720	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.638300896 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.824457884 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.824486017 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.824549913 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.824567080 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.824584961 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:17.824635983 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.825145006 CEST	49721	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:17.825162888 CEST	443	49721	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:20.641573906 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.641618967 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.641715050 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.641946077 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.641959906 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.859575987 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.860138893 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.860161066 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.861166000 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.861301899 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.862668037 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.862730980 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.906335115 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:20.906352043 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:20.945952892 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:25.147543907 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.147608995 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.147706985 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.149915934 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.149935007 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.526988983 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.527108908 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.529975891 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.529995918 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.530298948 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.582321882 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.605650902 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.648129940 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.864186049 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.878963947 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879034996 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879057884 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879076958 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879116058 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879134893 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879146099 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.879189968 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879210949 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.879245043 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.879280090 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879354954 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.879368067 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879460096 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.879515886 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.891171932 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.891171932 CEST	49728	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:12:25.891233921 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.891249895 CEST	443	49728	20.12.23.50	192.168.2.17
Apr 18, 2024 22:12:25.968046904 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:25.969233036 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:25.969270945 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:25.969342947 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971057892 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971057892 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971132994 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971350908 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971728086 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:25.971797943 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:26.074799061 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.074842930 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.074881077 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.074964046 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:26.075030088 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.075421095 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.075478077 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.178791046 CEST	443	49691	204.79.197.200	192.168.2.17
Apr 18, 2024 22:12:26.178935051 CEST	49691	443	192.168.2.17	204.79.197.200
Apr 18, 2024 22:12:29.577709913 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.577744007 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.577867985 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.578130960 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.578147888 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.579997063 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.580045938 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.580117941 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.580348015 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.580360889 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.797036886 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.797492027 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.797525883 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.798027992 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.798346043 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.798379898 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.798475027 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.798544884 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.798571110 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.798753977 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.798753977 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.798784018 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.800004005 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.800118923 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.800637007 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.800704002 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.852363110 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:29.852387905 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:29.898531914 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.023418903 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.023487091 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.023562908 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.023767948 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.023767948 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.024561882 CEST	49732	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.024583101 CEST	443	49732	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.043853998 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.088112116 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.105806112 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:30.311358929 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.311553001 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.311623096 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.312107086 CEST	49731	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.312124014 CEST	443	49731	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.315985918 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.316024065 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.316129923 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.316539049 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.316555023 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.317502022 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.317537069 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.317606926 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.317802906 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.317816973 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.407378912 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:30.536341906 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.536622047 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.536634922 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.536998034 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.537318945 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.537383080 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.537497997 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.537528992 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.537717104 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.537730932 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.538925886 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.539328098 