Edit tour

Windows Analysis Report
https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8

Overview

General Information

Sample URL:	https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8
Analysis ID:	1428792
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,13799989580028705131,2957147564770480042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 1740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.10:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.10:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49736 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /style.css HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/css/main.33f82228.css HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /styles1.css HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /player.jpg HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/js/main.e001181c.js HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /13/04/cf/1304cf13787d5a6af6c615eae42729c0.js HTTP/1.1Host: abedwithdrawalautograph.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://moviemagicstream.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bca5d9bffe1d75f1d79b16283e08d02c/invoke.js HTTP/1.1Host: abedwithdrawalautograph.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://moviemagicstream.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /player.jpg HTTP/1.1Host: moviemagicstream.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /manifest.json HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /logo192.png HTTP/1.1Host: moviemagicstream.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: moviemagicstream.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logo192.png HTTP/1.1Host: moviemagicstream.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: moviemagicstream.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Fri, 19 Apr 2024 14:07:19 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Fri, 19 Apr 2024 14:07:20 GMTContent-Type: application/javascriptContent-Length: 0Connection: closeP3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"Access-Control-Allow-Origin: *Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Source: chromecache_76.3.dr	String found in binary or memory: https://abedwithdrawalautograph.com/v6w8t5mkuw?key=bec4f8d35ed0af43a130c7a69c3096b2
Source: chromecache_78.3.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins:wght
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1JlFc-K.woff2)
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2)
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1JlFc-K.woff2)
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2)
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_69.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.10:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.10:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49736 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/35@12/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,13799989580028705131,2957147564770480042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,13799989580028705131,2957147564770480042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
moviemagicstream.com	77.37.88.109	true	false	unknown
www.google.com	142.251.15.103	true	false	high
abedwithdrawalautograph.com	192.243.61.227	true	false	unknown
linksyte.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://moviemagicstream.com/style.css	false	unknown
https://moviemagicstream.com/favicon.ico	false	unknown
https://abedwithdrawalautograph.com/bca5d9bffe1d75f1d79b16283e08d02c/invoke.js	false	unknown
https://moviemagicstream.com/manifest.json	false	unknown
https://moviemagicstream.com/styles1.css	false	unknown
https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8	false	unknown
https://abedwithdrawalautograph.com/13/04/cf/1304cf13787d5a6af6c615eae42729c0.js	false	unknown
https://moviemagicstream.com/static/css/main.33f82228.css	false	unknown
https://moviemagicstream.com/logo192.png	false	unknown
https://moviemagicstream.com/player.jpg	false	unknown
https://moviemagicstream.com/static/js/main.e001181c.js	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://abedwithdrawalautograph.com/v6w8t5mkuw?key=bec4f8d35ed0af43a130c7a69c3096b2	chromecache_76.3.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.37.88.109	moviemagicstream.com	Germany	31400	ACCELERATED-ITDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.243.61.227	abedwithdrawalautograph.com	Dominica	39572	ADVANCEDHOSTERS-ASNL	false
142.251.15.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.10

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428792
Start date and time:	2024-04-19 16:06:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/35@12/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.9.94, 172.217.215.113, 172.217.215.102, 172.217.215.138, 172.217.215.101, 172.217.215.139, 172.217.215.100, 64.233.176.84, 34.104.35.123, 173.194.219.95, 142.251.15.94, 64.233.185.95, 142.250.105.95, 172.253.124.95, 74.125.136.95, 74.125.138.95, 64.233.176.95, 142.251.15.95, 142.250.9.95, 108.177.122.95, 64.233.177.95, 13.85.23.86, 199.232.214.172, 20.242.39.171, 20.3.187.198, 64.233.177.94, 23.47.204.58, 23.47.204.49, 23.47.204.82, 23.47.204.72, 23.47.204.56, 23.47.204.57, 23.47.204.45, 23.47.204.44, 23.47.204.78
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:07:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.976621715840405
Encrypted:	false
SSDEEP:	48:8H/jbdrTEUHnidAKZdA1uehwiZUklqehAy+3:8H/N4f/y
MD5:	B05B6D65F9A196AFFE16F4C32508126E
SHA1:	7F6C7D3F0625648D3B91EE6758791203D5DCC79F
SHA-256:	B219C61D7B90DC5E20081A48F1D4BC07865699C82A79B7356C1D5639B1004935
SHA-512:	73F204B23B23E9D3B37A7BA1213D0C02635C662F94D046E0E5AD9D4698A2C380B63535253B1DF5E764667647F173721D2E1DFB6EC8FC3EFD3859113FBD3FE434
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....x3.b.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.p....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:07:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9951506454480277
Encrypted:	false
SSDEEP:	48:8UjbdrTEUHnidAKZdA1Heh/iZUkAQkqehvy+2:8UN4Z9QKy
MD5:	D114AF88F7110BA40BE14C22746A823E
SHA1:	A95B19E9ED9FEBD0B0083F96266A44C6C8239864
SHA-256:	AA42F51DC3DDBBE141C7C7737CDC7EC8BF2E50EBA47B281B33DDC04D374C9A15
SHA-512:	DC57C72733F51D2CF798EAFD46746F831ADCBBABA5CE8EEEA3071F8B7232C37150D2753AAEFF2F581A417161C98551B18A17D70317D634D9FF7EFDEC84D6B55F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C#.b.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.p....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.002229341675973
Encrypted:	false
SSDEEP:	48:8FjbdrTEbHnidAKZdA149eh7sFiZUkmgqeh7spy+BX:8FN4UnLy
MD5:	BA1602E1F432B477CC30B3468A4574FF
SHA1:	B4806F271996C00C26E1B8750800F0BA525A3B02
SHA-256:	9508297E669DB1A509026DBCAC43727268D2166BA5FF3D153BF1280E15215808
SHA-512:	E5AA9C89AD89F2BE7C23B094C5FCC588828D430EE7CF2A1097CBB4B88B41189C79E939E2E81E50A3D2C429965C0BB9DF854616029D2C87A6AC6827954E742F44
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:07:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9917146779020727
Encrypted:	false
SSDEEP:	48:8UjbdrTEUHnidAKZdA14ehDiZUkwqehzy+R:8UN4Kxy
MD5:	BEFA5351BEFF3F2FF8F42EC0C15112BB
SHA1:	B07409934AD7C665E519F0ED792760211DCC1C48
SHA-256:	870F861136DC7DC11AA7DCA84A7211A1D6B9042BB9D36B1DC9263CAA11B2CD97
SHA-512:	94413A716736FB841B9A6588946E2435DC6ADD5407ABDA67BA813324AC3456887BD8B34225C88808AE6BDA850B40CE61A986C7DB65CD98AE51863CF82A3C19E0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....v...b.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.p....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:07:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9813661936219265
Encrypted:	false
SSDEEP:	48:83jbdrTEUHnidAKZdA1mehBiZUk1W1qehVy+C:83N4a91y
MD5:	618955830DC71B479DFD87E7546B9A78
SHA1:	86254162442EE09A8E11D5EF4B8E0EC16ACB6127
SHA-256:	994533AD72C7F408429C7117EE45D127ED304C9741832579DD302DEEE208E3BA
SHA-512:	48C19FCF73D47601477A63CEE697F8712C48969C86890D2604C62741FCDBC5BA5E84F9B37262C3D5CAF782CED58B60DB84679694140FA0DC2AE1B6E368B0904C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......b.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.p....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:07:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.99313915666769
Encrypted:	false
SSDEEP:	48:8nijbdrTEUHnidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbLy+yT+:8niN4BTyTbxWOvTbLy7T
MD5:	36B1EDD85E71144F7C9F4E972CDAC32E
SHA1:	E4FBAFA53B73C6B55C5335134DF58C20E6C0C697
SHA-256:	2A8DA4568F1450C1F84969EE94C7D03B9FE8F79E307DD890E79753BA4126AE72
SHA-512:	2E5E30B4787275E870BC4715E9FDC1908C21864EEA317C69051D67B53441AE8E6238431C0CA5448D67F8AF53EC179155D8C4B57E670FDAFAEF20722045D21506
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........b.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.X.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.p....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V.X.p....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V.X.p...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.p....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............-.W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65465)
Category:	downloaded
Size (bytes):	245171
Entropy (8bit):	5.296896610674123
Encrypted:	false
SSDEEP:	3072:EheWjc8hjSUrn9ZYs5z+U4YhfNUItNIuFLw8xiz+pC3y+:rWo8hWUr9uqmYhFjIuFU8xiz+pC3y+
MD5:	7A9E5C17E6A7BC6B41D9E83847379693
SHA1:	ED000D97EC629A86E9DAEE4CCB0D57FC92CAEEB3
SHA-256:	3AB1E465A79D58ED4B9FF2018773E9DDEE742946BBB8AE694734FB59F0DD69EC
SHA-512:	C55CEF8C8E85019558A3E59CE63FA0E93046B3C16A4475A753B165A06B31B11CFA27F057B211923FAEAF9BF9CAA55586C070637EBD3D20F99999AD839E7AE1E5
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/static/js/main.e001181c.js
Preview:	/! For license information please see main.e001181c.js.LICENSE.txt /.!function(){var e={725:function(e){"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map((function(e){return t[e]})).join(""))return!1;var r={};return"abcdefghijklmnopqrst".split("").forEach((function(e){r[e]=e})),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},r)).join("")}catch(a){return!1}}()?Object.assign:function(e,a){for(var o,i,l=function(e){if(null===e\|\|void 0===e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}(e),u=1;u<arguments.length;u++){for(var s in o=Object(arguments[u]))n.call(o,s)&&(l[s]=o[s]);if(t){i=t(o);for(var c=0;c<i.length;c++)r.call

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	151
Entropy (8bit):	4.6865922375910944
Encrypted:	false
SSDEEP:	3:UnngFupS6ovCWVjMeoNl2Vx6Iw9xGvLmS6ovX9V00ey/y:UngF6y/jfoiVaD0kyX3TeyK
MD5:	BA8B742DD99C5EDDF46CC63776BEDE71
SHA1:	04CEAA07AAE539677F034F636B6F87E8DEE272BB
SHA-256:	CAA63F3DF0AAF638945D68D55B86D253C554B888DF683AE6B48ECECC1DB5F002
SHA-512:	BFB51E205436F4DA733F5549DA299F2DC7406060CAAFB7F92A9041347B2C570C18AB185440EC166B4BB9962051DCC5311D07C3BDF28A8ECCBB2ABE092AF6E711
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/style.css
Preview:	/* styles.css */...content-to-hide {.. display: block;..}....@media screen and (min-width: 1024px) {.. .content-to-hide {.. display: none;.. }..}

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.1 (Windows), datetime=2023:09:02 13:47:42], progressive, precision 8, 717x411, components 3
Category:	dropped
Size (bytes):	39256
Entropy (8bit):	7.4754836442589765
Encrypted:	false
SSDEEP:	768:bC/7PCDoYyPlT18g14EhibjFxkK8LeGoe8d+wsiqgShMuuuuuN/:bUQoPfSbjklLoe8dKiqgSKuuuuuN
MD5:	13EC0695E81DA0F6511FFBE2E083DE8A
SHA1:	865746E270077F7E7C05744AB9CA4688936E6313
SHA-256:	BA0D4B59EC7A87C2532C91F2B0A18D7E391E7DCE6583533849416663B7D49A96
SHA-512:	44D518D635B46233C3D66D0DD904770DA14DB5C7416B6355EF93C80B3454E3597267990C117F56FBB3E50AE7AF6FF7F1BDA464C5CB1B9F659E6947A8C40717BE
Malicious:	false
Reputation:	low
Preview:	......Exif..MM..............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 22.1 (Windows).2023:09:02 13:47:42........................................................................"............(.....................2...................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................\...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJI$.R.I$...I%)$.IJI$.R.I$...I%)$.IO...I%)$.IJI$.R....3..ex=>.d..a.....t1.o....c.v1.=.........I:5.h^..n?....^66.>..V.]c...oxg..T;.X...G......_fIMa

