Edit tour

Windows Analysis Report
https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu

Overview

General Information

Sample URL:	https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu
Analysis ID:	1431123
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /api/uPhish/results/visit HTTP/1.1Host: api.usecure.ioConnection: keep-aliveContent-Length: 14612sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://microloft.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://microloft.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.0Date: Wed, 24 Apr 2024 14:03:01 GMTContent-Type: text/html; charset=utf-8Content-Length: 189Connection: closeReport-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967381&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=0A5qXk0rOhI0hiuw6uTKo33%2FrSd67mt%2BD%2BVRMHIo7%2FI%3D"}]}Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967381&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=0A5qXk0rOhI0hiuw6uTKo33%2FrSd67mt%2BD%2BVRMHIo7%2FI%3DNel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}X-Powered-By: ExpressAccess-Control-Allow-Origin: *Etag: W/"bd-q+ifm/t1a737L1NUIOELtWJetOI"Via: 1.1 vegur
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 14:03:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeReport-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967382&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=PWwcXyw6b0v%2FQoRbV04cJJaTtbUFz3NKLDjsSEpyYAE%3D"}]}Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967382&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=PWwcXyw6b0v%2FQoRbV04cJJaTtbUFz3NKLDjsSEpyYAE%3DNel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}Vary: Origin, Accept-EncodingAccess-Control-Allow-Credentials: trueContent-Security-Policy: default-src 'none'X-Dns-Prefetch-Control: offExpect-Ct: max-age=0Strict-Transport-Security: max-age=15552000; includeSubDomainsX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: no-referrerX-Xss-Protection: 0Via: 1.1 vegurCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8796a268387b0add-LASalt-svc: h3=":443"; ma=86400

Source: chromecache_48.2.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_48.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_53.2.dr	String found in binary or memory: https://api.usecure.io
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: chromecache_47.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: chromecache_48.2.dr	String found in binary or memory: https://jquery.com/
Source: chromecache_48.2.dr	String found in binary or memory: https://jquery.org/license
Source: chromecache_48.2.dr	String found in binary or memory: https://js.foundation/
Source: chromecache_53.2.dr	String found in binary or memory: https://na.api.usecure.io
Source: chromecache_48.2.dr	String found in binary or memory: https://sizzlejs.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@20/19@12/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://js.foundation/	0%	URL Reputation	safe
https://microloft.net/favicon.ico	100%	Avira URL Cloud	phishing
https://microloft.net/js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	100%	Avira URL Cloud	phishing
https://na.api.usecure.io	0%	Avira URL Cloud	safe
https://api.usecure.io	0%	Avira URL Cloud	safe
https://api.usecure.io/api/uPhish/results/visit	0%	Avira URL Cloud	safe
https://microloft.net/js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3.eu-west-1.amazonaws.com	52.218.120.8	true	false	high
microloft.net	63.32.244.164	true	false	unknown
api.usecure.io	172.66.40.179	true	false	unknown
www.google.com	142.250.141.103	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://microloft.net/js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	false	Avira URL Cloud: phishing	unknown
https://api.usecure.io/api/uPhish/results/visit	false	Avira URL Cloud: safe	unknown
https://s3.eu-west-1.amazonaws.com/usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg	false		high
https://s3.eu-west-1.amazonaws.com/usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png	false		high
https://microloft.net/js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	false	Avira URL Cloud: phishing	unknown
https://microloft.net/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://jquery.org/license	chromecache_48.2.dr	false		high
https://na.api.usecure.io	chromecache_53.2.dr	false	Avira URL Cloud: safe	unknown
http://jquery.org/license	chromecache_48.2.dr	false		high
https://jquery.com/	chromecache_48.2.dr	false		high
http://jqueryui.com	chromecache_48.2.dr	false		high
https://api.usecure.io	chromecache_53.2.dr	false	Avira URL Cloud: safe	unknown
https://sizzlejs.com/	chromecache_48.2.dr	false		high
https://js.foundation/	chromecache_48.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.66.43.77	unknown	United States	13335	CLOUDFLARENETUS	false
52.218.1.115	unknown	United States	16509	AMAZON-02US	false
63.32.244.164	microloft.net	United States	16509	AMAZON-02US	false
52.218.120.8	s3.eu-west-1.amazonaws.com	United States	16509	AMAZON-02US	false
172.66.40.179	api.usecure.io	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.141.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.4
192.168.2.23