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.539496899 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.539499044 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.582320929 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.582334042 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.584119081 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.758680105 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.758815050 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.758904934 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.759816885 CEST	49734	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.759835958 CEST	443	49734	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.763742924 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.763761997 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.763818979 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.763834953 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.763964891 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.764008999 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.764302015 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.764317989 CEST	443	49735	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.764327049 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.764364958 CEST	49735	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.767079115 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.767088890 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.767154932 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.767628908 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.767642021 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.860790968 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:30.860861063 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:30.860927105 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:30.985810995 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.986255884 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.986318111 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.986696005 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.987010956 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:30.987083912 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:30.987162113 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:31.011320114 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:31.028112888 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:31.210901976 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:31.210932970 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:31.211014032 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:31.211059093 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:31.211127996 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:31.211657047 CEST	49736	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:31.211694956 CEST	443	49736	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:31.214097977 CEST	49727	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:12:31.214124918 CEST	443	49727	172.253.124.106	192.168.2.17
Apr 18, 2024 22:12:32.224297047 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:32.401128054 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.401153088 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.401352882 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.402864933 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.402883053 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.618535042 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.618638039 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.622402906 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.622411013 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.622629881 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.670286894 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.671370983 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.712121010 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.821954012 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.822022915 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.822086096 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.822225094 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.822225094 CEST	49737	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.822243929 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.822252035 CEST	443	49737	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.865443945 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.865483999 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:32.865571976 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.866101980 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:32.866117001 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.077868938 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.078109026 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.079641104 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.079654932 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.079862118 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.081101894 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.124126911 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.286710978 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.286780119 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.286895990 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.287844896 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.287873983 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:33.287908077 CEST	49738	443	192.168.2.17	23.220.189.216
Apr 18, 2024 22:12:33.287916899 CEST	443	49738	23.220.189.216	192.168.2.17
Apr 18, 2024 22:12:34.275717020 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:34.577316046 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:34.639295101 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:35.182334900 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:36.394366026 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:38.796379089 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:39.445326090 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:40.899430037 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.899466991 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:40.899591923 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.899889946 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.899902105 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:40.901649952 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.901700974 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:40.901773930 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.902039051 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:40.902054071 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.115597010 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.115987062 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.116008997 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.116333008 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.116734982 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.116811037 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.116956949 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.116971970 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.116981030 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.119589090 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.119910002 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.119925976 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.120306969 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.120743990 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.120837927 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.174345970 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.349684954 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.349703074 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.349819899 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.349836111 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.350924969 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.350961924 CEST	443	49739	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.351026058 CEST	49739	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.361504078 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.408117056 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.643026114 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.643798113 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.643883944 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.644073009 CEST	49740	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.644097090 CEST	443	49740	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.648397923 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.648447037 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.648569107 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.648900986 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.648921013 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.649657011 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.649734974 