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit colormap, non-interlaced, 32 bits/pixel
Category:	dropped
Size (bytes):	3870
Entropy (8bit):	7.717397930394703
Encrypted:	false
SSDEEP:	96:LBz+xCxxOSqQAjRvv9TXYR/vgJ4QuhrgSo:dKSYScddTX2Mmhrho
MD5:	C92B85A5B907C70211F4EC25E29A8C4A
SHA1:	1120538C77AD1F28A89243B4B53FE2AC16CC3BC6
SHA-256:	3D10F7DA6C603178340081668C4AC5B3AE9743CA9A262AB0FCD312FBB9F48BDD
SHA-512:	D792613E3C31D3AEA08AE9CE51A26498AFED8B48C93290640C64D0A23EDC85E524BC1D090B5BA3FA161B3F2F7D31F9D1DA5DB77B14189FC3F8ED81FF830FA70C
Malicious:	false
Reputation:	low
Preview:	............ .....F......... .....)... .... .9...5...@@.... .....n....PNG........IHDR.............(-.S....PLTE""""""""""""""""""2PX=r.)7;:>H..-BGE..8do5Xb6[eK..K..1MU9gs3S\I..:gt'03@{.V..T..A}.V..@y.6\fH..-CII..E..+;@7_i7_jF..J..K..H..-BHa..,@FC..L..&.0W..N..I..$)+B..J..R..?v.>s.>u.S..=q.P..P..P..,?D4U^%+-M..K..%+,2OX+<AL..#&&D..%,.I..v.T.....tRNSI..J.e.e.....IDATx.M..ZEA.......%R....TTh.G..,...=......m.f.mnf.A.$.>!..g..Hg..E..}........k.d....Jo....3.L"J......Q.$....ff.,.5i9....H../mB...w..w;D..+&.W.....D.o.@.RI..B.om..........IEND.B`..PNG........IHDR...................ePLTE""""""""""""""""""""""""2RZN..J..3R[J..)59Y..0KS4W`Q..L..%+-0JR)6::gtC.."##?v.U..?w.<n{&-/Y..=q.:iuB..A}.A{.B../IPP..=q.K.._..L..$();lzR..a..I..Z..3U^1MU3T]Z..I..X..F..-BGP..6[e,@E5ZdO..-BHX..+=AW..,@FW..Q..?v.W..+<A@y."#$\..4Wa\..S..$(.EL^..V..6]h#$%G..#&';jwV..-CIL..Z..^..>u.S../HNM.._..\..M..8doD..D..>t.+=B[..,>C>t.<o}@y.0LS.EKT..$'(%,.A~.W..C..%+,\..C!......tRNS......G.....OIDATx.l..B.Q...u.._.<

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2359
Entropy (8bit):	5.346573239415289
Encrypted:	false
SSDEEP:	48:QO6apTnRVc+ukO6apTCRN0osOEaZRVc+ukOEaHN0osOpapoRVc+ukOpapjRN0oD:QO6azVc+ukO6aoNQOEaDVc+ukOEaHNQW
MD5:	0ED9FE722857C1328079D8745FFD439C
SHA1:	5211AFE46F3942979BFDD657FF47284E5D8211F8
SHA-256:	B8F81345A09BCF55FA0DE90D4DD0190CD572C632B466242DC72C7F9D562E25DF
SHA-512:	3B030F9FD301351B29B187B22ECBE5686C139E16E13729325F25EF2C4CD9832A00B5989919E8678CB2E3B825E94803BB965D5C4294E66CFEC4826492F203CCE4
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;700&display=swap
Preview:	/* latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 200;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1JlFc-K.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 200;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJnecmNE.woff2) format('w

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.1 (Windows), datetime=2023:09:02 13:47:42], progressive, precision 8, 717x411, components 3
Category:	downloaded
Size (bytes):	39256
Entropy (8bit):	7.4754836442589765
Encrypted:	false
SSDEEP:	768:bC/7PCDoYyPlT18g14EhibjFxkK8LeGoe8d+wsiqgShMuuuuuN/:bUQoPfSbjklLoe8dKiqgSKuuuuuN
MD5:	13EC0695E81DA0F6511FFBE2E083DE8A
SHA1:	865746E270077F7E7C05744AB9CA4688936E6313
SHA-256:	BA0D4B59EC7A87C2532C91F2B0A18D7E391E7DCE6583533849416663B7D49A96
SHA-512:	44D518D635B46233C3D66D0DD904770DA14DB5C7416B6355EF93C80B3454E3597267990C117F56FBB3E50AE7AF6FF7F1BDA464C5CB1B9F659E6947A8C40717BE
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/player.jpg
Preview:	......Exif..MM..............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop 22.1 (Windows).2023:09:02 13:47:42........................................................................"............(.....................2...................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................\...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%)$.IJI$.R.I$...I%)$.IJI$.R.I$...I%)$.IO...I%)$.IJI$.R....3..ex=>.d..a.....t1.o....c.v1.=.........I:5.h^..n?....^66.>..V.]c...oxg..T;.X...G......_fIMa

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	322
Entropy (8bit):	4.471102329756779
Encrypted:	false
SSDEEP:	6:USTJFI/qC3vFNOlFTzLc3TZ5IAsjNWF/utFoTdEveWqh8hRHttd/wGMyYXTov:U+LI/qUFIludMNWktFidEvtqh8/tfwG3
MD5:	54D44C196106534153812E023F0029C2
SHA1:	4CA48AD66F31F85639DCAFA352E8A61CE68461E0
SHA-256:	2057372D63A42DC35B54425E4ABC136D7CB3637AA471DD94D758F88A15435929
SHA-512:	C52294730AAB85AA02DACB5D589E23421FD8B52B808D9C964F24B71043562DCF69D4A7ACE9EA1B8EE4522314F9AB0D84C761C137E852A33D095E962C2BF9A6A7
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/styles1.css
Preview:	body {.. margin: 0;.. padding: 0;..}.....content {.. padding: 20px;.. /* Add some padding to create space above the footer */..}.....footer {.. position: fixed;.. bottom: 0;.. left: 0;.. width: 100%;.. background-color: #333;.. color: #fff;.. padding: 10px 0;.. text-align: center;..}..

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	492
Entropy (8bit):	4.508040222190771
Encrypted:	false
SSDEEP:	6:3vjkpO/Eqh/bwXLjQLMzmezk7TWKAKLkmXrdEJqJHGezXXdKLkmXcqJHGez1mjgw:fYDqJeLQq/KvriSdKvqUKV/cDTO
MD5:	D9D975CEBE2EC20B6C652E1E4C12CCF0
SHA1:	4E0AFE7F81A71F41366CD7859CA34776B8107923
SHA-256:	50B3D8C3903AF3F78D871B94557AB14F4E39CA192EACA3D2CFA863C867279A14
SHA-512:	50EF3C4963B89C9DBA094705B6DF105E5C82F8DB708059DF6A48A3F95C43487B7CCBEB9840E7B76074896DB5FB2F1D918326D0CE338220589CD275F9EE79B16C
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/manifest.json
Preview:	{. "short_name": "React App",. "name": "Create React App Sample",. "icons": [. {. "src": "favicon.ico",. "sizes": "64x64 32x32 24x24 16x16",. "type": "image/x-icon". },. {. "src": "logo192.png",. "type": "image/png",. "sizes": "192x192". },. {. "src": "logo512.png",. "type": "image/png",. "sizes": "512x512". }. ],. "start_url": ".",. "display": "standalone",. "theme_color": "#000000",. "background_color": "#ffffff".}.

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Category:	downloaded
Size (bytes):	7816
Entropy (8bit):	7.974758688549932
Encrypted:	false
SSDEEP:	192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4
MD5:	25B0E113CA7CCE3770D542736DB26368
SHA1:	CB726212D5D525021752A1D8470A0FB593E0C49E
SHA-256:	9338E65FC077355C7A87AE0D64CC101E23B9BF8AD78AE65F0F319C857311B526
SHA-512:	A0D331E62AB4727F49CA286A1EE7FB81CDDC5BB9EDF71EF84F4BD4FA1552069AF1A82752011BA88FAE80862D034135926B7E99D70E59D626D66D4EDE90E94C30
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Preview:	wOF2..............>P...4.............................`..T.......6..6.$..h. ..D.....03......~.(J........".!]X.......fD .s..I......(&.:..K..3=/.?0.?B........}.}.L....9.!1..6.u....(...m..\.6R.H....(..J.....YXus..2..susq.E^.v.....z..{........BN^...}[a.8&.By.9......O......3..zW.\|R.I.8 .Z.V. ..v...X_F....,[ye....wU.m..U.....}....'.^.jQK..@....n....)...;.. T..@]...hz.>.6.Y.tgeF.p...k?.g.jIb..."'.p.j.W}..X..........0'@.!<..$.<\TG...........^......W..<..LhX...r..Q.8........W.8[...W.z.W...,`...}...CY..z..m.B...z._..}..0$..F. ....<........!...X.....`.._UY{..k....[.+....h..G...x4.h...#...n=.!....G.G..<....~.nS...M.d.RT...g..$:/..j..y.@.FIg.".#..]'...4...n..y.Q.s'..I@P.w..xI.......#.J.n.n.i...'....@..H...H..1.;7...ddSF.d..]....Z......W.../S....^V..k..%.......CF....B4.kN....Mp.......+..i...M.>.`m...=..$c..$.h.t..\|..d+...6j..W...~a.M.'4..f.`...( .0Vq,.&f.?k.%i.\|tr..`k...F..{l.T.T=.......aK..F....nAu..."....Cpc..B.`..s...,S.......P._[K?..+...\|2...z....

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Category:	downloaded
Size (bytes):	7884
Entropy (8bit):	7.971946419873228
Encrypted:	false
SSDEEP:	192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI
MD5:	9212F6F9860F9FC6C69B02FEDF6DB8C3
SHA1:	AC6D71B4D5FDD2B3DABC9A06FF6C001E4251DA0B
SHA-256:	7D93459D86585BFCDBB7E0376056226ADB25821EE54B96236FE2123E9560929F
SHA-512:	67317495F4B53E20A9F31C034E456E6C37F387DFFB2C092CAA5159BC441CFCADD02749FFE5BBED1D580D5300A59E48A767EF2C6D9978B474F84C1A2CD095C126
Malicious:	false
Reputation:	low
URL:	https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
Preview:	wOF2..............?....x.............................`..T..L.6..6..6.$..h. ..\....~2.".8. .w.Q.Y,.?$pC.....)bT(i..@X.m...+...D.Q.O.\-?g.U..Z..._...l..!.lKD.Q..>.9v..V..<...Td$.E..,...o..c.t....!...#..8.A..3..cx~n=Di#....U......K.5jXH.].....j.(.6..]{..IDhZ.......R.....[..X".B~.(Su2..../.I.E...T.l%....'.N.aN.2\,70.....V.RQ..k~..".1. Lg.zd....}.yyys&D.K.g....)....2&%$.nm.\.._.e.tU..I.w;W.\|..6..XUv...!......>@.V..'..`.H`...5.7.X.?..@#..:..<.R.\|.;K..}.6..IA.C.....z.n.G............[.....z........`.X....D..{<..j...).......FQ..T..m.&s_k[%ZILV.8.l.o.z$.)/]......}..Kg.}..O...o\|..>.,U..?..{b<........._.._.06.........R01.@..[......a8..7.V%..B.0F...4 ....q..u#.lg....x....a.=w...8..A6.>f.+.8..Xm@`.m....G.....i..^R}9.aB...?._#.[f.d,V....bG.]...iED.@[.:.....P...........~.{,.x...~.!...C....b.....ze..).:+N....2sd..s..MEp.?^[.k........p..nz...[-.XI.%.."..`..<.2b\.w.VS.a.+......~..J..uGq..)..1...4o3v.Sb......5.w7...-....Wd>..B....R^.4'..B.2G>.en.q..._.@s......