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431123
Start date and time:	2024-04-24 16:01:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@20/19@12/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.84, 142.251.2.139, 142.251.2.102, 142.251.2.113, 142.251.2.100, 142.251.2.101, 142.251.2.138, 34.104.35.123, 74.125.137.95, 142.251.2.95, 142.250.141.95, 142.250.141.94, 20.12.23.50, 23.45.12.163, 23.45.12.161, 192.229.211.108, 13.85.23.206, 142.250.101.94
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (11061), with no line terminators
Category:	downloaded
Size (bytes):	11061
Entropy (8bit):	5.21299878683566
Encrypted:	false
SSDEEP:	192:1QD9Gt1X3IOImHNbrcNJr+6JPdAJPsPtONX:CGt1X3IOISrqjUsG
MD5:	68E71B107BF44064271CF150D61B3DEE
SHA1:	625F48B73A9BAF6B64571212F7B8CC5B0DDC2701
SHA-256:	3E2BAB74C40388E97638ACC2F013789BF5AE90206C4544E570E5D4DE92BF2B2D
SHA-512:	5831E6D664DD19A7CF4A57E3C7956AADFE8C32E46E22DED9971064CA624EB4A82F18428BE46595476D313A915E391CF1A39F7AC3105E371D5071909F345BD12D
Malicious:	false
Reputation:	low
URL:	https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu
Preview:	<!DOCTYPE html><html><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Canva</title> <meta name="description" content> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> .u-row { display: flex; flex-wrap: nowrap; margin-left: 0; margin-right: 0;}.u-row .u-col { position: relative; width: 100%; padding-right: 0; padding-left: 0;}.u-row .u-col.u-col-21p92 { flex: 0 0 21.92%; max-width: 21.92%;}.u-row .u-col.u-col-33p33 { flex: 0 0 33.33%; max-width: 33.33%;}.u-row .u-col.u-col-42p46 { flex: 0 0 42.46%; max-width: 42.46%;}.u-row .u-col.u-col-44p75 { flex: 0 0 44.75%; max-width: 44.75%;}.u-row .u-col.u-col-57p54 { flex: 0 0 57.54%; max-width: 57.54%;}.u-row .u-col.u-col-100 { flex: 0 0 100%; max-width: 100%;}@media (max-width: 767px) { .u-row:not(.no-stack) { flex-wrap: wrap; } .u-row:not(.no-stack) .u-col { flex: 0 0 100% !important; max-wid

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 414 x 246, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12600
Entropy (8bit):	7.9499124351570885
Encrypted:	false
SSDEEP:	384:hKkSoiBsBCCrF4JflKKK8VeHO60gpl+nJdSM2hyv79uqNFAu+KU:lwsBPK0H9lQ+q3Aue
MD5:	343E7603DFCC9BEE1FD63BEB7F95C9B4
SHA1:	1CF856AC46DD1A32294BA5558321E90965C03087
SHA-256:	5CA1D84529DDBB8273970AD3DF6814E0A3D9A77725BA545B76720B46292B95D0
SHA-512:	0CC76DEE659C1B0E5DF86079F12077401C0E52C6B8D4C00E6AFF4C6980573457C5F006CAD743173924DF84407DC23F743C6630A8D3941FF1584C2F47BC5481A4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...................sRGB.........gAMA......a.....pHYs..........o.d..0.IDATx^...\U......8P\ .T@..G....9...Qfn3w.4.........U.Sq..E....'(.?.s....z.~.....s..^..<.ku_.""".X.DDD.`......<DDd.......CDD.b......<DDd.......CDD.b......<DDd.4]....DE.E..P^...bee.km.fo.[[..4......LDDD.>2.a..-&&..CDD.$.$..0.<w...9"".8F..P...?....3.........().....DDd.......CDD.b......<DDd.......CDD.2t.......g ."..Y+.B.sa5ODD...CN}...5x...G..........r.M..`.fkX.r....(#.....n.~9..Z..we....Z..Q....'f.7..p.^.JZ..~.L.~..2 #.c....:.&....M....".,......W.I......;Z.f..l......{...6.G....n.{.I..SPP...h...F....zi.~.u5\K.V.Y.+W.sW5.<=.L...3'>T....e...........l........:.6o.a.dp{.....a#R..}...m...mll`ck.{........^}\|Q....s.P.*.....-.....k...S..&r+..X..l...M.B....Q...k.......99...f.I..S..%...0z....C/..l.7.6..'........;.].y...........D....o...'\.zU_.(...<..#[..p.p..Q.Lj8....R.Y.~#..Kp...H..g.....y.7.}.f..v...Y.5.~..C..1m...-.?.(...<.k.m..p\|......+..2z~...b.....{O