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.649816036 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.650008917 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.650042057 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.869986057 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.870026112 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.870341063 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.870403051 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.870454073 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.870496988 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.870794058 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.870825052 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.871099949 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.871175051 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.871335030 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.871407032 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.871501923 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.871541023 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:41.916121006 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:41.916140079 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.093868017 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.094074965 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.094182014 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.094831944 CEST	49741	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.094882011 CEST	443	49741	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.100873947 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.100939989 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.100994110 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.101025105 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.101160049 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.101212978 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.102176905 CEST	49742	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.102195024 CEST	443	49742	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.109832048 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.109868050 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.109956980 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.110245943 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.110260010 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.334650993 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.335103035 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.335139990 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.336282969 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.336623907 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.336792946 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.336801052 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.380140066 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.388293028 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.558564901 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.558624983 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.558757067 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.558794022 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.558823109 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:42.558995962 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.559720039 CEST	49743	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:12:42.559739113 CEST	443	49743	216.172.172.52	192.168.2.17
Apr 18, 2024 22:12:43.489176035 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.489238977 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:43.489438057 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.489639044 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.489656925 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:43.600322962 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:12:43.883755922 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:43.883889914 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.902163029 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.902192116 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:43.902501106 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:43.903141975 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.903198957 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:43.903224945 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.079768896 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.079808950 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.079905033 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.119884968 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.119914055 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.176448107 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.176486015 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.176527023 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.176572084 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:44.176594019 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.176609993 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.176635027 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:44.176667929 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:44.177709103 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:44.177727938 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.177737951 CEST	49744	443	192.168.2.17	40.126.29.6
Apr 18, 2024 22:12:44.177745104 CEST	443	49744	40.126.29.6	192.168.2.17
Apr 18, 2024 22:12:44.354937077 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.355026960 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.355133057 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.369656086 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.369709015 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.444540977 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.444643974 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.448741913 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.448751926 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.449141979 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.492645979 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.527121067 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.568130970 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646389008 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646440983 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646473885 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646508932 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646533012 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646543980 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.646565914 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646616936 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.646640062 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.646645069 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646863937 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.646935940 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.655656099 CEST	49745	443	192.168.2.17	13.107.5.88
Apr 18, 2024 22:12:44.655664921 CEST	443	49745	13.107.5.88	192.168.2.17
Apr 18, 2024 22:12:44.736988068 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.737133980 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.738094091 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.738169909 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.801191092 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.801224947 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.801700115 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:44.801796913 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.803584099 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:44.803618908 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:45.060328960 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:45.060411930 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:45.060497046 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:45.060501099 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:45.060501099 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:45.060628891 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:45.063294888 CEST	49746	443	192.168.2.17	131.253.33.200
Apr 18, 2024 22:12:45.063343048 CEST	443	49746	131.253.33.200	192.168.2.17
Apr 18, 2024 22:12:49.060318947 CEST	49675	443	192.168.2.17	204.79.197.203
Apr 18, 2024 22:12:53.215351105 CEST	49680	443	192.168.2.17	20.189.173.13