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5347
Entropy (8bit):	7.94375880473395
Encrypted:	false
SSDEEP:	96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv
MD5:	33DBDD0177549353EEEB785D02C294AF
SHA1:	7F4F2D68782A7FAFCEDA84554ECAB9B489877500
SHA-256:	C386396EC70DB3608075B5FBFAAC4AB1CCAA86BA05A68AB393EC551EB66C3E00
SHA-512:	E34572CF754FF7E1D0ACB12D8275252230AD1DD9ADC5858E807FEF0FB61AEA82CB1F9CA3EBAB3EEB449460373140105F8D773E7BDDBF6745F9E81CC1546621F4
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/logo192.png
Preview:	.PNG........IHDR.............e..5....PLTE...d..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..`..a..a..a..a..a..a..a..`..a..a..a..a..a..a..a..a..a..a..a..f..a..c..e..h..H.....'tRNS...#..,..._....E..L..n?X.4Qg.yt.:.....!.....IDATx..[.r.0....l..;>...i...?_-,.)........L'......o..o..o..o..o.x-..F?......&.?B.Y.>....MO.q.......8.r....1.O..'....<...x...h.>.[.q.@L...)...."7....$.../..I.k....T.w...O.V...B8..O_....YI..... .e....0.5SH....\|.../..e8=vbu.\5.......}7r..l.h.O..O.p'8?i.3..O.-....6...CS..3.u..qHc6I..)(........k..LV.....#...,<....t.pz......!...YQ.yZ...C:.a.x.D....\|.\....M.Q..4.6.b..O9.Q.X......wt3...~..0........@..K..d.[T..r..k...@.O.X6$..J........,5....F..#.0._o...Iy....S.....>m..K9%..m.9.W..VJ..uX..Cc...p..+.".......>..)>x..!".#s3...d.'.....4{...H.n..fP......#.....8C.b..."......\@...F...P..Mul..v.&.....2...n~..P#..g.L.......K..7C....IO.--......I..)@.`'..KOY....2r?.C...C(..8....7...M\|68....y........D.U:R.......7.G..W..mT#t...;..[..

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1222)
Category:	downloaded
Size (bytes):	5208
Entropy (8bit):	5.226016698401484
Encrypted:	false
SSDEEP:	96:z6Zzvy49BYFWwoFJx+1oO8mxOH+IM8CNoNb62VfXPpRjAM:ezd9BHFJY8MT8CZ6fXRRjAM
MD5:	5F716566387C0DD3A25808FBD8FDE467
SHA1:	351A582FD715DF4D24BA4BF04C5034A9AF3BB017
SHA-256:	0EDD468BD0BC6A20FC1E1714D95C9EED3217999A7162FE51286A31476AD666DA
SHA-512:	37301CD9F63C8130D00ADEAB1C279288E8552982E4D3698C85E0AB1386AD908A04C1E1FD91FA021936C413EC3E0838D5234198C4B5F3CDC6189AC9A6EE51C3FE
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8
Preview:	<!doctype html><html lang="en"><head>. <meta charset="UTF-8">. <link rel="stylesheet" type="text/css" href="style.css">.. . <style type="text/css">. .mobileShow {display: none;}.. /* Smartphone Portrait and Landscape /. @media only screen. and (min-device-width : 320px). and (max-device-width : 480px){ . .mobileShow {display: inline;}. }. .mobileHide { display: inline; }.. / Smartphone Portrait and Landscape */. @media only screen. and (min-device-width : 320px). and (max-device-width : 480px){. .mobileHide { display: none;}.. }. .</style>...<style>..button {. padding: 10px 100px;. border: unset;. border-radius: 15px;. color: #212121;. z-index: 1;. background: #e8e8e8;. position: relative;. font-weight: 1000;. font-size: 15px;. -webkit-box-shadow: 4px 8px 19px -3px rgba(0,0,0,0.27);. box-shadow: 4px 8px 19px -3px rgba(0,0,0,0.27);. transition: all 250ms;. overflow: hidden;.}...button::before {. content: "";. position: absolute;. top: 0;. left:

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HCNCkY:QY
MD5:	FC10C2818B864FCC38006936127A647C
SHA1:	8DFA775095871ACE8C1DFCF13355D2065357C2F6
SHA-256:	B561DE696009B98E613484A1A0BA09326B1C90DA362766D0B954CECCC899F16F
SHA-512:	2D03E67202EB4E789E04133B8FBAEB3A851005003CEFB67EF41614E6E5982DB0EA37AAF37F8A0A0ACA3CFC9F2AD8CED95FDF78CF7F41D664D22B2A870B1F42A2
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAklBXOCziv6eRIFDWdns_4=?alt=proto
Preview:	CgkKBw1nZ7P+GgA=

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4866)
Category:	downloaded
Size (bytes):	4911
Entropy (8bit):	5.087277903745625
Encrypted:	false
SSDEEP:	48:WjGDeEk1OyduYzBmMcligigViSj/ID2hMnYkzYxHCYn/EJYv3WDeTVFVISYansv1:HERVc77MndsP/Hu+7VIv/rwKF
MD5:	4E22995767EA275093F25AACC4108766
SHA1:	564511F50D589AFE48FC8BE0D89EC7E363FC1642
SHA-256:	F476AAC7F95281A87C492D9DF461BFAAB6CFE44B245DE06206BA952B163EBCCA
SHA-512:	D7CCB09E44AAF3D0E5397B8E019D86DAEEB11BA2D568550EF47E231791ABD1CEFB64E3F48E8D084428514C292262BA490D79678F6BDDD9AE854DF116DBD37D86
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/static/css/main.33f82228.css
Preview:	@import url(https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;700&display=swap);body{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif}code{font-family:source-code-pro,Menlo,Monaco,Consolas,Courier New,monospace}*{box-sizing:border-box}:root{--primary-color:#22254b;--secondary-color:#373b69}body{background-color:#22254b;background-color:var(--primary-color);font-family:Poppins,sans-serif;margin:0}header{background-color:#373b69;background-color:var(--secondary-color);display:flex;justify-content:flex-end;padding:1rem}.search{background-color:initial;border:2px solid #22254b;border:2px solid var(--primary-color);border-radius:50px;color:#fff;font-family:inherit;font-size:1rem;padding:.5rem 1rem}.search:focus{background-color:#22254b;background-color:var(--primary-color);outline:0}.search::-webkit-input-placeholder{color:#7378c

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit colormap, non-interlaced, 32 bits/pixel
Category:	downloaded
Size (bytes):	3870
Entropy (8bit):	7.717397930394703
Encrypted:	false
SSDEEP:	96:LBz+xCxxOSqQAjRvv9TXYR/vgJ4QuhrgSo:dKSYScddTX2Mmhrho
MD5:	C92B85A5B907C70211F4EC25E29A8C4A
SHA1:	1120538C77AD1F28A89243B4B53FE2AC16CC3BC6
SHA-256:	3D10F7DA6C603178340081668C4AC5B3AE9743CA9A262AB0FCD312FBB9F48BDD
SHA-512:	D792613E3C31D3AEA08AE9CE51A26498AFED8B48C93290640C64D0A23EDC85E524BC1D090B5BA3FA161B3F2F7D31F9D1DA5DB77B14189FC3F8ED81FF830FA70C
Malicious:	false
Reputation:	low
URL:	https://moviemagicstream.com/favicon.ico
Preview:	............ .....F......... .....)... .... .9...5...@@.... .....n....PNG........IHDR.............(-.S....PLTE""""""""""""""""""2PX=r.)7;:>H..-BGE..8do5Xb6[eK..K..1MU9gs3S\I..:gt'03@{.V..T..A}.V..@y.6\fH..-CII..E..+;@7_i7_jF..J..K..H..-BHa..,@FC..L..&.0W..N..I..$)+B..J..R..?v.>s.>u.S..=q.P..P..P..,?D4U^%+-M..K..%+,2OX+<AL..#&&D..%,.I..v.T.....tRNSI..J.e.e.....IDATx.M..ZEA.......%R....TTh.G..,...=......m.f.mnf.A.$.>!..g..Hg..E..}........k.d....Jo....3.L"J......Q.$....ff.,.5i9....H../mB...w..w;D..+&.W.....D.o.@.RI..B.om..........IEND.B`..PNG........IHDR...................ePLTE""""""""""""""""""""""""2RZN..J..3R[J..)59Y..0KS4W`Q..L..%+-0JR)6::gtC.."##?v.U..?w.<n{&-/Y..=q.:iuB..A}.A{.B../IPP..=q.K.._..L..$();lzR..a..I..Z..3U^1MU3T]Z..I..X..F..-BGP..6[e,@E5ZdO..-BHX..+=AW..,@FW..Q..?v.W..+<A@y."#$\..4Wa\..S..$(.EL^..V..6]h#$%G..#&';jwV..-CIL..Z..^..>u.S../HNM.._..\..M..8doD..D..>t.+=B[..,>C>t.<o}@y.0LS.EKT..$'(%,.A~.W..C..%+,\..C!......tRNS......G.....OIDATx.l..B.Q...u.._.<