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2358
Entropy (8bit):	5.490372424077067
Encrypted:	false
SSDEEP:	48:BOLSxOL0mFZMOLlOLyY3kOLwuOLMRVc+u4OLeN0oD:BOLSxOLzFZMOLlOLB3kOLDOLoVc+u4O2
MD5:	D1BD2CCAECEA11E5B03418E0AFEED55F
SHA1:	10323192DFB9FFA9B1CD0658A352EBEE9352B208
SHA-256:	55BE8B195B7C6725B1BDC62B22AF9F95F2ED7F2DD160A6E3D7AC0177ADD6E2F9
SHA-512:	9DDABC05DF0150565D5EC60A79ACD71AE319E8B0649CF7CAB30630BF21CACD1D9434A745326DCFC585299DDB23631CEF5B256E0BBBEEA9882D1BEC3AC6EF5893
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css?family=Source+Sans+Pro
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Source Sans Pro';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (33574)
Category:	downloaded
Size (bytes):	286117
Entropy (8bit):	5.39323793177636
Encrypted:	false
SSDEEP:	3072:F9jjKcTUk5r2forDhoDW3YN+diBMymtYr1Vv0qlQ7aXL7c:Smbr2goDW3bdTymiZQ7kg
MD5:	5680B969424BB7D67F18EBB020B6CE29
SHA1:	C67C9F1FFEB53E3DD00C8368F67316245F742251
SHA-256:	56969550E0E7344EA18E7F1262F207F93C27F4125772B440370344CF51D626A5
SHA-512:	FDA1BD3CB8F846AABE0D0973C2A6167F70B62C70EBAE6D41E8FD48CA2B8BB0555DB2C87C9650E18C23883CE7977A3D2DBF5211B759995F84545299BE2D059836
Malicious:	false
Reputation:	low
URL:	https://microloft.net/js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07
Preview:	!function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s=163)}([function(t,e,n){var r=n(2),i=n(13).f,o=n(16),a=n(14),s=n(84),u=n(119),c=n(54);t.export

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1125)
Category:	dropped
Size (bytes):	1281
Entropy (8bit):	5.343087801342748
Encrypted:	false
SSDEEP:	24:hYs2gqf9IweGBpvuDAJSa7egRWgzQunfvJVu3iPCMgsygDKGRWKMSoI9We1F/o:Y9ICTWqS/gwyPX7VqrsyEKGwKKI9WYw
MD5:	85B5BE46DDD0320E400A01B15AE710E3
SHA1:	E6C1B45D802B97EA847409194DBE9D024C4313C4
SHA-256:	552DFAD3EE6C38A1454343F2E07179E2529FC074F2667F0C76C502ECF7137386
SHA-512:	F1FD1B8B6815FC959361EB16C88E69E077393D0431212EAC81640E43EFFA08130CC5F1A8B4DF54ECE69D2C342CF0A3708D74894C2B3C76942BE189D368ACFC90
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /api/uPhish/results/visit</pre>.<script>(function(){if (!document.body) return;var js = "window['__CF$cv$params']={r:'8796a268387b0add',t:'MTcxMzk2NzM4Mi4yNjAwMDA='};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _0xh = document.createElement('iframe');_0xh.height = 1;_0xh.width = 1;_0xh.style.position = 'absolute';_0xh.style.top = 0;_0xh.style.left = 0;_0xh.style.border = 'none';_0xh.style.visibility = 'hidden';document.body.appendChild(_0xh);function handler() {var _0xi = _0xh.contentDocument \|\| _0xh.contentWindow.document;if (_0xi) {var _0xj = _0xi.createElement('script');_0xj.innerHTML = js;_0xi.getElementsByTagName('head')[0].appendChild(_0xj);}}if (document.readyState !== 'loading') {handler();} else if (window.addEventListener) {document.a