Apr 18, 2024 22:13:00.749238968 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.749283075 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.749398947 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.749738932 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.749778032 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.749838114 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.750009060 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.750025988 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.750154018 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.750163078 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.969260931 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.969419956 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.969778061 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.969815016 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.969921112 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.969945908 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.970186949 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.970726013 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.970782042 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.970911026 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.970985889 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.970993042 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.970993996 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.971018076 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:00.971417904 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:00.971471071 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.020359039 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.020384073 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.068377972 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.208065987 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.208091974 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.208195925 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.208214998 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.208250999 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.208333969 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.209285975 CEST	49747	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.209307909 CEST	443	49747	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.219897032 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.264120102 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.493947983 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.494666100 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.494781971 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.494923115 CEST	49748	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.494960070 CEST	443	49748	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.498193979 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.498231888 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.498352051 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.498697996 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.498714924 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.499687910 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.499727964 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.499800920 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.500058889 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.500073910 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.715065002 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.715460062 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.715507984 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.715825081 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.716222048 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.716285944 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.716428995 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.725132942 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.725420952 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.725455999 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.726658106 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.727035046 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.727159977 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.727170944 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.727210999 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.764120102 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.771382093 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.957952976 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.958075047 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.958174944 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.958837986 CEST	49749	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.958880901 CEST	443	49749	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.973140955 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.973207951 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.973294973 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.973345995 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.973380089 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.973440886 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.973803997 CEST	49750	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.973834038 CEST	443	49750	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.976857901 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.976926088 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:01.977031946 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.977261066 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:01.977277994 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.194531918 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.195094109 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.195162058 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.195497036 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.195899963 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.195962906 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.196086884 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.235632896 CEST	49700	80	192.168.2.17	199.232.210.172
Apr 18, 2024 22:13:02.240159988 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.277800083 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.277852058 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:02.277964115 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.278480053 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.278496027 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:02.339148045 CEST	80	49700	199.232.210.172	192.168.2.17
Apr 18, 2024 22:13:02.339169979 CEST	80	49700	199.232.210.172	192.168.2.17
Apr 18, 2024 22:13:02.339240074 CEST	49700	80	192.168.2.17	199.232.210.172
Apr 18, 2024 22:13:02.419404984 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.419428110 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.419542074 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.419589043 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.419660091 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.420572996 CEST	49751	443	192.168.2.17	216.172.172.52
Apr 18, 2024 22:13:02.420617104 CEST	443	49751	216.172.172.52	192.168.2.17
Apr 18, 2024 22:13:02.651490927 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:02.651689053 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.656022072 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.656039000 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:02.656254053 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:02.657804012 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:02.704118013 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008166075 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008199930 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008275032 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008322954 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.008351088 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008374929 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008383036 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.008430958 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.008455038 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.008482933 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.012286901 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.012315035 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:03.012331009 CEST	49752	443	192.168.2.17	20.12.23.50
Apr 18, 2024 22:13:03.012336016 CEST	443	49752	20.12.23.50	192.168.2.17
Apr 18, 2024 22:13:20.597815037 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:20.597861052 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.597959995 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:20.598284960 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:20.598299026 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.813539028 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.813978910 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:20.814018011 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.814486027 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.814852953 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:20.814937115 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:20.868367910 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:30.814973116 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:30.815059900 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:13:30.815212011 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:32.025441885 CEST	49754	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:13:32.025481939 CEST	443	49754	172.253.124.106	192.168.2.17