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5347
Entropy (8bit):	7.94375880473395
Encrypted:	false
SSDEEP:	96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv
MD5:	33DBDD0177549353EEEB785D02C294AF
SHA1:	7F4F2D68782A7FAFCEDA84554ECAB9B489877500
SHA-256:	C386396EC70DB3608075B5FBFAAC4AB1CCAA86BA05A68AB393EC551EB66C3E00
SHA-512:	E34572CF754FF7E1D0ACB12D8275252230AD1DD9ADC5858E807FEF0FB61AEA82CB1F9CA3EBAB3EEB449460373140105F8D773E7BDDBF6745F9E81CC1546621F4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............e..5....PLTE...d..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..`..a..a..a..a..a..a..a..`..a..a..a..a..a..a..a..a..a..a..a..f..a..c..e..h..H.....'tRNS...#..,..._....E..L..n?X.4Qg.yt.:.....!.....IDATx..[.r.0....l..;>...i...?_-,.)........L'......o..o..o..o..o.x-..F?......&.?B.Y.>....MO.q.......8.r....1.O..'....<...x...h.>.[.q.@L...)...."7....$.../..I.k....T.w...O.V...B8..O_....YI..... .e....0.5SH....\|.../..e8=vbu.\5.......}7r..l.h.O..O.p'8?i.3..O.-....6...CS..3.u..qHc6I..)(........k..LV.....#...,<....t.pz......!...YQ.yZ...C:.a.x.D....\|.\....M.Q..4.6.b..O9.Q.X......wt3...~..0........@..K..d.[T..r..k...@.O.X6$..J........,5....F..#.0._o...Iy....S.....>m..K9%..m.9.W..VJ..uX..Cc...p..+.".......>..)>x..!".#s3...d.'.....4{...H.n..fP......#.....8C.b..."......\@...F...P..Mul..v.&.....2...n~..P#..g.L.......K..7C....IO.--......I..)@.`'..KOY....2r?.C...C(..8....7...M\|68....y........D.U:R.......7.G..W..mT#t...;..[..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:07:09.800158978 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:10.112191916 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:10.721519947 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:10.846584082 CEST	49674	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:10.849616051 CEST	49675	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:11.924715042 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:14.393559933 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:17.657541990 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.657582998 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.657706976 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.658000946 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.658041954 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.658097029 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.658111095 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.658130884 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.658485889 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.658503056 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.955508947 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.960908890 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.960922956 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.962213993 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.962308884 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.962331057 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.962889910 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.962909937 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.963448048 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.963536024 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.963628054 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.963637114 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.964211941 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:17.964282036 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.965146065 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:17.965212107 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.018625975 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.019097090 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.019123077 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.066610098 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.074141026 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:18.277596951 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.277648926 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.277657986 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.277774096 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.277793884 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.277985096 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.278055906 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.278789043 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.278805017 CEST	443	49710	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.278810024 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.278872967 CEST	49710	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.301737070 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.301759958 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.301851988 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.302112103 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.302145004 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.302202940 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.302702904 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.302726030 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.302805901 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.303034067 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.303077936 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.303143978 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.303843021 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.304039955 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.304054976 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.304213047 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.304227114 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.304327965 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.304342985 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.304702997 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.304716110 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.348121881 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.378334045 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:18.446727037 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.447010994 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.447091103 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.448805094 CEST	49709	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.448817968 CEST	443	49709	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.599364996 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.599468946 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.600089073 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.601541996 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.601576090 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.601671934 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.601691008 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.601783037 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.601792097 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.602050066 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.602135897 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.602968931 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.603130102 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.603193045 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.604707956 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.604762077 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.605598927 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.605654955 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.607193947 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.607338905 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.607352018 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.607657909 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.607997894 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.608414888 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.608542919 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.608550072 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.608776093 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.608833075 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.609730005 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.609790087 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.610197067 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.610202074 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.652107954 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.652108908 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.657563925 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.657659054 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.911144018 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:18.911206961 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:18.911360979 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:18.912755966 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:18.912792921 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:18.923521996 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.923979044 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.924051046 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.924179077 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.924757004 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.924907923 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.924974918 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.924997091 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.925106049 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.925148010 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.927424908 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.930227995 CEST	49713	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.930260897 CEST	443	49713	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.937079906 CEST	49714	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.937100887 CEST	443	49714	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.970089912 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.970105886 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:18.970115900 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.970118999 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:18.986664057 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:19.017074108 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.017144918 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.066705942 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066711903 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066780090 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066787958 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066819906 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.066868067 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.066871881 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066888094 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.066931963 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.067265987 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.067277908 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.067329884 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.067338943 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.067358017 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.067368031 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.067389965 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.069943905 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.069962978 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.069991112 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070005894 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070018053 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070029974 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.070044041 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070080996 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.070317984 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070327997 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070348024 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070358038 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.070413113 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.070420027 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.112960100 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.112960100 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.205144882 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:19.209124088 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.209145069 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.209204912 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.209209919 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.209269047 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.209290028 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.210150003 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.210170984 CEST	443	49715	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.210179090 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.210222006 CEST	49715	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.212812901 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.212836981 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.212878942 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.212883949 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.212909937 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.212953091 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.212963104 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213027954 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.213059902 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213088989 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213116884 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.213120937 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213155031 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213180065 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213184118 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.213196993 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.213210106 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.213244915 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.285768986 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.296058893 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.296077967 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.297162056 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.297240973 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.307606936 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.307677984 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.318917036 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.318928003 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.354435921 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.354470968 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.354520082 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.354528904 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.354553938 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.354590893 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355046034 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355074883 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355127096 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355134010 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355211973 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355237961 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355269909 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355273962 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355298996 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355362892 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355366945 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355439901 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355458975 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355504990 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355528116 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355552912 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355914116 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355938911 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.355979919 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.355984926 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.356019974 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.356158018 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.356178999 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.356232882 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.356244087 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.361746073 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.362027884 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.446546078 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.446639061 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.449245930 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.497215986 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497271061 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497303963 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497328997 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497366905 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497389078 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497422934 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497467041 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497505903 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497509956 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497534990 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497560978 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497595072 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497632980 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497659922 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497663975 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497695923 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497720003 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497880936 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497920036 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497950077 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.497953892 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.497977018 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.498003006 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.498006105 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.498075962 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.498128891 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.525499105 CEST	49716	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.525520086 CEST	443	49716	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.538481951 CEST	49717	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.538511038 CEST	443	49717	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.569727898 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.569761992 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.570060968 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.570422888 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.570437908 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.742501974 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.742557049 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.742743969 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.743432045 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:19.743453026 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:19.939119101 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.940639019 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.940651894 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.941028118 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.942030907 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.942101002 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:19.942295074 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:19.978024006 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:19.978074074 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:19.978157043 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:19.978451014 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:19.978466034 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:19.988123894 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:20.039498091 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.040123940 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.040138960 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.041194916 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.041268110 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.044143915 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.044143915 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.044203997 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.072859049 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:20.072940111 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:20.073034048 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:20.073827028 CEST	49719	443	192.168.2.10	192.243.61.227
Apr 19, 2024 16:07:20.073852062 CEST	443	49719	192.243.61.227	192.168.2.10
Apr 19, 2024 16:07:20.099386930 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.099395990 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.146357059 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.195138931 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:20.198040009 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:20.198319912 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:20.198334932 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:20.199419022 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:20.199479103 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:20.364936113 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.417357922 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.417383909 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.449341059 CEST	49674	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:20.449359894 CEST	49675	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:20.465442896 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509361982 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509372950 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509411097 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509427071 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509452105 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509473085 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509473085 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509473085 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509494066 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509505987 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509512901 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509532928 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509545088 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509572983 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509572983 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509581089 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509588003 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.509604931 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.509638071 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.651884079 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.651957035 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:20.652046919 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.652046919 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.767013073 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:20.767225981 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:20.808348894 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:20.808374882 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:20.858247042 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:20.908107042 CEST	49721	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:20.908138990 CEST	443	49721	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.264727116 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.264760017 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.265111923 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.273205042 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.273221016 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.489913940 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.490216970 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.492794037 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.492878914 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.493079901 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.493123055 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.493154049 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.493297100 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.493319035 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.493319988 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.493464947 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.493479013 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.494955063 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.494965076 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.495254040 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.554682970 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.658577919 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.700156927 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.763226032 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.763289928 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.763375998 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.763590097 CEST	49725	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.763607025 CEST	443	49725	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.791300058 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.791615009 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.791630030 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.792840958 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.794060946 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.794256926 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.794523954 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.795681953 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.795907974 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.795928001 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.799557924 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.799638987 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.800481081 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.800576925 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.800834894 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:21.800844908 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.804174900 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.804212093 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.804313898 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.804657936 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:21.804673910 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:21.840109110 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:21.851166964 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.016906977 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.016984940 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.018167973 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.018179893 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.018435955 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.019555092 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.060148001 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.114897013 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.115051985 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.115118027 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.115119934 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.115179062 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.116009951 CEST	49727	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.116039038 CEST	443	49727	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.121287107 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.121473074 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.121731043 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.121963024 CEST	49726	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.122001886 CEST	443	49726	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.224615097 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.224694014 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.224776983 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.225405931 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.225425005 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.225440025 CEST	49728	443	192.168.2.10	184.31.62.93
Apr 19, 2024 16:07:22.225445032 CEST	443	49728	184.31.62.93	192.168.2.10
Apr 19, 2024 16:07:22.265052080 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.265090942 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.265300035 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.266161919 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.266180992 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.276777983 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.276848078 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.276920080 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.277211905 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.277240992 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.564460993 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.565558910 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.565588951 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.566745996 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.569168091 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.587580919 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.587793112 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.592251062 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.592308044 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.592880011 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.597677946 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:22.600585938 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.600712061 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.605180979 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.605237961 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.652117014 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.652121067 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.887782097 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.887887955 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.887963057 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.887984037 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.888372898 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.888461113 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.893584013 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.893753052 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.893814087 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.893851042 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.893870115 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.893918991 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.923485994 CEST	49729	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.923513889 CEST	443	49729	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.924175024 CEST	49730	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.924206018 CEST	443	49730	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.938287973 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.938312054 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:22.938473940 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.938808918 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:22.938828945 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.238482952 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.247198105 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.247210979 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.248238087 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.256478071 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.256671906 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.284043074 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.324141979 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.562262058 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.562597990 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.562673092 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.562705040 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.562748909 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:23.562855959 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.563268900 CEST	49731	443	192.168.2.10	77.37.88.109
Apr 19, 2024 16:07:23.563287020 CEST	443	49731	77.37.88.109	192.168.2.10
Apr 19, 2024 16:07:27.408292055 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:28.831233978 CEST	49671	443	192.168.2.10	204.79.197.203
Apr 19, 2024 16:07:30.190536976 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:30.190601110 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:30.190661907 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:32.115844965 CEST	49722	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:07:32.115875006 CEST	443	49722	142.251.15.103	192.168.2.10
Apr 19, 2024 16:07:32.918061972 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:32.920658112 CEST	49736	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:32.920695066 CEST	443	49736	173.222.162.55	192.168.2.10
Apr 19, 2024 16:07:32.920810938 CEST	49736	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:32.921020031 CEST	49736	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:32.921027899 CEST	443	49736	173.222.162.55	192.168.2.10
Apr 19, 2024 16:07:33.221888065 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:33.242731094 CEST	443	49736	173.222.162.55	192.168.2.10
Apr 19, 2024 16:07:33.242808104 CEST	49736	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:33.831338882 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:35.034349918 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:37.018752098 CEST	49677	443	192.168.2.10	20.42.65.85
Apr 19, 2024 16:07:37.440655947 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:42.252681017 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:51.861464977 CEST	49672	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:07:52.386147022 CEST	443	49736	173.222.162.55	192.168.2.10
Apr 19, 2024 16:07:52.386276960 CEST	49736	443	192.168.2.10	173.222.162.55
Apr 19, 2024 16:08:19.915836096 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:19.915885925 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:19.915973902 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:19.916403055 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:19.916414976 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:20.129564047 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:20.129882097 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:20.129905939 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:20.130244017 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:20.130600929 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:20.130676031 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:20.176958084 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:30.127311945 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:30.127389908 CEST	443	49739	142.251.15.103	192.168.2.10
Apr 19, 2024 16:08:30.127464056 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:32.113532066 CEST	49739	443	192.168.2.10	142.251.15.103
Apr 19, 2024 16:08:32.113571882 CEST	443	49739	142.251.15.103	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:07:15.740861893 CEST	53	53633	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:15.953180075 CEST	53	58088	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:16.550662994 CEST	53	57171	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:17.394609928 CEST	52196	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:17.394670963 CEST	52521	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:17.642990112 CEST	53	52196	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:17.656795979 CEST	53	52521	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:18.303572893 CEST	57278	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:18.303713083 CEST	62366	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:18.894952059 CEST	53	57278	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:18.908231020 CEST	53	62366	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.050412893 CEST	53	59732	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.579041004 CEST	60685	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:19.579358101 CEST	60299	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:19.647484064 CEST	53	61955	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.684148073 CEST	53	60685	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.865838051 CEST	50016	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:19.866235971 CEST	57062	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:19.878112078 CEST	53	60299	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.972424984 CEST	53	50016	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:19.972843885 CEST	53	57062	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:20.915426016 CEST	54998	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:20.916857958 CEST	56617	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:21.024372101 CEST	53	62812	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:21.032318115 CEST	53	56617	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:21.228913069 CEST	53	54998	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:21.229449034 CEST	65203	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:21.720515966 CEST	53	65203	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:21.722357035 CEST	59535	53	192.168.2.10	1.1.1.1
Apr 19, 2024 16:07:21.828675032 CEST	53	59535	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:33.844183922 CEST	53	51612	1.1.1.1	192.168.2.10
Apr 19, 2024 16:07:52.798485041 CEST	53	50008	1.1.1.1	192.168.2.10
Apr 19, 2024 16:08:15.551826954 CEST	53	56662	1.1.1.1	192.168.2.10
Apr 19, 2024 16:08:15.666448116 CEST	53	58348	1.1.1.1	192.168.2.10
Apr 19, 2024 16:08:17.179380894 CEST	138	138	192.168.2.10	192.168.2.255
Apr 19, 2024 16:08:42.811588049 CEST	53	50366	1.1.1.1	192.168.2.10