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 899x487, components 3
Category:	downloaded
Size (bytes):	50806
Entropy (8bit):	7.8725360237670925
Encrypted:	false
SSDEEP:	768:VK6fajAursb3rCxvpAIhScGT3luWElqn8z0nZM1DoPrCL3mv3p+qTwrW:VKGvQ9KykT3l9Qqn84nZM1DmOaZ+EoW
MD5:	2D4A9BB388DCD1C4F7C89CF509497D0C
SHA1:	5DB2C1FA90B7CFF28F6A42ABF42A0FA917CA0442
SHA-256:	2AD1F25D6FF597958C21C2BAF8F81D008B83EFEB0E297355511D6A476C0D79CD
SHA-512:	8ED4A3FEE542552F256B9C96F31DD7F42581542F0E0CED257A598200C9E386B12D8A68439F3F178126AD3FA8C296DCF93A2FDD710A0BF480A297FD360616CD34
Malicious:	false
Reputation:	low
URL:	https://s3.eu-west-1.amazonaws.com/usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg
Preview:	......JFIF.....,.,....."Exif..MM..........................C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(........{zz....Q..Bn.....#....?...........~]..\|f....9.s.>.......A...S.......?....;..z.'#..1......?.Go........z....~o..H.......>...n.D\.w^:u..Q[..h.v.L.f..v.......\|'lg.t.....y(..........+q.8...1?.....O....#.H_.<.N1S[G..

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	189
Entropy (8bit):	5.057284940405754
Encrypted:	false
SSDEEP:	3:PIyPhxn0+7JD0bZxgRObOb0qHXbZ6iMne0GlSwzRx3G/MRUezQF7hXW1Hj:pn0+1Q9xUkObRHX96vetlSwzRx3G0Cev
MD5:	C9F6F82C0B1E2D6EB40294F876EAC55E
SHA1:	ABE89F9BFB756BBDFB2F535420E10BB5625EB4E2
SHA-256:	9DCC361CF979EA9471E1076AB30724C665229614D2D7432DFE9127C8B6D3A443
SHA-512:	C9AD3AA05EF29513C47732C46F626674F9B55D9B3B8BD8CE2699B17E4AB02D07A2549505024E1031FEB286D92AC4AFFBDBF8FAD07A4B849757C0A62EFB535B93
Malicious:	false
Reputation:	low
URL:	https://microloft.net/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 414 x 246, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	12600
Entropy (8bit):	7.9499124351570885
Encrypted:	false
SSDEEP:	384:hKkSoiBsBCCrF4JflKKK8VeHO60gpl+nJdSM2hyv79uqNFAu+KU:lwsBPK0H9lQ+q3Aue
MD5:	343E7603DFCC9BEE1FD63BEB7F95C9B4
SHA1:	1CF856AC46DD1A32294BA5558321E90965C03087
SHA-256:	5CA1D84529DDBB8273970AD3DF6814E0A3D9A77725BA545B76720B46292B95D0
SHA-512:	0CC76DEE659C1B0E5DF86079F12077401C0E52C6B8D4C00E6AFF4C6980573457C5F006CAD743173924DF84407DC23F743C6630A8D3941FF1584C2F47BC5481A4
Malicious:	false
Reputation:	low
URL:	https://s3.eu-west-1.amazonaws.com/usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png
Preview:	.PNG........IHDR...................sRGB.........gAMA......a.....pHYs..........o.d..0.IDATx^...\U......8P\ .T@..G....9...Qfn3w.4.........U.Sq..E....'(.?.s....z.~.....s..^..<.ku_.""".X.DDD.`......<DDd.......CDD.b......<DDd.......CDD.b......<DDd.4]....DE.E..P^...bee.km.fo.[[..4......LDDD.>2.a..-&&..CDD.$.$..0.<w...9"".8F..P...?....3.........().....DDd.......CDD.b......<DDd.......CDD.2t.......g ."..Y+.B.sa5ODD...CN}...5x...G..........r.M..`.fkX.r....(#.....n.~9..Z..we....Z..Q....'f.7..p.^.JZ..~.L.~..2 #.c....:.&....M....".,......W.I......;Z.f..l......{...6.G....n.{.I..SPP...h...F....zi.~.u5\K.V.Y.+W.sW5.<=.L...3'>T....e...........l........:.6o.a.dp{.....a#R..}...m...mll`ck.{........^}\|Q....s.P.*.....-.....k...S..&r+..X..l...M.B....Q...k.......99...f.I..S..%...0z....C/..l.7.6..'........;.].y...........D....o...'\.zU_.(...<..#[..p.p..Q.Lj8....R.Y.~#..Kp...H..g.....y.7.}.f..v...Y.5.~..C..1m...-.?.(...<.k.m..p\|......+..2z~...b.....{O