Apr 18, 2024 22:14:20.662805080 CEST	49756	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:14:20.662858009 CEST	443	49756	172.253.124.106	192.168.2.17
Apr 18, 2024 22:14:20.663000107 CEST	49756	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:14:20.663398981 CEST	49756	443	192.168.2.17	172.253.124.106
Apr 18, 2024 22:14:20.663414001 CEST	443	49756	172.253.124.106	192.168.2.17
Apr 18, 2024 22:14:20.883932114 CEST	443	49756	172.253.124.106	192.168.2.17
Apr 18, 2024 22:14:20.932385921 CEST	49756	443	192.168.2.17	172.253.124.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 22:12:15.799319983 CEST	50025	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:15.799544096 CEST	53144	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:15.902326107 CEST	53	49631	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:15.907062054 CEST	53	50025	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:15.920677900 CEST	53	58016	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:16.124218941 CEST	53	53144	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:16.533742905 CEST	53	55530	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:16.870107889 CEST	52756	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:16.870265007 CEST	54627	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:16.992842913 CEST	53	53184	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:17.170288086 CEST	53	54627	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:17.174958944 CEST	53	52756	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:20.535621881 CEST	62239	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:20.535789013 CEST	49831	53	192.168.2.17	1.1.1.1
Apr 18, 2024 22:12:20.640162945 CEST	53	62239	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:20.640187979 CEST	53	49831	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:25.011560917 CEST	53	52649	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:33.570549965 CEST	53	64868	1.1.1.1	192.168.2.17
Apr 18, 2024 22:12:52.462963104 CEST	53	64965	1.1.1.1	192.168.2.17
Apr 18, 2024 22:13:14.970242023 CEST	53	58571	1.1.1.1	192.168.2.17
Apr 18, 2024 22:13:15.832180023 CEST	53	49656	1.1.1.1	192.168.2.17
Apr 18, 2024 22:13:31.493858099 CEST	138	138	192.168.2.17	192.168.2.255
Apr 18, 2024 22:13:43.627438068 CEST	53	65024	1.1.1.1	192.168.2.17

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 18, 2024 22:12:16.124512911 CEST	192.168.2.17	1.1.1.1	c239	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 22:12:15.799319983 CEST	192.168.2.17	1.1.1.1	0x2e2	Standard query (0)	tnxqbx.vaptt.log.br	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:15.799544096 CEST	192.168.2.17	1.1.1.1	0x1148	Standard query (0)	tnxqbx.vaptt.log.br	65	IN (0x0001)	false
Apr 18, 2024 22:12:16.870107889 CEST	192.168.2.17	1.1.1.1	0x50d4	Standard query (0)	tnxqbx.vaptt.log.br	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:16.870265007 CEST	192.168.2.17	1.1.1.1	0x72b9	Standard query (0)	tnxqbx.vaptt.log.br	65	IN (0x0001)	false
Apr 18, 2024 22:12:20.535621881 CEST	192.168.2.17	1.1.1.1	0xa42c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.535789013 CEST	192.168.2.17	1.1.1.1	0xc184	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 22:12:15.907062054 CEST	1.1.1.1	192.168.2.17	0x2e2	No error (0)	tnxqbx.vaptt.log.br	216.172.172.52	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:17.174958944 CEST	1.1.1.1	192.168.2.17	0x50d4	No error (0)	tnxqbx.vaptt.log.br	216.172.172.52	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.106	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.99	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.103	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.104	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.147	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640162945 CEST	1.1.1.1	192.168.2.17	0xa42c	No error (0)	www.google.com	172.253.124.105	A (IP address)	IN (0x0001)	false
Apr 18, 2024 22:12:20.640187979 CEST	1.1.1.1	192.168.2.17	0xc184	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

tnxqbx.vaptt.log.br

https:

slscr.update.microsoft.com

fs.microsoft.com

evoke-windowsservices-tas.msedge.net

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49708	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	1019	OUT	GET /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-18 20:12:16 UTC	382	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:16 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49709	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	971	OUT	GET /assets/css/style.css?v=14 HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:16 UTC	254	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 26 Mar 2024 00:11:32 GMT Accept-Ranges: bytes Content-Length: 1433 Vary: Accept-Encoding Content-Type: text/css
2024-04-18 20:12:16 UTC	1433	IN	Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 31 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 35 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 33 32 33 32 33 3b 0a 7d 0a 2e 64 65 6d 6f 2d 65 72 72 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 46 46 30 30 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 35 65 6d 3b 0a 7d 0a 2e 64 65 6d 6f 2d 69 6e 70 75 74 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 23 43 43 43 20 31 70 78 20 73 6f 6c 69 64 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 32 70 Data Ascii: body { font-family: arial; max-width: 610px; font-size: 0.95em; color: #232323;}.demo-error { color:#FF0000; font-size: 0.95em;}.demo-input { width: 100%; border-radius: 5px; border: #CCC 1px solid; padding: 12p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49711	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	1005	OUT	GET /img/prove.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:16 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:24:36 GMT Accept-Ranges: bytes Content-Length: 2657 Content-Type: image/png
2024-04-18 20:12:16 UTC	2657	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 fc 00 00 00 26 08 06 00 00 00 21 80 29 ee 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 09 f6 49 44 41 54 78 5e ed 9a 81 6d 1d 39 0c 44 d3 4b 8a 49 2d 29 25 95 a4 90 d4 91 5a 7c 98 e0 e6 30 99 1b 4a 5a 7f db b1 b3 f3 00 02 7f b5 94 44 0e a9 55 7c b8 4f 4f a5 94 52 4a f9 eb e9 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 dc 88 af 5f bf 3e 7d fa f4 e9 3f 7b ef 7c b4 78 cb e3 7c fb f6 ed Data Ascii: PNGIHDR&!)sRGBgAMAapHYsodIDATx^m9DKI-)%Z\|0JZDU\|OORJ_J)^R_J)^R_J)^R_J)^R_J)^R_J)^_>}?{\|x\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49712	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	1018	OUT	GET /img/enter_captcha_text.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:16 UTC	231	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:10:08 GMT Accept-Ranges: bytes Content-Length: 952 Content-Type: image/png
2024-04-18 20:12:16 UTC	952	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a8 00 00 00 19 08 06 00 00 00 a5 dd 65 64 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 03 4d 49 44 41 54 78 5e ed 58 db b1 ab 30 0c bc bd a4 31 7a a1 1d 6a a1 10 9a f0 b5 b1 84 f5 f2 83 0c 9c f8 43 3b e3 8f 10 23 ad 76 d7 90 73 fe 05 87 63 62 78 40 1d 53 c3 03 ea 98 1a 1e 50 c7 d4 f0 80 3a a6 86 07 d4 31 35 aa 01 dd d7 4f f8 7c 5a 6b 09 db 01 9b 47 b1 af e1 b3 ee f0 e1 5d 1c db a2 38 bf dd 3a 69 76 af c7 1e d6 c8 6b b9 2d e4 17 48 da 0b 3d 9e ed 9b 67 79 da df 4e 40 d7 d8 f6 29 1c 61 5b 9e 1f 40 03 84 92 dc d1 a0 b7 fa 1f 5b 58 62 fd f9 02 0a ba cb 07 0a f0 fd 2c 5b dc f1 04 3c a0 03 80 1e Data Ascii: PNGIHDRedsRGBgAMAapHYsodMIDATx^X01zjC;#vscbx@SP:15O\|ZkG]8:ivk-H=gyN@)a[@[Xb,[<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49710	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	1014	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:16 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:16 UTC	1236	IN	Data Raw: 34 63 38 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4c8JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49713	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:16 UTC	1014	OUT	GET /img/proceed_button.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:16 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:16 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:15:40 GMT Accept-Ranges: bytes Content-Length: 3295 Content-Type: image/png
2024-04-18 20:12:16 UTC	3295	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 97 00 00 00 36 08 06 00 00 00 ca df 0b 32 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 0c 74 49 44 41 54 78 5e ed 5d 09 57 55 d7 15 e6 57 44 05 51 a3 68 82 26 d1 34 ad 66 a5 69 9a 58 9b b9 a1 6a 1a 63 97 03 35 6a 1a 4c cd 52 4c d4 1a a3 a9 13 26 a6 1a 67 10 11 04 05 51 43 04 04 64 56 40 50 90 49 9c 51 51 51 41 94 41 01 65 68 be 7e fb 3e 2e 5e de bb 80 b4 98 3c de 3a 6f ad cf 7b ef 3e fb ec 3b 9c ef 7e 7b 9f f3 9e ea 04 c3 e7 a7 9f 7e 42 63 53 a3 c2 cf 88 a6 e6 26 34 37 37 9b b6 b5 8b c6 46 34 34 36 68 7d 65 cc 64 6b ea 47 48 5b 47 ed dd 05 b9 07 b9 16 e3 47 23 97 18 6b ee d5 e0 54 f1 69 a4 Data Ascii: PNGIHDR62sRGBgAMAapHYsodtIDATx^]WUWDQh&4fiXjc5jLRL&gQCdV@PIQQQAAeh~>.^<:o{>;~{~BcS&477F446h}edkGH[GG#kTi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.17	49714	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	1003	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:17 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.17	49719	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	408	OUT	GET /img/prove.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:24:36 GMT Accept-Ranges: bytes Content-Length: 2657 Content-Type: image/png