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 19, 2024 16:07:19.878354073 CEST	192.168.2.10	1.1.1.1	c232	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 16:07:17.394609928 CEST	192.168.2.10	1.1.1.1	0xa1a	Standard query (0)	moviemagicstream.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:17.394670963 CEST	192.168.2.10	1.1.1.1	0xf66d	Standard query (0)	moviemagicstream.com	65	IN (0x0001)	false
Apr 19, 2024 16:07:18.303572893 CEST	192.168.2.10	1.1.1.1	0x358c	Standard query (0)	abedwithdrawalautograph.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.303713083 CEST	192.168.2.10	1.1.1.1	0x874a	Standard query (0)	abedwithdrawalautograph.com	65	IN (0x0001)	false
Apr 19, 2024 16:07:19.579041004 CEST	192.168.2.10	1.1.1.1	0x3dba	Standard query (0)	moviemagicstream.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.579358101 CEST	192.168.2.10	1.1.1.1	0xd1c3	Standard query (0)	moviemagicstream.com	65	IN (0x0001)	false
Apr 19, 2024 16:07:19.865838051 CEST	192.168.2.10	1.1.1.1	0x9ca7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.866235971 CEST	192.168.2.10	1.1.1.1	0xfb08	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 19, 2024 16:07:20.915426016 CEST	192.168.2.10	1.1.1.1	0x22ff	Standard query (0)	linksyte.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:20.916857958 CEST	192.168.2.10	1.1.1.1	0xf7ea	Standard query (0)	linksyte.com	65	IN (0x0001)	false
Apr 19, 2024 16:07:21.229449034 CEST	192.168.2.10	1.1.1.1	0x8647	Standard query (0)	linksyte.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:21.722357035 CEST	192.168.2.10	1.1.1.1	0x45d0	Standard query (0)	linksyte.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 16:07:17.642990112 CEST	1.1.1.1	192.168.2.10	0xa1a	No error (0)	moviemagicstream.com		77.37.88.109	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		192.243.61.227	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		172.240.108.76	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		172.240.108.84	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		192.243.59.12	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		172.240.108.68	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		172.240.253.132	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		192.243.59.20	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		192.243.59.13	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		172.240.127.234	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:18.894952059 CEST	1.1.1.1	192.168.2.10	0x358c	No error (0)	abedwithdrawalautograph.com		192.243.61.225	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.684148073 CEST	1.1.1.1	192.168.2.10	0x3dba	No error (0)	moviemagicstream.com		77.37.88.109	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.103	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.105	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.147	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.106	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.104	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972424984 CEST	1.1.1.1	192.168.2.10	0x9ca7	No error (0)	www.google.com		142.251.15.99	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:19.972843885 CEST	1.1.1.1	192.168.2.10	0xfb08	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 19, 2024 16:07:21.228913069 CEST	1.1.1.1	192.168.2.10	0x22ff	Server failure (2)	linksyte.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:21.720515966 CEST	1.1.1.1	192.168.2.10	0x8647	Server failure (2)	linksyte.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:21.828675032 CEST	1.1.1.1	192.168.2.10	0x45d0	Server failure (2)	linksyte.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:31.764808893 CEST	1.1.1.1	192.168.2.10	0xda1	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:31.764808893 CEST	1.1.1.1	192.168.2.10	0xda1	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:44.874011993 CEST	1.1.1.1	192.168.2.10	0x8a29	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:07:44.874011993 CEST	1.1.1.1	192.168.2.10	0x8a29	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:08:07.876504898 CEST	1.1.1.1	192.168.2.10	0xa59c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:08:07.876504898 CEST	1.1.1.1	192.168.2.10	0xa59c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

moviemagicstream.com

https:

abedwithdrawalautograph.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49710	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:17 UTC	748	OUT	GET /vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	503	IN	HTTP/1.1 200 OK Connection: close content-type: text/html last-modified: Fri, 09 Feb 2024 11:46:18 GMT etag: "1458-65c6108a-ec975b7c20392b50;;;" accept-ranges: bytes content-length: 5208 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	5208	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 2e 6d 6f 62 69 6c 65 53 68 6f 77 20 7b 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 7d 0a 0a 20 20 2f 2a 20 53 6d 61 72 74 70 68 6f 6e 65 20 50 6f 72 74 72 61 69 74 20 61 6e 64 20 4c 61 6e 64 73 63 61 70 65 20 2a 2f 0a 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 0a 20 Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <link rel="stylesheet" type="text/css" href="style.css"> <style type="text/css"> .mobileShow {display: none;} /* Smartphone Portrait and Landscape */ @media only screen