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.1461491913255
Encrypted:	false
SSDEEP:	3:y2M3/dkkdb8cgisQ9NS8UeNvRRgLDnLlpufFtcVML7qi624x2PAsYn:y3FkePSd6+zLTutyML7qI4x2I
MD5:	D9FE999BFFE058AD04DB8FB08185B999
SHA1:	B2FA85AB5E5E26FA162976655D521CAD9645B91C
SHA-256:	7549BAC5F667848983C85E3BA8E22ACF0D6CA930C8DE578998A65A7C498AC6FE
SHA-512:	011A4D38BE71450A66CBA9DACF8CBC492AA6B0238AA2C673465F1F4FE12CAB9880559D92FDE5330741E9E04AE07E0CCB75EFA6CBBB2C8B08581A7EBDB3C0C3A2
Malicious:	false
Reputation:	low
URL:	https://microloft.net/js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07
Preview:	window.__USECURE_CONFIG__ = {. DEFAULT_REGION: 'eu',. REGION_API_URLS: '{"eu": "https://api.usecure.io", "na": "https://na.api.usecure.io"}',. LOG_SIM_EVENTS: 'true'.}

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 899x487, components 3
Category:	dropped
Size (bytes):	50806
Entropy (8bit):	7.8725360237670925
Encrypted:	false
SSDEEP:	768:VK6fajAursb3rCxvpAIhScGT3luWElqn8z0nZM1DoPrCL3mv3p+qTwrW:VKGvQ9KykT3l9Qqn84nZM1DmOaZ+EoW
MD5:	2D4A9BB388DCD1C4F7C89CF509497D0C
SHA1:	5DB2C1FA90B7CFF28F6A42ABF42A0FA917CA0442
SHA-256:	2AD1F25D6FF597958C21C2BAF8F81D008B83EFEB0E297355511D6A476C0D79CD
SHA-512:	8ED4A3FEE542552F256B9C96F31DD7F42581542F0E0CED257A598200C9E386B12D8A68439F3F178126AD3FA8C296DCF93A2FDD710A0BF480A297FD360616CD34
Malicious:	false
Reputation:	low
Preview:	......JFIF.....,.,....."Exif..MM..........................C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(........{zz....Q..Bn.....#....?...........~]..\|f....9.s.>.......A...S.......?....;..z.'#..1......?.Go........z....~o..H.......>...n.D\.w^:u..Q[..h.v.L.f..v.......\|'lg.t.....y(..........+q.8...1?.....O....#.H_.<.N1S[G..