2024-04-18 20:12:17 UTC	2657	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 fc 00 00 00 26 08 06 00 00 00 21 80 29 ee 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 09 f6 49 44 41 54 78 5e ed 9a 81 6d 1d 39 0c 44 d3 4b 8a 49 2d 29 25 95 a4 90 d4 91 5a 7c 98 e0 e6 30 99 1b 4a 5a 7f db b1 b3 f3 00 02 7f b5 94 44 0e a9 55 7c b8 4f 4f a5 94 52 4a f9 eb e9 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 94 52 ca 0d e8 85 5f 4a 29 a5 dc 80 5e f8 a5 dc 88 af 5f bf 3e 7d fa f4 e9 3f 7b ef 7c b4 78 cb e3 7c fb f6 ed Data Ascii: PNGIHDR&!)sRGBgAMAapHYsodIDATx^m9DKI-)%Z\|0JZDU\|OORJ_J)^R_J)^R_J)^R_J)^R_J)^R_J)^_>}?{\|x\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.17	49717	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	421	OUT	GET /img/enter_captcha_text.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	231	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:10:08 GMT Accept-Ranges: bytes Content-Length: 952 Content-Type: image/png
2024-04-18 20:12:17 UTC	952	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a8 00 00 00 19 08 06 00 00 00 a5 dd 65 64 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 03 4d 49 44 41 54 78 5e ed 58 db b1 ab 30 0c bc bd a4 31 7a a1 1d 6a a1 10 9a f0 b5 b1 84 f5 f2 83 0c 9c f8 43 3b e3 8f 10 23 ad 76 d7 90 73 fe 05 87 63 62 78 40 1d 53 c3 03 ea 98 1a 1e 50 c7 d4 f0 80 3a a6 86 07 d4 31 35 aa 01 dd d7 4f f8 7c 5a 6b 09 db 01 9b 47 b1 af e1 b3 ee f0 e1 5d 1c db a2 38 bf dd 3a 69 76 af c7 1e d6 c8 6b b9 2d e4 17 48 da 0b 3d 9e ed 9b 67 79 da df 4e 40 d7 d8 f6 29 1c 61 5b 9e 1f 40 03 84 92 dc d1 a0 b7 fa 1f 5b 58 62 fd f9 02 0a ba cb 07 0a f0 fd 2c 5b dc f1 04 3c a0 03 80 1e Data Ascii: PNGIHDRedsRGBgAMAapHYsodMIDATx^X01zjC;#vscbx@SP:15O\|ZkG]8:ivk-H=gyN@)a[@[Xb,[<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.17	49718	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	417	OUT	GET /img/proceed_button.png HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Wed, 27 Mar 2024 05:15:40 GMT Accept-Ranges: bytes Content-Length: 3295 Content-Type: image/png
2024-04-18 20:12:17 UTC	3295	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 97 00 00 00 36 08 06 00 00 00 ca df 0b 32 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 0c 74 49 44 41 54 78 5e ed 5d 09 57 55 d7 15 e6 57 44 05 51 a3 68 82 26 d1 34 ad 66 a5 69 9a 58 9b b9 a1 6a 1a 63 97 03 35 6a 1a 4c cd 52 4c d4 1a a3 a9 13 26 a6 1a 67 10 11 04 05 51 43 04 04 64 56 40 50 90 49 9c 51 51 51 41 94 41 01 65 68 be 7e fb 3e 2e 5e de bb 80 b4 98 3c de 3a 6f ad cf 7b ef 3e fb ec 3b 9c ef 7e 7b 9f f3 9e ea 04 c3 e7 a7 9f 7e 42 63 53 a3 c2 cf 88 a6 e6 26 34 37 37 9b b6 b5 8b c6 46 34 34 36 68 7d 65 cc 64 6b ea 47 48 5b 47 ed dd 05 b9 07 b9 16 e3 47 23 97 18 6b ee d5 e0 54 f1 69 a4 Data Ascii: PNGIHDR62sRGBgAMAapHYsodtIDATx^]WUWDQh&4fiXjc5jLRL&gQCdV@PIQQQAAeh~>.^<:o{>;~{~BcS&477F446h}edkGH[GG#kTi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.17	49720	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	417	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:17 UTC	1217	IN	Data Raw: 34 62 35 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4b5JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.17	49721	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:17 UTC	406	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:17 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:17 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:17 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.17	49728	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:25 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n5aMMmRX8OBdL8b&MD=NASDykN5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-18 20:12:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 89317ff5-10c9-4afd-b49b-9c721b95a134 MS-RequestId: 749de5ad-1ba3-43a7-998e-1b63c2258353 MS-CV: hrs5RCqCOE2IAB6i.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 18 Apr 2024 20:12:24 GMT Connection: close Content-Length: 24490
2024-04-18 20:12:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-18 20:12:25 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.17	49732	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:29 UTC	1607	OUT	POST /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive Content-Length: 41 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://tnxqbx.vaptt.log.br Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:29 UTC	41	OUT	Data Raw: 63 61 70 74 63 68 61 5f 63 6f 64 65 3d 35 63 34 65 31 62 26 73 75 62 6d 69 74 2e 78 3d 30 26 73 75 62 6d 69 74 2e 79 3d 30 Data Ascii: captcha_code=5c4e1b&submit.x=0&submit.y=0
2024-04-18 20:12:30 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:29 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:30 UTC	1898	IN	Data Raw: 37 35 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 75e<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.17	49731	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:30 UTC	1014	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:30 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:30 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:30 UTC	1243	IN	Data Raw: 34 63 66 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4cfJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.17	49735	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:30 UTC	1003	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:30 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:30 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:30 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.17	49734	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:30 UTC	417	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:30 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:30 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:30 UTC	1240	IN	Data Raw: 34 63 63 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4ccJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.17	49736	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:30 UTC	406	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:31 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:31 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:31 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.17	49737	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 20:12:32 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=211840 Date: Thu, 18 Apr 2024 20:12:32 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.17	49738	23.220.189.216	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:33 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-18 20:12:33 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=211816 Date: Thu, 18 Apr 2024 20:12:33 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-18 20:12:33 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.17	49739	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:41 UTC	1607	OUT	POST /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive Content-Length: 43 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://tnxqbx.vaptt.log.br Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:41 UTC	43	OUT	Data Raw: 63 61 70 74 63 68 61 5f 63 6f 64 65 3d 63 38 66 32 33 62 26 73 75 62 6d 69 74 2e 78 3d 37 37 26 73 75 62 6d 69 74 2e 79 3d 33 36 Data Ascii: captcha_code=c8f23b&submit.x=77&submit.y=36
2024-04-18 20:12:41 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:41 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:41 UTC	1898	IN	Data Raw: 37 35 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 75e<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.17	49740	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:41 UTC	1014	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:41 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:41 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:41 UTC	1206	IN	Data Raw: 34 61 61 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4aaJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.17	49742	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:41 UTC	1003	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:42 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:42 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:42 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.17	49741	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:41 UTC	417	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:42 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:42 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:12:42 UTC	1225	IN	Data Raw: 34 62 64 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4bdJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.17	49743	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:42 UTC	406	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:12:42 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:12:42 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:12:42 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.17	49744	40.126.29.6	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:43 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4788 Host: login.live.com