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49709	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:18 UTC	633	OUT	GET /style.css HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	578	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:18 GMT content-type: text/css last-modified: Fri, 08 Sep 2023 02:58:33 GMT etag: "97-64fa8dd9-c18a43a811e3d7a0;;;" accept-ranges: bytes content-length: 151 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	151	IN	Data Raw: 2f 2a 20 73 74 79 6c 65 73 2e 63 73 73 20 2a 2f 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 74 6f 2d 68 69 64 65 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 20 7b 0d 0a 20 20 2e 63 6f 6e 74 65 6e 74 2d 74 6f 2d 68 69 64 65 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 7d 0d 0a 7d Data Ascii: /* styles.css */.content-to-hide { display: block;}@media screen and (min-width: 1024px) { .content-to-hide { display: none; }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49714	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:18 UTC	652	OUT	GET /static/css/main.33f82228.css HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	580	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:18 GMT content-type: text/css last-modified: Thu, 03 Aug 2023 00:37:53 GMT etag: "132f-64caf6e1-c0deed91ca28df7;;;" accept-ranges: bytes content-length: 4911 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	788	IN	Data Raw: 40 69 6d 70 6f 72 74 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 50 6f 70 70 69 6e 73 3a 77 67 68 74 40 32 30 30 3b 34 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 29 3b 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 2d 6d 6f 7a 2d 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 4f 78 79 67 65 6e 2c 55 62 75 6e 74 75 2c 43 61 6e 74 61 72 65 6c 6c 2c 46 69 72 61 Data Ascii: @import url(https://fonts.googleapis.com/css2?family=Poppins:wght@200;400;700&display=swap);body{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira
2024-04-19 14:07:18 UTC	4123	IN	Data Raw: 2d 72 61 64 69 75 73 3a 35 30 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 3a 2e 35 72 65 6d 20 31 72 65 6d 7d 2e 73 65 61 72 63 68 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 35 34 62 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 70 72 69 6d 61 72 79 2d 63 6f 6c 6f 72 29 3b 6f 75 74 6c 69 6e 65 3a 30 7d 2e 73 65 61 72 63 68 3a 3a 2d 77 65 62 6b 69 74 2d 69 6e 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 23 37 33 37 38 63 35 7d 2e 73 65 61 72 63 68 3a 3a 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 23 37 33 37 38 63 35 7d 6d 61 69 6e 7b 64 Data Ascii: -radius:50px;color:#fff;font-family:inherit;font-size:1rem;padding:.5rem 1rem}.search:focus{background-color:#22254b;background-color:var(--primary-color);outline:0}.search::-webkit-input-placeholder{color:#7378c5}.search::placeholder{color:#7378c5}main{d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49713	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:18 UTC	635	OUT	GET /styles1.css HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	579	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:18 GMT content-type: text/css last-modified: Fri, 06 Oct 2023 17:03:08 GMT etag: "142-65203dcc-5d6fa73f848c1adb;;;" accept-ranges: bytes content-length: 322 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	322	IN	Data Raw: 62 6f 64 79 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 63 6f 6e 74 65 6e 74 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 20 20 20 20 2f 2a 20 41 64 64 20 73 6f 6d 65 20 70 61 64 64 69 6e 67 20 74 6f 20 63 72 65 61 74 65 20 73 70 61 63 65 20 61 62 6f 76 65 20 74 68 65 20 66 6f 6f 74 65 72 20 2a 2f 0d 0a 7d 0d 0a 0d 0a 2e 66 6f 6f 74 65 72 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 30 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 Data Ascii: body { margin: 0; padding: 0;}.content { padding: 20px; /* Add some padding to create space above the footer */}.footer { position: fixed; bottom: 0; left: 0; width: 100%; background-color: #333;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49715	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:18 UTC	680	OUT	GET /player.jpg HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	584	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:18 GMT content-type: image/jpeg last-modified: Sat, 02 Sep 2023 05:58:54 GMT etag: "9958-64f2cf1e-b055b22b981601a1;;;" accept-ranges: bytes content-length: 39256 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	1368	IN	Data Raw: ff d8 ff e1 0b cc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 91 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0e a6 00 00 00 27 10 00 0e a6 00 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 33 3a 30 39 3a 30 32 20 31 33 3a 34 37 3a 34 32 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 cd a0 03 00 04 00 00 00 01 00 00 01 9b 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: ExifMM*bj(1r2i''Adobe Photoshop 22.1 (Windows)2023:09:02 13:47:42"
2024-04-19 14:07:19 UTC	14994	IN	Data Raw: fd 6f eb 2e 76 79 7e fa 4d a6 bc 6d 4c 0a 6b 3e 9d 1b 41 9d bb d8 df 55 ff 00 f0 b6 58 ba bf f1 26 47 ed ce a0 04 7a 9f 64 f6 fc 3d 4a e7 fe f8 bc e9 25 37 fe af ff 00 cb dd 37 ff 00 0d d1 ff 00 9f 18 be 8c eb 3d 0f a5 f5 cc 37 61 75 4c 76 e4 52 75 6c e8 e6 bb f7 ea b1 be fa 9f fd 45 f3 9f d5 ff 00 f9 7b a6 ff 00 e1 ba 3f f3 e3 17 d3 69 29 f0 cf ae 3f e2 bb aa 74 2f 53 37 a6 ee ea 1d 31 b2 e7 38 0f d3 54 d1 fe 9e b6 ff 00 38 c6 b7 fe d4 53 ff 00 09 ea d5 42 e2 17 d5 4b c3 3f c6 6e 4f d4 9b f3 f7 74 16 ee ea 05 db b2 ef c7 20 62 ba 67 76 9f e1 32 37 06 bf d5 c6 fd 0f bf f4 9e b5 df 41 29 c9 fa 81 d6 6c e8 ff 00 5a f0 2f 6b a2 ab ec 18 b9 02 60 1a ee 22 b3 bf fe 29 fe 9d ff 00 f5 a5 63 fc 66 74 96 f4 bf ae 19 ad ad bb 69 cb 8c ba c4 cf f3 ba dc 7f f6 29 b7 Data Ascii: o.vy~MmLk>AUX&Gzd=J%77=7auLvRulE{?i)?t/S718T8SBK?nOt bgv27A)lZ/k`")cfti)
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 00 00 00 00 4b 0e 4b 4c b3 98 35 5b 5c fe b4 00 00 66 34 5e 5f 9c 00 00 1a 09 b6 b1 6b ad 74 d0 00 00 37 89 25 c6 39 cc 59 ed aa 8b 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 c1 4c c9 f0 cc d5 c5 ad 44 9e d0 00 03 31 a2 f2 fc e0 00 00 1d 4e 57 91 75 0a 5d 5f 4c 00 01 d9 91 7c fe 71 ac 35 a5 43 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 cd 3c e6 64 52 54 07 ad 68 1a d0 00 03 31 a2 f2 fc e0 00 00 00 68 26 da c5 ae b5 d3 40 00 2f 48 c6 39 79 44 46 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 9f 39 cc bf 24 a6 bb 5b d2 dd 00 00 19 8d 17 97 e7 00 00 00 00 63 11 4c c6 b7 81 d4 00 17 85 63 19 54 50 97 bd 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 66 ae 73 32 09 2a Data Ascii: KKL5[\f4^_kt7%9YZLD1NWu]_L\|q5Cz<dRTh1h&@/H9yDF9$[cLcTPfs2*
2024-04-19 14:07:19 UTC	6510	IN	Data Raw: 13 21 8c 15 3d ca 7c 50 19 56 f2 76 56 8d 78 c6 76 9f b4 e6 0e a2 ed 58 8e 90 ed af 56 e9 ab bc cf 32 d4 ef 61 72 dd 85 bb ce 5e 30 6c ce b5 55 1e a4 41 c2 d3 49 38 ea db 24 82 09 26 8a 08 a6 44 91 45 22 15 34 92 49 32 81 13 49 24 c8 00 44 d3 4c 80 00 52 80 00 00 07 00 d5 af 25 e4 db 75 76 83 8f a8 d0 52 36 7b 95 d2 dd 2e c6 02 b3 58 af 44 36 3b b9 39 99 b9 99 25 9b b1 8e 8f 64 d9 33 1d 45 14 39 4a 00 1f a7 52 bb 5c da d4 9c fd 2b 62 95 39 b4 8f 26 f9 64 9e 41 5a 37 3f 63 82 7e 47 31 b6 db 94 7a c5 6f 21 0d 8b e1 e4 5a a6 ea bd 5c 72 52 2c aa e9 a7 29 2a 98 3d 2b 26 51 1f 98 95 9d c4 6d 77 23 49 e3 ec 81 5e 39 5b 3f 40 82 77 95 5b c5 65 57 08 2f 2b 47 c8 55 95 15 24 7d b2 9d 35 e6 e4 eb da 2e 00 74 96 22 6e 5b 28 dd e2 0d dc 25 19 42 78 e2 3f 06 6f 12 22 Data Ascii: !=\|PVvVxvXV2ar^0lUAI8$&DE"4I2I$DLR%uvR6{.XD6;9%d3E9JR\+b9&dAZ7?c~G1zo!Z\rR,)*=+&Qmw#I^9[?@w[eW/+GU$}5.t"n[(%Bx?o"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49716	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:18 UTC	636	OUT	GET /static/js/main.e001181c.js HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:18 UTC	600	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:18 GMT content-type: application/x-javascript last-modified: Thu, 03 Aug 2023 00:37:54 GMT etag: "3bdb3-64caf6e2-1d56b54f430b050f;;;" accept-ranges: bytes content-length: 245171 date: Fri, 19 Apr 2024 14:07:18 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:18 UTC	1368	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 61 69 6e 2e 65 30 30 31 31 38 31 63 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 37 32 35 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 72 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 69 66 Data Ascii: /! For license information please see main.e001181c.js.LICENSE.txt /!function(){var e={725:function(e){"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;e.exports=function(){try{if
2024-04-19 14:07:19 UTC	14994	IN	Data Raw: 65 63 6b 2d 70 72 6f 70 2d 74 79 70 65 73 22 29 3b 74 68 72 6f 77 20 6c 2e 6e 61 6d 65 3d 22 49 6e 76 61 72 69 61 6e 74 20 56 69 6f 6c 61 74 69 6f 6e 22 2c 6c 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 72 65 74 75 72 6e 20 65 7d 65 2e 69 73 52 65 71 75 69 72 65 64 3d 65 3b 76 61 72 20 6e 3d 7b 61 72 72 61 79 3a 65 2c 62 69 67 69 6e 74 3a 65 2c 62 6f 6f 6c 3a 65 2c 66 75 6e 63 3a 65 2c 6e 75 6d 62 65 72 3a 65 2c 6f 62 6a 65 63 74 3a 65 2c 73 74 72 69 6e 67 3a 65 2c 73 79 6d 62 6f 6c 3a 65 2c 61 6e 79 3a 65 2c 61 72 72 61 79 4f 66 3a 74 2c 65 6c 65 6d 65 6e 74 3a 65 2c 65 6c 65 6d 65 6e 74 54 79 70 65 3a 65 2c 69 6e 73 74 61 6e 63 65 4f 66 3a 74 2c 6e 6f 64 65 3a 65 2c 6f 62 6a 65 63 74 4f 66 3a 74 2c 6f 6e 65 4f 66 3a 74 2c 6f 6e 65 4f 66 54 79 70 65 3a Data Ascii: eck-prop-types");throw l.name="Invariant Violation",l}}function t(){return e}e.isRequired=e;var n={array:e,bigint:e,bool:e,func:e,number:e,object:e,string:e,symbol:e,any:e,arrayOf:t,element:e,elementType:e,instanceOf:t,node:e,objectOf:t,oneOf:t,oneOfType:
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 74 2b 65 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 65 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2c 70 65 5b 74 5d 3d 70 65 5b 65 5d 7d 29 29 7d 29 29 3b 76 61 72 20 67 65 3d 4d 28 7b 6d 65 6e 75 69 74 65 6d 3a 21 30 7d 2c 7b 61 72 65 61 3a 21 30 2c 62 61 73 65 3a 21 30 2c 62 72 3a 21 30 2c 63 6f 6c 3a 21 30 2c 65 6d 62 65 64 3a 21 30 2c 68 72 3a 21 30 2c 69 6d 67 3a 21 30 2c 69 6e 70 75 74 3a 21 30 2c 6b 65 79 67 65 6e 3a 21 30 2c 6c 69 6e 6b 3a 21 30 2c 6d 65 74 61 3a 21 30 2c 70 61 72 61 6d 3a 21 30 2c 73 6f 75 72 63 65 3a 21 30 2c 74 72 61 63 6b 3a 21 30 2c 77 62 72 3a 21 30 7d 29 3b 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 2c 74 29 7b 69 66 28 74 29 7b 69 66 Data Ascii: orEach((function(t){t=t+e.charAt(0).toUpperCase()+e.substring(1),pe[t]=pe[e]}))}));var ge=M({menuitem:!0},{area:!0,base:!0,br:!0,col:!0,embed:!0,hr:!0,img:!0,input:!0,keygen:!0,link:!0,meta:!0,param:!0,source:!0,track:!0,wbr:!0});function ye(e,t){if(t){if
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 79 64 6f 77 6e 22 3d 3d 3d 65 29 72 65 74 75 72 6e 20 59 6e 28 51 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 72 28 65 2c 74 29 7b 69 66 28 22 63 6c 69 63 6b 22 3d 3d 3d 65 29 72 65 74 75 72 6e 20 59 6e 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 69 72 28 65 2c 74 29 7b 69 66 28 22 69 6e 70 75 74 22 3d 3d 3d 65 7c 7c 22 63 68 61 6e 67 65 22 3d 3d 3d 65 29 72 65 74 75 72 6e 20 59 6e 28 74 29 7d 76 61 72 20 6c 72 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 69 73 3f 4f 62 6a 65 63 74 2e 69 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 74 26 26 28 30 21 3d 3d 65 7c 7c 31 2f 65 3d 3d 3d 31 2f 74 29 7c 7c 65 21 3d 3d 65 26 26 74 21 3d 3d 74 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 72 28 65 2c 74 29 7b Data Ascii: ydown"===e)return Yn(Qn)}function or(e,t){if("click"===e)return Yn(t)}function ir(e,t){if("input"===e\|\|"change"===e)return Yn(t)}var lr="function"===typeof Object.is?Object.is:function(e,t){return e===t&&(0!==e\|\|1/e===1/t)\|\|e!==e&&t!==t};function ur(e,t){
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 3d 31 3c 3c 6f 7c 6e 3c 3c 61 7c 72 2c 47 61 3d 65 7d 66 75 6e 63 74 69 6f 6e 20 65 6f 28 65 29 7b 6e 75 6c 6c 21 3d 3d 65 2e 72 65 74 75 72 6e 26 26 28 58 61 28 65 2c 31 29 2c 5a 61 28 65 2c 31 2c 30 29 29 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 28 65 29 7b 66 6f 72 28 3b 65 3d 3d 3d 24 61 3b 29 24 61 3d 57 61 5b 2d 2d 56 61 5d 2c 57 61 5b 56 61 5d 3d 6e 75 6c 6c 2c 71 61 3d 57 61 5b 2d 2d 56 61 5d 2c 57 61 5b 56 61 5d 3d 6e 75 6c 6c 3b 66 6f 72 28 3b 65 3d 3d 3d 59 61 3b 29 59 61 3d 51 61 5b 2d 2d 4b 61 5d 2c 51 61 5b 4b 61 5d 3d 6e 75 6c 6c 2c 47 61 3d 51 61 5b 2d 2d 4b 61 5d 2c 51 61 5b 4b 61 5d 3d 6e 75 6c 6c 2c 4a 61 3d 51 61 5b 2d 2d 4b 61 5d 2c 51 61 5b 4b 61 5d 3d 6e 75 6c 6c 7d 76 61 72 20 6e 6f 3d 6e 75 6c 6c 2c 72 6f 3d 6e 75 6c 6c 2c 61 6f 3d 21 Data Ascii: =1<<o\|n<<a\|r,Ga=e}function eo(e){null!==e.return&&(Xa(e,1),Za(e,1,0))}function to(e){for(;e===$a;)$a=Wa[--Va],Wa[Va]=null,qa=Wa[--Va],Wa[Va]=null;for(;e===Ya;)Ya=Qa[--Ka],Qa[Ka]=null,Ga=Qa[--Ka],Qa[Ka]=null,Ja=Qa[--Ka],Qa[Ka]=null}var no=null,ro=null,ao=!
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 29 67 69 3d 74 2c 76 69 3d 65 3b 65 6c 73 65 7b 69 66 28 6e 75 6c 6c 3d 3d 3d 65 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6f 28 33 31 30 29 29 3b 65 3d 7b 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3a 28 76 69 3d 65 29 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 2c 62 61 73 65 53 74 61 74 65 3a 76 69 2e 62 61 73 65 53 74 61 74 65 2c 62 61 73 65 51 75 65 75 65 3a 76 69 2e 62 61 73 65 51 75 65 75 65 2c 71 75 65 75 65 3a 76 69 2e 71 75 65 75 65 2c 6e 65 78 74 3a 6e 75 6c 6c 7d 2c 6e 75 6c 6c 3d 3d 3d 67 69 3f 6d 69 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3d 67 69 3d 65 3a 67 69 3d 67 69 2e 6e 65 78 74 3d 65 7d 72 65 74 75 72 6e 20 67 69 7d 66 75 6e 63 74 69 6f 6e 20 5f 69 28 65 2c 74 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 Data Ascii: )gi=t,vi=e;else{if(null===e)throw Error(o(310));e={memoizedState:(vi=e).memoizedState,baseState:vi.baseState,baseQueue:vi.baseQueue,queue:vi.queue,next:null},null===gi?mi.memoizedState=gi=e:gi=gi.next=e}return gi}function _i(e,t){return"function"===typeof
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 21 3d 3d 69 2e 72 65 74 72 79 4c 61 6e 65 26 26 28 69 2e 72 65 74 72 79 4c 61 6e 65 3d 61 2c 4e 6f 28 65 2c 61 29 2c 72 73 28 72 2c 65 2c 61 2c 2d 31 29 29 7d 72 65 74 75 72 6e 20 76 73 28 29 2c 55 6c 28 65 2c 74 2c 6c 2c 72 3d 66 6c 28 45 72 72 6f 72 28 6f 28 34 32 31 29 29 29 29 7d 72 65 74 75 72 6e 22 24 3f 22 3d 3d 3d 61 2e 64 61 74 61 3f 28 74 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 74 2e 63 68 69 6c 64 3d 65 2e 63 68 69 6c 64 2c 74 3d 5f 73 2e 62 69 6e 64 28 6e 75 6c 6c 2c 65 29 2c 61 2e 5f 72 65 61 63 74 52 65 74 72 79 3d 74 2c 6e 75 6c 6c 29 3a 28 65 3d 69 2e 74 72 65 65 43 6f 6e 74 65 78 74 2c 72 6f 3d 73 61 28 61 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 2c 6e 6f 3d 74 2c 61 6f 3d 21 30 2c 6f 6f 3d 6e 75 6c 6c 2c 6e 75 6c 6c 21 3d 3d 65 26 26 28 51 61 Data Ascii: !==i.retryLane&&(i.retryLane=a,No(e,a),rs(r,e,a,-1))}return vs(),Ul(e,t,l,r=fl(Error(o(421))))}return"$?"===a.data?(t.flags\|=128,t.child=e.child,t=_s.bind(null,e),a._reactRetry=t,null):(e=i.treeContext,ro=sa(a.nextSibling),no=t,ao=!0,oo=null,null!==e&&(Qa
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 65 2c 74 29 3b 6e 2e 68 61 73 28 74 29 7c 7c 28 6e 2e 61 64 64 28 74 29 2c 74 2e 74 68 65 6e 28 72 2c 72 29 29 7d 29 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 75 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 2e 64 65 6c 65 74 69 6f 6e 73 3b 69 66 28 6e 75 6c 6c 21 3d 3d 6e 29 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 6e 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 7b 76 61 72 20 61 3d 6e 5b 72 5d 3b 74 72 79 7b 76 61 72 20 69 3d 65 2c 6c 3d 74 2c 75 3d 6c 3b 65 3a 66 6f 72 28 3b 6e 75 6c 6c 21 3d 3d 75 3b 29 7b 73 77 69 74 63 68 28 75 2e 74 61 67 29 7b 63 61 73 65 20 35 3a 66 75 3d 75 2e 73 74 61 74 65 4e 6f 64 65 2c 64 75 3d 21 31 3b 62 72 65 61 6b 20 65 3b 63 61 73 65 20 33 3a 63 61 73 65 20 34 3a 66 75 3d 75 2e 73 74 61 74 65 4e 6f 64 65 2e 63 6f 6e 74 61 69 6e 65 72 49 Data Ascii: e,t);n.has(t)\|\|(n.add(t),t.then(r,r))}))}}function vu(e,t){var n=t.deletions;if(null!==n)for(var r=0;r<n.length;r++){var a=n[r];try{var i=e,l=t,u=l;e:for(;null!==u;){switch(u.tag){case 5:fu=u.stateNode,du=!1;break e;case 3:case 4:fu=u.stateNode.containerI
2024-04-19 14:07:19 UTC	16384	IN	Data Raw: 69 6f 6e 2c 6e 3d 62 74 3b 74 72 79 7b 69 66 28 5f 75 2e 74 72 61 6e 73 69 74 69 6f 6e 3d 6e 75 6c 6c 2c 62 74 3d 31 36 3e 65 3f 31 36 3a 65 2c 6e 75 6c 6c 3d 3d 3d 59 75 29 76 61 72 20 72 3d 21 31 3b 65 6c 73 65 7b 69 66 28 65 3d 59 75 2c 59 75 3d 6e 75 6c 6c 2c 4a 75 3d 30 2c 30 21 3d 3d 28 36 26 6a 75 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 6f 28 33 33 31 29 29 3b 76 61 72 20 61 3d 6a 75 3b 66 6f 72 28 6a 75 7c 3d 34 2c 5a 6c 3d 65 2e 63 75 72 72 65 6e 74 3b 6e 75 6c 6c 21 3d 3d 5a 6c 3b 29 7b 76 61 72 20 69 3d 5a 6c 2c 6c 3d 69 2e 63 68 69 6c 64 3b 69 66 28 30 21 3d 3d 28 31 36 26 5a 6c 2e 66 6c 61 67 73 29 29 7b 76 61 72 20 75 3d 69 2e 64 65 6c 65 74 69 6f 6e 73 3b 69 66 28 6e 75 6c 6c 21 3d 3d 75 29 7b 66 6f 72 28 76 61 72 20 73 3d 30 3b 73 3c 75 Data Ascii: ion,n=bt;try{if(_u.transition=null,bt=16>e?16:e,null===Yu)var r=!1;else{if(e=Yu,Yu=null,Ju=0,0!==(6&ju))throw Error(o(331));var a=ju;for(ju\|=4,Zl=e.current;null!==Zl;){var i=Zl,l=i.child;if(0!==(16&Zl.flags)){var u=i.deletions;if(null!==u){for(var s=0;s<u
2024-04-19 14:07:19 UTC	22	IN	Data Raw: 74 68 72 6f 77 20 45 72 72 6f 72 28 6f 28 34 30 29 29 3b 72 65 74 Data Ascii: throw Error(o(40));ret