2024-04-18 20:12:43 UTC	4788	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-04-18 20:12:44 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 18 Apr 2024 20:11:44 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: 43c29a6f-dc8d-4159-9499-36a3d3f806f5 PPServer: PPV: 30 H: SN1PEPF0002F1AF V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 18 Apr 2024 20:12:43 GMT Connection: close Content-Length: 11153
2024-04-18 20:12:44 UTC	11153	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.17	49745	13.107.5.88	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:44 UTC	537	OUT	GET /ab HTTP/1.1 Host: evoke-windowsservices-tas.msedge.net Cache-Control: no-store, no-cache X-PHOTOS-CALLERID: 9NMPJ99VJBWV X-EVOKE-RING: X-WINNEXT-RING: Public X-WINNEXT-TELEMETRYLEVEL: Basic X-WINNEXT-OSVERSION: 10.0.19045.0 X-WINNEXT-APPVERSION: 1.23082.131.0 X-WINNEXT-PLATFORM: Desktop X-WINNEXT-CANTAILOR: False X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd} X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI= If-None-Match: 2056388360_-1434155563 Accept-Encoding: gzip, deflate, br
2024-04-18 20:12:44 UTC	437	IN	HTTP/1.1 200 OK Content-Length: 7285 Content-Type: application/json; charset=utf-8 ETag: 1951370714_1246051562 Strict-Transport-Security: max-age=2592000 X-Content-Type-Options: nosniff X-ExP-TrackingId: 83d5a056-6026-4793-a466-98ef10c36d44 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1BC74E183DB545CA951E472A69C291B6 Ref B: ATL331000108037 Ref C: 2024-04-18T20:12:44Z Date: Thu, 18 Apr 2024 20:12:44 GMT Connection: close
2024-04-18 20:12:44 UTC	794	IN	Data Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 79 6f 63 33 37 32 31 22 2c 22 61 61 74 65 73 31 32 31 22 2c 22 79 6f 63 61 6c 38 33 30 22 2c 22 65 6d 70 72 6f 37 30 32 22 2c 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 79 6f 79 70 70 31 31 37 22 2c 22 79 6f 79 70 70 35 36 31 22 2c 22 79 6f 70 68 6f 31 35 36 22 2c 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 79 6f 72 65 6d 37 38 32 22 2c 22 79 6f 72 65 6d 33 32 35 22 2c 22 79 6f 72 6f 6d 39 33 39 22 2c 22 79 6f 79 70 70 36 33 38 22 2c 22 79 6f 61 61 6f 77 63 34 36 63 66 22 2c 22 79 6f 35 35 36 22 2c 22 79 6f 61 61 6f 32 36 37 22 2c 22 79 6f 70 72 69 32 35 Data Ascii: {"Features":["highqualitycapturec","yoalw9801cf","yoc3721","aates121","yocal830","empro702","yonon248","contactsv2synconly","yoypp117","yoypp561","yopho156","ypromeless","yorem782","yorem325","yorom939","yoypp638","yoaaowc46cf","yo556","yoaao267","yopri25
2024-04-18 20:12:44 UTC	230	IN	Data Raw: 39 67 38 35 35 22 2c 22 69 34 37 62 65 31 37 38 22 2c 22 32 34 38 66 61 31 38 36 22 2c 22 68 35 31 66 30 33 34 32 22 2c 22 68 64 65 31 67 32 36 37 22 2c 22 34 6a 6a 66 62 37 36 38 22 2c 22 36 61 66 67 62 36 35 31 22 2c 22 35 30 63 37 39 31 30 36 22 2c 22 6a 61 35 63 34 32 34 39 22 2c 22 68 33 65 64 34 31 36 31 22 2c 22 61 62 69 30 67 38 31 37 22 2c 22 61 35 34 66 61 35 37 34 22 2c 22 64 69 66 32 32 32 31 39 22 5d 2c 22 46 6c 69 67 68 74 73 22 3a 7b 22 6d 69 78 65 64 72 65 61 6c 69 74 79 76 69 65 77 65 72 31 22 3a 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 66 78 31 22 3a 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 6c 6a 33 22 3a 22 79 6f 63 33 37 32 31 22 Data Ascii: 9g855","i47be178","248fa186","h51f0342","hde1g267","4jjfb768","6afgb651","50c79106","ja5c4249","h3ed4161","abi0g817","a54fa574","dif22219"],"Flights":{"mixedrealityviewer1":"highqualitycapturec","fx1":"yoalw9801cf","lj3":"yoc3721"
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 2c 22 31 34 67 36 22 3a 22 61 61 74 65 73 31 32 31 22 2c 22 31 38 66 7a 22 3a 22 79 6f 63 61 6c 38 33 30 22 2c 22 31 68 6a 65 22 3a 22 65 6d 70 72 6f 37 30 32 22 2c 22 31 71 61 38 22 3a 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 31 77 6d 74 22 3a 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 32 69 77 6a 22 3a 22 79 6f 79 70 70 31 31 37 22 2c 22 32 6a 36 61 22 3a 22 79 6f 79 70 70 35 36 31 22 2c 22 32 6b 71 32 22 3a 22 79 6f 70 68 6f 31 35 36 22 2c 22 32 6c 61 64 22 3a 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 32 6f 63 64 22 3a 22 79 6f 72 65 6d 37 38 32 22 2c 22 32 72 65 6b 22 3a 22 79 6f 72 65 6d 33 32 35 22 2c 22 32 73 63 78 22 3a 22 79 6f 72 6f 6d 39 33 39 22 2c 22 32 74 70 33 22 3a 22 79 6f 79 70 70 36 33 38 22 2c 22 33 30 62 38 22 3a 22 Data Ascii: ,"14g6":"aates121","18fz":"yocal830","1hje":"empro702","1qa8":"yonon248","1wmt":"contactsv2synconly","2iwj":"yoypp117","2j6a":"yoypp561","2kq2":"yopho156","2lad":"ypromeless","2ocd":"yorem782","2rek":"yorem325","2scx":"yorom939","2tp3":"yoypp638","30b8":"
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 32 36 34 22 2c 22 35 39 30 71 22 3a 22 34 61 33 30 64 34 35 35 22 2c 22 35 39 67 67 22 3a 22 32 69 32 68 65 31 31 38 22 2c 22 35 39 67 6a 22 3a 22 34 64 65 35 67 35 34 32 22 2c 22 35 39 76 7a 22 3a 22 62 65 63 34 34 37 35 37 22 2c 22 35 61 39 73 22 3a 22 39 38 34 65 39 37 37 34 22 2c 22 35 61 74 6b 22 3a 22 35 35 35 64 37 39 37 38 22 2c 22 35 62 61 74 22 3a 22 65 6a 66 34 36 37 39 35 22 2c 22 35 63 70 66 22 3a 22 34 39 62 34 67 31 33 33 22 2c 22 35 63 72 73 22 3a 22 33 62 66 39 67 38 35 35 22 2c 22 35 64 77 37 22 3a 22 69 34 37 62 65 31 37 38 22 2c 22 35 65 74 36 22 3a 22 32 34 38 66 61 31 38 36 22 2c 22 35 66 6c 32 22 3a 22 68 35 31 66 30 33 34 32 22 2c 22 35 66 79 6f 22 3a 22 68 64 65 31 67 32 36 37 22 2c 22 35 66 79 71 22 3a 22 34 6a 6a 66 62 37 36 38 Data Ascii: 264","590q":"4a30d455","59gg":"2i2he118","59gj":"4de5g542","59vz":"bec44757","5a9s":"984e9774","5atk":"555d7978","5bat":"ejf46795","5cpf":"49b4g133","5crs":"3bf9g855","5dw7":"i47be178","5et6":"248fa186","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 7d 7d 2c 7b 22 49 64 22 3a 22 59 6f 75 72 50 68 6f 6e 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 41 4f 57 43 34 36 22 3a 36 34 30 30 2c 22 41 41 4f 57 43 34 37 22 3a 37 34 30 30 2c 22 41 41 4f 57 43 36 31 22 3a 31 36 30 30 2c 22 41 41 4f 57 43 36 32 22 3a 32 36 30 30 2c 22 41 41 4f 57 43 36 33 22 3a 33 36 30 30 2c 22 41 69 72 70 6c 61 6e 65 4d 6f 64 65 53 74 61 74 75 73 22 3a 74 72 75 65 2c 22 41 75 74 6f 48 79 64 72 61 74 65 64 49 6d 61 67 65 73 43 6f 75 6e 74 22 3a 30 2c 22 43 61 6c 6c 69 6e 67 41 6c 74 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 45 76 65 6e 74 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 45 78 69 74 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 4f 53 53 65 72 76 69 63 69 6e 67 46 69 Data Ascii: }},{"Id":"YourPhone","Parameters":{"AAOWC46":6400,"AAOWC47":7400,"AAOWC61":1600,"AAOWC62":2600,"AAOWC63":3600,"AirplaneModeStatus":true,"AutoHydratedImagesCount":0,"CallingAltBluetoothPairingEvent":true,"CallingExitConfirmation":true,"CallingOSServicingFi
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 3a 74 72 75 65 2c 22 49 73 41 75 74 68 56 32 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 4d 65 64 69 61 50 61 63 6b 43 68 65 63 6b 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 68 61 74 46 69 6c 74 65 72 54 6f 67 67 6c 65 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 73 65 6e 74 56 32 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 76 65 72 73 61 74 69 6f 6e 56 69 65 77 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 48 69 64 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 4d 75 74 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 50 69 6e 6e 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22 Data Ascii: :true,"IsAuthV2Enabled":true,"MediaPackCheck":true,"MessagingChatFilterToggle":true,"MessagingConsentV2":true,"MessagingConversationView":true,"MessagingEnableHiding":true,"MessagingEnableMuting":true,"MessagingEnablePinning":true,"MessagingSearch":true,"
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 69 6e 67 54 6f 70 30 31 31 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 32 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 35 22 3a 74 72 75 65 2c 22 52 6f 6d 65 44 69 73 61 62 6c 65 64 22 3a 34 34 31 35 30 33 2c 22 53 65 63 75 72 65 43 6f 6e 74 65 6e 74 22 3a 74 72 75 65 2c 22 53 68 65 6c 6c 45 78 74 65 6e 64 65 64 4c 65 66 74 50 61 6e 65 22 3a 74 72 75 65 2c 22 54 65 73 74 46 65 61 74 75 72 65 32 22 3a 66 61 6c 73 65 2c 22 55 6e 69 76 65 72 73 61 6c 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 22 3a 74 72 75 65 2c 22 57 68 61 74 73 4e 65 77 43 4e 22 3a 74 72 75 65 2c 22 59 50 50 43 61 74 61 73 74 72 6f 70 68 69 63 45 72 72 6f 72 41 75 74 6f 52 65 73 65 74 22 3a 74 72 75 65 2c 22 59 50 50 43 6f 6e 73 65 63 75 74 69 76 Data Ascii: ingTop011":true,"RemotingTop012":true,"RemotingTop015":true,"RomeDisabled":441503,"SecureContent":true,"ShellExtendedLeftPane":true,"TestFeature2":false,"UniversalBluetoothPairing":true,"WhatsNewCN":true,"YPPCatastrophicErrorAutoReset":true,"YPPConsecutiv