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49717	192.243.61.227	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:19 UTC	575	OUT	GET /13/04/cf/1304cf13787d5a6af6c615eae42729c0.js HTTP/1.1 Host: abedwithdrawalautograph.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://moviemagicstream.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:19 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Fri, 19 Apr 2024 14:07:19 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49719	192.243.61.227	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:19 UTC	661	OUT	GET /bca5d9bffe1d75f1d79b16283e08d02c/invoke.js HTTP/1.1 Host: abedwithdrawalautograph.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://moviemagicstream.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:20 UTC	540	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Fri, 19 Apr 2024 14:07:20 GMT Content-Type: application/javascript Content-Length: 0 Connection: close P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin: * Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49721	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:20 UTC	354	OUT	GET /player.jpg HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:20 UTC	584	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:20 GMT content-type: image/jpeg last-modified: Sat, 02 Sep 2023 05:58:54 GMT etag: "9958-64f2cf1e-b055b22b981601a1;;;" accept-ranges: bytes content-length: 39256 date: Fri, 19 Apr 2024 14:07:20 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:20 UTC	784	IN	Data Raw: ff d8 ff e1 0b cc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 91 87 69 00 04 00 00 00 01 00 00 00 a8 00 00 00 d4 00 0e a6 00 00 00 27 10 00 0e a6 00 00 00 27 10 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 33 3a 30 39 3a 30 32 20 31 33 3a 34 37 3a 34 32 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 cd a0 03 00 04 00 00 00 01 00 00 01 9b 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 1a 00 05 00 00 00 01 00 00 01 22 01 1b 00 05 00 Data Ascii: ExifMM*bj(1r2i''Adobe Photoshop 22.1 (Windows)2023:09:02 13:47:42"
2024-04-19 14:07:20 UTC	14994	IN	Data Raw: f2 b3 84 c3 d3 75 e3 f3 46 94 a4 85 b4 95 c4 d4 e4 f4 a5 b5 c5 d5 e5 f5 56 66 76 86 96 a6 b6 c6 d6 e6 f6 27 37 47 57 67 77 87 97 a7 b7 c7 ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f2 a4 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4a 49 24 92 52 92 49 24 94 a4 92 49 25 29 24 92 49 4f ff d0 f2 a4 92 49 25 29 24 92 49 4a 49 24 92 52 95 9e 9b d3 33 fa ae 65 78 3d 3e 87 64 e4 da 61 95 b3 fe a9 ce 74 31 8c 6f e7 d8 ff 00 63 15 76 31 f6 3d b5 d6 d2 f7 bc 86 b5 ad 12 49 3a 35 ad 68 5e a5 93 6e 3f f8 b1 fa b5 5e 36 36 cb 3e b4 f5 56 07 5d 63 b6 bb d1 6f 78 67 bb f4 54 3b f4 58 fb ff 00 47 93 93 ea df fc dd 5f 66 49 4d 61 f5 2f ea 5f d5 1a 5b 77 d7 1c df b6 e7 3d bb 99 d3 b1 8b 80 20 ce d8 6b 3d 3c 87 fb 98 ed 97 dc fc 4c 7f f0 6a 0f ff Data Ascii: uFVfv'7GWgw?I%)$IJI$RI$I%)$IJI$RI$I%)$IOI%)$IJI$R3ex=>dat1ocv1=I:5h^n?^66>V]coxgT;XG_fIMa/_[w= k=<Lj
2024-04-19 14:07:20 UTC	16384	IN	Data Raw: 44 9c f4 cc f3 6c 49 21 09 24 f3 26 4b 9e a1 12 0b 6b 96 ba c5 da 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 93 11 6a 04 cc 87 64 e1 64 29 ed 83 5d d6 15 50 00 00 07 3d 89 71 49 3e e9 9c e8 30 dc aa cb 5b d0 fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 82 2d e3 ce 76 64 9a 68 5a b7 f5 ad 60 d0 00 00 00 00 76 cc 58 9d 33 34 e9 38 29 55 a6 b5 18 fb 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 42 c5 c5 59 ce d1 92 2b 56 d5 d7 ad 70 30 00 00 00 00 00 13 07 92 cd 4c e7 e3 15 24 6b 71 f4 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 85 b1 f9 cc 98 a4 8b 95 b5 58 eb 5f 14 00 00 00 00 00 00 12 e7 92 d0 9c e7 1a 0a 60 35 bc 25 a0 00 00 Data Ascii: DlI!$&Kkjdd)]P=qI>0[3-vdhZ`vX348)U@BY+Vp0L$kq~X_`5%
2024-04-19 14:07:20 UTC	7094	IN	Data Raw: 25 ab 12 c2 92 8e a0 26 88 8a 48 4b c7 f4 89 1b bc 45 eb 26 9a b1 ee d3 66 cc 2b 94 0d eb 32 8f 3b db 7d 31 ca ec 2b 94 5d cf a3 1c d4 0a 8b 59 79 27 06 6d 15 50 cc 5e 6c 81 50 8f 9d 72 74 a3 a4 c4 13 6d 2c a2 09 89 24 d9 5a 71 ae 4e a7 d9 31 fe 42 a3 cd bf ad 5c 69 57 08 67 f5 eb 45 62 7e 2d 73 36 90 87 9c 84 94 41 b4 84 6c 83 45 c8 25 3a 6a a6 53 07 f6 08 7f 80 d4 77 63 bd 6a f5 8f 1d 6c 9a 39 c3 39 fa 95 1d c9 a4 6b 37 cd d4 19 13 95 c3 26 51 0b 24 66 73 55 1c 28 e8 4a 53 48 d8 11 32 2f e6 1b 0f 9a c2 9d 33 2c 79 68 ea e5 1a 89 59 af d2 e9 54 e8 38 ba c5 4a a1 54 87 8f af 56 2a f5 b8 36 48 c6 c2 d7 eb d0 31 2d da 45 c3 42 c4 47 36 4d 06 cd 5b 24 9a 08 22 99 48 42 94 a0 01 ab 56 43 c8 36 78 3a 55 12 8f 5f 97 b6 5c 6d f6 79 36 90 b5 da c5 66 01 82 f2 93 Data Ascii: %&HKE&f+2;}1+]Yy'mP^lPrtm,$ZqN1B\iWgEb~-s6AlE%:jSwcjl99k7&Q$fsU(JSH2/3,yhYT8JTV*6H1-EBG6M[$"HBVC6x:U_\my6f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49725	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:07:21 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=147360 Date: Fri, 19 Apr 2024 14:07:21 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49727	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:21 UTC	681	OUT	GET /favicon.ico HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:22 UTC	584	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:22 GMT content-type: image/x-icon last-modified: Thu, 03 Aug 2023 00:37:52 GMT etag: "f1e-64caf6e0-bdf4474ca0f2bf65;;;" accept-ranges: bytes content-length: 3870 date: Fri, 19 Apr 2024 14:07:22 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:22 UTC	784	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 01 00 20 00 e3 01 00 00 46 00 00 00 18 18 00 00 01 00 20 00 0c 03 00 00 29 02 00 00 20 20 00 00 01 00 20 00 39 03 00 00 35 05 00 00 40 40 00 00 01 00 20 00 b0 06 00 00 6e 08 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 03 00 00 00 28 2d 0f 53 00 00 00 e4 50 4c 54 45 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 32 50 58 3d 72 80 29 37 3b 2a 3a 3e 48 90 a4 2d 42 47 45 88 9a 38 64 6f 35 58 62 36 5b 65 4b 99 ae 4b 9a af 31 4d 55 39 67 73 33 53 5c 49 93 a7 3a 67 74 27 30 33 40 7b 8b 56 b9 d4 54 b4 cf 41 7d 8d 56 bb d6 40 79 89 36 5c 66 48 92 a6 2d 43 49 49 94 a8 45 88 9b 2b 3b 40 37 5f 69 37 5f 6a 46 8a 9d 4a 96 ab 4b 9b b0 48 90 a3 2d 42 48 61 da fb 2c 40 46 43 83 94 4c 9d b3 26 2e 30 Data Ascii: F ) 95@@ nPNGIHDR(-SPLTE""""""""""""""""""2PX=r)7;*:>H-BGE8do5Xb6[eKK1MU9gs3S\I:gt'03@{VTA}V@y6\fH-CIIE+;@7_i7_jFJKH-BHa,@FCL&.0
2024-04-19 14:07:22 UTC	3086	IN	Data Raw: bf db 2b 3d 41 57 be da 2c 40 46 57 bc d8 51 aa c3 3f 76 85 57 bc d7 2b 3c 41 40 79 88 22 23 24 5c cc ea 34 57 61 5c cc eb 53 b2 cc 24 28 2a 2e 45 4c 5e d1 f1 56 ba d5 36 5d 68 23 24 25 47 8e a1 23 26 27 3b 6a 77 56 b9 d4 2d 43 49 4c 9b b1 5a c4 e1 5e d0 ef 3e 75 84 53 b0 ca 2f 48 4e 4d a0 b7 5f d5 f5 5c cb e9 4d a0 b6 38 64 6f 44 85 97 44 86 98 3e 74 83 2b 3d 42 5b c8 e6 2c 3e 43 3e 74 82 3c 6f 7d 40 79 89 30 4c 53 2e 45 4b 54 b4 ce 24 27 28 25 2c 2e 41 7e 8e 57 bd d9 43 81 92 25 2b 2c 5c ca e8 43 21 e4 1d 00 00 00 07 74 52 4e 53 06 91 ed ee 90 88 89 9c 47 be d6 00 00 01 4f 49 44 41 54 78 01 6c 89 c3 42 b6 51 14 85 9f 75 b4 df 5f c8 b3 3c cb 16 a6 dd 76 1c 65 8d ea 06 b2 8d f3 61 16 36 16 41 ce be 8c 17 04 fb 76 a2 7b 07 40 ce 07 00 45 27 00 de 64 00 49 Data Ascii: +=AW,@FWQ?vW+<A@y"#$\4Wa\S$(*.EL^V6]h#$%G#&';jwV-CILZ^>uS/HNM_\M8doDD>t+=B[,>C>t<o}@y0LS.EKT$'(%,.A~WC%+,\C!tRNSGOIDATxlBQu_<vea6Av{@E'dI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49726	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:21 UTC	622	OUT	GET /manifest.json HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: manifest Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:22 UTC	508	IN	HTTP/1.1 200 OK Connection: close content-type: application/json last-modified: Thu, 03 Aug 2023 00:37:51 GMT etag: "1ec-64caf6df-b0511b2ae9b8380e;;;" accept-ranges: bytes content-length: 492 date: Fri, 19 Apr 2024 14:07:22 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:22 UTC	492	IN	Data Raw: 7b 0a 20 20 22 73 68 6f 72 74 5f 6e 61 6d 65 22 3a 20 22 52 65 61 63 74 20 41 70 70 22 2c 0a 20 20 22 6e 61 6d 65 22 3a 20 22 43 72 65 61 74 65 20 52 65 61 63 74 20 41 70 70 20 53 61 6d 70 6c 65 22 2c 0a 20 20 22 69 63 6f 6e 73 22 3a 20 5b 0a 20 20 20 20 7b 0a 20 20 20 20 20 20 22 73 72 63 22 3a 20 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 2c 0a 20 20 20 20 20 20 22 73 69 7a 65 73 22 3a 20 22 36 34 78 36 34 20 33 32 78 33 32 20 32 34 78 32 34 20 31 36 78 31 36 22 2c 0a 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 7b 0a 20 20 20 20 20 20 22 73 72 63 22 3a 20 22 6c 6f 67 6f 31 39 32 2e 70 6e 67 22 2c 0a 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 2f 70 6e 67 22 2c 0a 20 Data Ascii: { "short_name": "React App", "name": "Create React App Sample", "icons": [ { "src": "favicon.ico", "sizes": "64x64 32x32 24x24 16x16", "type": "image/x-icon" }, { "src": "logo192.png", "type": "image/png",