2024-04-18 20:12:44 UTC	1024	IN	Data Raw: 79 6f 35 35 36 3a 33 30 39 38 36 35 35 36 3b 79 6f 61 61 6f 32 36 37 3a 33 30 34 33 34 36 37 32 3b 79 6f 70 72 69 32 35 37 3a 33 30 34 36 34 34 33 33 3b 79 6f 31 37 39 3a 33 30 34 34 35 33 31 30 3b 79 6f 69 73 61 38 36 31 3a 33 30 35 32 35 38 36 38 3b 79 6f 72 65 6d 31 34 31 3a 33 30 34 38 36 33 35 33 3b 79 6f 79 70 70 36 35 32 3a 33 30 35 31 35 34 38 33 3b 79 6f 35 32 35 3a 33 30 35 35 33 39 38 35 3b 79 6f 36 30 36 3a 33 30 35 32 37 38 35 30 3b 79 6f 6e 6f 74 36 33 33 3a 33 30 36 32 36 30 37 38 3b 79 6f 79 70 70 38 35 39 3a 33 30 36 38 37 38 35 39 3b 79 6f 69 6e 64 36 36 35 3a 33 30 35 39 35 31 36 33 3b 79 6f 64 63 67 38 33 30 3a 33 30 37 31 32 39 34 39 3b 6f 6e 6c 79 5f 74 6f 61 73 74 63 6f 6e 74 65 78 74 6d 65 6e 75 3a 33 30 36 34 38 30 38 31 3b 61 6a Data Ascii: yo556:30986556;yoaao267:30434672;yopri257:30464433;yo179:30445310;yoisa861:30525868;yorem141:30486353;yoypp652:30515483;yo525:30553985;yo606:30527850;yonot633:30626078;yoypp859:30687859;yoind665:30595163;yodcg830:30712949;only_toastcontextmenu:30648081;aj
2024-04-18 20:12:44 UTC	117	IN	Data Raw: 38 33 38 35 30 33 3b 35 30 63 37 39 31 30 36 3a 33 30 38 33 38 36 31 39 3b 6a 61 35 63 34 32 34 39 3a 33 31 30 30 36 32 34 34 3b 68 33 65 64 34 31 36 31 3a 33 30 38 39 31 37 38 34 3b 61 62 69 30 67 38 31 37 3a 33 30 39 35 32 38 37 35 3b 61 35 34 66 61 35 37 34 3a 33 30 39 39 33 33 34 39 3b 64 69 66 32 32 32 31 39 3a 33 30 39 36 30 34 30 32 3b 22 7d Data Ascii: 838503;50c79106:30838619;ja5c4249:31006244;h3ed4161:30891784;abi0g817:30952875;a54fa574:30993349;dif22219:30960402;"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.17	49746	131.253.33.200	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:12:44 UTC	2564	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: 120 X-DeviceID: 01000A41090080B6 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfv0eHCnLomrwdFDDXd9sXJ1TPrczyXqV7gQRxYYM33TA%2BpV/CpxFaWNXrbaoUL3srUWjWBLyLBmZGmhOarf3rmV4NGixLOmIUPBvAzEXFIU6DRcziU8BWHjpNRPUUhofj/ciJ7nfNm0hNLXvvTKuIzn5Cb2ay8KIaUpqRZFS9z2q1h/4LUYQuvX63E3gHZFheLGhuk4Am48e9auz1RXWuBw6lI9b7SgcZQ6d1LKKzYaZhip4phKoUhyQ6bKqLaj/QwLtZUb9BjUGpFsHPIw07dpRzFqCqI8iUF7ibop7Wmh5t5DAl%2BaCnwiObmBlEtp1XTEvojNHkkkgtH8FWcvBAcDZgAACG4GLfaCtw9yqAHy7JV45z/lNRzsn7fkHC/sqrx18d/vdM0WXod/JU2Aog8D38OVN8pqqCovkfp%2BCWrAXHhqdw4LVZMvZsLycMfi5s8ttXLKPbbslcaSAdT%2B0k0OkqJnTIn6WWG49fFyzRVcpPhqXpQerZ75rwpJ%2BJsxlb1erRYhvEfu2ILYhqUQa3RWwjBWv6anEEPYkDfqSFnx3q6w5XdheGXELbgMXtmvGS1H2tE2vfJCwDlaLNIqh4H0uTvLgKjxeMM9nSag4tD98QP2%2BEAFaX30UgLeoXaCp/gUZwl%2BVhYLqOncczyNyTIcsYdOCFCGHGqpNdUHAeUTfAu3PqYkA9zo5ihlZLElpt9%2BI%2B/Uf75hjqGaFTcow/Nl0Zi5b4IF1MN3aX7bMVE43vWuo9K2EBva%2BT1Zgx/GV0MPD25j%2BXPG2SWP/vNIb%2BHQNkR005FffrMSzpmAaiqOHBELzigxSVT/MpR1hZroJA//Z4boEilliRU/xRFWeenEvO7raZ9sxexinRfq1MJ9/U37j775mTlX2crr727tA4paHYwosNUaULqZm/REACuhqXJTVSAG2AE%3D%26p%3D X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1713471162 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: E8E11580235E4AEDB4EF5ED933B377AC X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-04-18 20:12:45 UTC	1463	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 2215 Content-Type: application/json; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _EDGE_S=SID=0440C14F856C6F53149AD52A846D6E3E&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 13-May-2025 20:12:44 GMT; path=/; HttpOnly Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 13-May-2025 20:12:44 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=0440C14F856C6F53149AD52A846D6E3E; domain=.bing.com; path=/; secure; SameSite=None X-EventID: 66217ebc958e446585f8f75755d69163 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: DF0C995141144FF7AB3988A645B6D4E3 Ref B: BL2AA2030102049 Ref C: 2024-04-18T20:12:44Z Date: Thu, 18 Apr 2024 20:12:44 GMT Connection: close
2024-04-18 20:12:45 UTC	552	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value
2024-04-18 20:12:45 UTC	1663	IN	Data Raw: 69 63 65 4d 61 6e 61 67 65 6d 65 6e 74 45 6e 61 62 6c 65 64 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 50 57 49 4c 4f 41 63 74 69 76 69 74 79 55 70 6c 6f 61 64 45 6e 61 62 6c 65 64 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 52 65 6d 69 6e 64 65 72 43 6c 6f 75 64 55 78 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 44 65 73 6b 74 6f 70 4c 6f 63 61 74 69 6f 6e 54 72 69 67 67 65 72 69 6e 67 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 52 65 6d 69 6e 64 65 72 4e 6f 74 69 66 69 63 61 74 69 6f 6e 54 65 6d 70 6c 61 74 65 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 Data Ascii: iceManagementEnabled":{"value":false,"feature":""},"PWILOActivityUploadEnabled":{"value":false,"feature":""},"ReminderCloudUx":{"value":false,"feature":""},"DesktopLocationTriggering":{"value":false,"feature":""},"ReminderNotificationTemplate":{"value":fa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.17	49747	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:00 UTC	1607	OUT	POST /YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive Content-Length: 43 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://tnxqbx.vaptt.log.br Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:13:00 UTC	43	OUT	Data Raw: 63 61 70 74 63 68 61 5f 63 6f 64 65 3d 37 36 37 31 63 66 26 73 75 62 6d 69 74 2e 78 3d 37 30 26 73 75 62 6d 69 74 2e 79 3d 32 35 Data Ascii: captcha_code=7671cf&submit.x=70&submit.y=25
2024-04-18 20:13:01 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:13:01 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:13:01 UTC	1898	IN	Data Raw: 37 35 65 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 75e<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.17	49748	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:01 UTC	1014	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:13:01 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:13:01 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:13:01 UTC	1239	IN	Data Raw: 34 63 62 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4cbJFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.17	49749	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:01 UTC	417	OUT	GET /captchaImageSource.php HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:13:01 UTC	304	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:13:01 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: image/jpeg
2024-04-18 20:13:01 UTC	1229	IN	Data Raw: 34 63 31 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff fe 00 3e 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 64 65 66 61 75 6c 74 20 71 75 61 6c 69 74 79 0a ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 00 1c 00 48 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 Data Ascii: 4c1JFIF``>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default qualityC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222H"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.17	49750	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:01 UTC	1003	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:13:01 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:13:01 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:13:01 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.17	49751	216.172.172.52	443	5136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:02 UTC	406	OUT	GET /favicon.ico HTTP/1.1 Host: tnxqbx.vaptt.log.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=f81aa2aff01441326e740bfb9fddb803
2024-04-18 20:13:02 UTC	318	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 20:13:02 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-18 20:13:02 UTC	1855	IN	Data Raw: 37 33 33 0d 0a 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 48 75 6d 61 6e 20 2d 20 46 69 6c 6c 20 74 68 65 20 43 61 70 74 68 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 3f 76 3d 31 34 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 2d 6d 61 69 6e 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: 733<html><head> <title>Verify Human - Fill the Captha</title> <link href="/assets/css/style.css?v=14" type="text/css" rel="stylesheet" /> <style> </style></head><body> <div class="div-main"> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.17	49752	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-18 20:13:02 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=n5aMMmRX8OBdL8b&MD=NASDykN5 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-18 20:13:03 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: e40e70c5-52c4-4f80-ba44-2519ed97d17b MS-RequestId: 3c23aef0-8c85-4b8a-bab8-35417706c3c1 MS-CV: uPLq2fKIB06SMo0q.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 18 Apr 2024 20:13:02 GMT Connection: close Content-Length: 25457
2024-04-18 20:13:03 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-18 20:13:03 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	22:12:14
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	22:12:14
Start date:	18/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2004,i,7235554893301753609,8371469218369999470,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=	HTTP Parser: No favicon
Source: https://tnxqbx.vaptt.log.br/YKxqkU/Z6r9cspDYwjh8rmYfU5ZUW45NR9FaUMI3KqYrKGsvTm00mZfTR3XkxdbGMtUAB1yV7VIRYEp6Arrp1yCchwtKujAwotGkUugKqlpXESUk8v27mvDsDgYph6EBriOABKZtgV91bKGrlxiO2t1YIHDIiXKnLS20ssJxQTrJ8tmrPTI7D4ijiuDjOAYB1e1F9xqneiKl0lZHkvTvgg21gDgj3sNLVctWnEuGj8SEska4CKBcUHcbii3oE2RiqozlMyWFIpqfPD5U3oZVGZoYLn6I8dbRZR6OpiOBjAZ6r9cs-amVhbmV0dGUuZ2lsbW9yZS1oZWJlcnRAamVmZnBhcmlzaC5uZXQ=	HTTP Parser: No favicon

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3140, Parent PID: 2884