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49728	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:22 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-19 14:07:22 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=147380 Date: Fri, 19 Apr 2024 14:07:22 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-19 14:07:22 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49729	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:22 UTC	681	OUT	GET /logo192.png HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:22 UTC	582	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:22 GMT content-type: image/png last-modified: Thu, 03 Aug 2023 00:37:51 GMT etag: "14e3-64caf6df-813ae76150db9b6f;;;" accept-ranges: bytes content-length: 5347 date: Fri, 19 Apr 2024 14:07:22 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:22 UTC	5347	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 00 87 50 4c 54 45 00 00 00 64 da fb 61 da fc 61 db fc 61 da fc 61 db fc 61 da fb 61 db fc 61 da fb 61 da fc 61 db fc 61 da fc 61 da fc 61 db fc 61 da fc 61 da fc 61 da fb 61 da fb 61 da fb 61 da fc 60 da fb 61 da fb 61 db fb 61 da fc 61 da fc 61 da fc 61 da fc 61 da fb 60 da fb 61 da fb 61 db fc 61 da fc 61 db fc 61 da fb 61 db fc 61 da fb 61 da fb 61 db fb 61 da fb 61 da fb 66 e8 ff 61 dc fe 63 df ff 65 e3 ff 68 eb ff 48 d5 c6 94 00 00 00 27 74 52 4e 53 00 08 fb 23 f6 0f 2c e0 d8 eb 5f 93 80 ac f1 9c 45 c0 d0 4c 1c 17 6e 3f 58 e5 b3 34 51 67 b9 79 74 ca 3a a4 c5 87 8c 8c 8d 21 cd 00 00 13 e4 49 44 41 54 78 da ec 5b e9 72 9b 30 10 2e 02 1b 6c 2e 1b 3b Data Ascii: PNGIHDRe5PLTEdaaaaaaaaaaaaaaaaaa`aaaaaaa`aaaaaaaaaaafacehH'tRNS#,_ELn?X4Qgyt:!IDATx[r0.l.;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49730	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:22 UTC	355	OUT	GET /favicon.ico HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:22 UTC	584	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:22 GMT content-type: image/x-icon last-modified: Thu, 03 Aug 2023 00:37:52 GMT etag: "f1e-64caf6e0-bdf4474ca0f2bf65;;;" accept-ranges: bytes content-length: 3870 date: Fri, 19 Apr 2024 14:07:22 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:22 UTC	784	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 01 00 20 00 e3 01 00 00 46 00 00 00 18 18 00 00 01 00 20 00 0c 03 00 00 29 02 00 00 20 20 00 00 01 00 20 00 39 03 00 00 35 05 00 00 40 40 00 00 01 00 20 00 b0 06 00 00 6e 08 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 03 00 00 00 28 2d 0f 53 00 00 00 e4 50 4c 54 45 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 32 50 58 3d 72 80 29 37 3b 2a 3a 3e 48 90 a4 2d 42 47 45 88 9a 38 64 6f 35 58 62 36 5b 65 4b 99 ae 4b 9a af 31 4d 55 39 67 73 33 53 5c 49 93 a7 3a 67 74 27 30 33 40 7b 8b 56 b9 d4 54 b4 cf 41 7d 8d 56 bb d6 40 79 89 36 5c 66 48 92 a6 2d 43 49 49 94 a8 45 88 9b 2b 3b 40 37 5f 69 37 5f 6a 46 8a 9d 4a 96 ab 4b 9b b0 48 90 a3 2d 42 48 61 da fb 2c 40 46 43 83 94 4c 9d b3 26 2e 30 Data Ascii: F ) 95@@ nPNGIHDR(-SPLTE""""""""""""""""""2PX=r)7;*:>H-BGE8do5Xb6[eKK1MU9gs3S\I:gt'03@{VTA}V@y6\fH-CIIE+;@7_i7_jFJKH-BHa,@FCL&.0
2024-04-19 14:07:22 UTC	3086	IN	Data Raw: bf db 2b 3d 41 57 be da 2c 40 46 57 bc d8 51 aa c3 3f 76 85 57 bc d7 2b 3c 41 40 79 88 22 23 24 5c cc ea 34 57 61 5c cc eb 53 b2 cc 24 28 2a 2e 45 4c 5e d1 f1 56 ba d5 36 5d 68 23 24 25 47 8e a1 23 26 27 3b 6a 77 56 b9 d4 2d 43 49 4c 9b b1 5a c4 e1 5e d0 ef 3e 75 84 53 b0 ca 2f 48 4e 4d a0 b7 5f d5 f5 5c cb e9 4d a0 b6 38 64 6f 44 85 97 44 86 98 3e 74 83 2b 3d 42 5b c8 e6 2c 3e 43 3e 74 82 3c 6f 7d 40 79 89 30 4c 53 2e 45 4b 54 b4 ce 24 27 28 25 2c 2e 41 7e 8e 57 bd d9 43 81 92 25 2b 2c 5c ca e8 43 21 e4 1d 00 00 00 07 74 52 4e 53 06 91 ed ee 90 88 89 9c 47 be d6 00 00 01 4f 49 44 41 54 78 01 6c 89 c3 42 b6 51 14 85 9f 75 b4 df 5f c8 b3 3c cb 16 a6 dd 76 1c 65 8d ea 06 b2 8d f3 61 16 36 16 41 ce be 8c 17 04 fb 76 a2 7b 07 40 ce 07 00 45 27 00 de 64 00 49 Data Ascii: +=AW,@FWQ?vW+<A@y"#$\4Wa\S$(*.EL^V6]h#$%G#&';jwV-CILZ^>uS/HNM_\M8doDD>t+=B[,>C>t<o}@y0LS.EKT$'(%,.A~WC%+,\C!tRNSGOIDATxlBQu_<vea6Av{@E'dI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49731	77.37.88.109	443	7144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:07:23 UTC	355	OUT	GET /logo192.png HTTP/1.1 Host: moviemagicstream.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-19 14:07:23 UTC	582	IN	HTTP/1.1 200 OK Connection: close cache-control: public, max-age=604800 expires: Fri, 26 Apr 2024 14:07:23 GMT content-type: image/png last-modified: Thu, 03 Aug 2023 00:37:51 GMT etag: "14e3-64caf6df-813ae76150db9b6f;;;" accept-ranges: bytes content-length: 5347 date: Fri, 19 Apr 2024 14:07:23 GMT server: LiteSpeed platform: hostinger content-security-policy: upgrade-insecure-requests alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-19 14:07:23 UTC	786	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 00 87 50 4c 54 45 00 00 00 64 da fb 61 da fc 61 db fc 61 da fc 61 db fc 61 da fb 61 db fc 61 da fb 61 da fc 61 db fc 61 da fc 61 da fc 61 db fc 61 da fc 61 da fc 61 da fb 61 da fb 61 da fb 61 da fc 60 da fb 61 da fb 61 db fb 61 da fc 61 da fc 61 da fc 61 da fc 61 da fb 60 da fb 61 da fb 61 db fc 61 da fc 61 db fc 61 da fb 61 db fc 61 da fb 61 da fb 61 db fb 61 da fb 61 da fb 66 e8 ff 61 dc fe 63 df ff 65 e3 ff 68 eb ff 48 d5 c6 94 00 00 00 27 74 52 4e 53 00 08 fb 23 f6 0f 2c e0 d8 eb 5f 93 80 ac f1 9c 45 c0 d0 4c 1c 17 6e 3f 58 e5 b3 34 51 67 b9 79 74 ca 3a a4 c5 87 8c 8c 8d 21 cd 00 00 13 e4 49 44 41 54 78 da ec 5b e9 72 9b 30 10 2e 02 1b 6c 2e 1b 3b Data Ascii: PNGIHDRe5PLTEdaaaaaaaaaaaaaaaaaa`aaaaaaa`aaaaaaaaaaafacehH'tRNS#,_ELn?X4Qgyt:!IDATx[r0.l.;
2024-04-19 14:07:23 UTC	4561	IN	Data Raw: 27 f2 f5 d0 04 9c 34 7b 94 9f b6 48 98 6e a1 e2 84 66 50 03 ef fa 8e 09 02 23 99 ef e4 c3 ee 38 43 9e 62 c6 f3 86 00 22 b9 e3 dd f7 91 a3 5c 40 08 9c cb b4 46 bd f9 a0 50 9f c6 4d 75 6c e1 13 76 fb 26 1f 8a 00 ec fd 32 e1 b7 bd d3 07 6e 7e 11 d6 50 23 9a cb 67 d2 4c cb 9a 10 b0 1f 81 a2 93 4b a2 c0 37 43 11 b0 e6 ca 49 4f cd ad 2d 2d be c0 a3 92 fa e8 49 13 7f 29 40 95 60 27 f9 99 4b 4f 59 00 13 1a d8 89 32 72 3f d0 43 db 03 0a 43 28 ae c6 38 de 1a 0f c2 37 f9 91 9b 4d 7c 36 38 01 f1 8d 8d d2 07 79 8f bd 15 18 1e d0 ad bf cb 44 d0 2a 55 3a 52 8b 9d 8a ba 1a dc 8a 8f 37 ed a4 47 c7 ce 57 fa 2e 6d 54 23 74 92 09 fd 3b 17 89 5b b3 cf 82 3c 29 a9 8e 14 01 ae 9d e5 eb 57 ce db 53 33 fd 9b 08 f6 3f dc 6b 53 85 26 1d ec e0 88 31 c4 29 5b 78 a3 a0 75 fb 50 7f 47 Data Ascii: '4{HnfP#8Cb"\@FPMulv&2n~P#gLK7CIO--I)@`'KOY2r?CC(87M\|68yD*U:R7GW.mT#t;[<)WS3?kS&1)[xuPG

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5624, Parent PID: 3748

General

Target ID:	1
Start time:	16:07:11
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7144, Parent PID: 5624

General

Target ID:	3
Start time:	16:07:14
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1932,i,13799989580028705131,2957147564770480042,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1740, Parent PID: 3748

General

Target ID:	4
Start time:	16:07:16
Start date:	19/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8"
Imagebase:	0x7ff6c5c30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

Windows Analysis Report
https://moviemagicstream.com/vt34bt4ntn43tn34?fbclid=IwAR1ZshSooAeU_sYTZKap_8O5etNuFrDLtY271c8iY5i5_PG5GLu_LwiYsU8