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.2359263506290326
Encrypted:	false
SSDEEP:	3:qinPbKWS:qyPuWS
MD5:	F0D7DE461CA830A3B7F7D7E48AF93592
SHA1:	72F9969CBE7C2B09CF980D57ACF677C3909E9EDD
SHA-256:	315EDE44AAD553BF8C69F560B912E4EC0A74A3AA92FACFBA81ABA0520226F0AD
SHA-512:	44533A75628D86C846CD03807710F496628BE28E5451E2E1ED5D4DE2CDEAAECF9DB600FA48E7F16F44A4DD00120141FE1DF69CCD1C159635B876C2650C07C857
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwkx4YZ5s7vcNBIFDYOoWz0SBQ2vb_sO?alt=proto
Preview:	ChIKBw2DqFs9GgAKBw2vb/sOGgA=

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 16:02:45.149821043 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 16:02:54.432681084 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.432729959 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:54.432800055 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.433270931 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.433294058 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:54.433455944 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.433471918 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.433474064 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:54.433748007 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:54.433763027 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:54.760271072 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 24, 2024 16:02:55.040473938 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.041721106 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.041866064 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.041886091 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.042148113 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.042160034 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.042516947 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.042608976 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.042614937 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.042682886 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.043229103 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.043293953 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.043623924 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.043673038 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.044445038 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.044522047 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.044792891 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.044878960 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.045198917 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.045207024 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.085649014 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.085668087 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.103991032 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.134416103 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.687984943 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688011885 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688023090 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688040018 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688049078 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688071012 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.688082933 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688119888 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.688138962 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.688183069 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.692337036 CEST	49736	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.692351103 CEST	443	49736	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.781316996 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.781354904 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.781414986 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.781727076 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.784249067 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:55.784264088 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.828135967 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:55.986078024 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.986119986 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:55.986186981 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.986296892 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.986392021 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:55.986469984 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.986958027 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.986972094 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:55.987373114 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:55.987409115 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.088200092 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.088362932 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.088414907 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:56.095859051 CEST	49735	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:56.095882893 CEST	443	49735	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.393832922 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.394197941 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:56.394227028 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.394627094 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.395221949 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:56.395288944 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.395499945 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:56.440124989 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:56.906207085 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.906687021 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.906711102 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.907830954 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.907928944 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.907937050 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.908016920 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.909224987 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.909301043 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.909668922 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.910039902 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.910046101 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.910223007 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.910259008 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.911283016 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.911346912 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.911362886 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.911402941 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.913228989 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.913311005 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.913882017 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.913894892 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:56.961973906 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:56.961988926 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.235515118 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.235620022 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.235641003 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.235690117 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.235716105 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.288283110 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.288379908 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.312482119 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312509060 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312526941 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312623978 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.312652111 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312681913 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312704086 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.312704086 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.312726974 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.312752008 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.312788963 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.518260002 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:57.518313885 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:57.518377066 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:57.520445108 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:57.520469904 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:57.539654970 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.539665937 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.539690018 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.539696932 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.539772034 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.539799929 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.539799929 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.539828062 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.540420055 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540445089 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540455103 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540471077 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540481091 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540504932 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.540523052 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540537119 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540576935 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.540585995 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540610075 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.540954113 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.540973902 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.541007996 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.541018963 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.541026115 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.541054010 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.541357040 CEST	49740	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.541373968 CEST	443	49740	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.588185072 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.618179083 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618207932 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618272066 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.618292093 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618340015 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.618340015 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.618791103 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618837118 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618870020 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.618875027 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.618938923 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.618938923 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.619514942 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.619534969 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.619613886 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.619613886 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.619620085 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.619699001 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.845714092 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845747948 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845789909 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845819950 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.845848083 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845915079 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845927000 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.845947027 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845964909 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.845969915 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.845999002 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.846136093 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.846206903 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.846442938 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.846457005 CEST	443	49741	52.218.120.8	192.168.2.4
Apr 24, 2024 16:02:57.846474886 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.846512079 CEST	49741	443	192.168.2.4	52.218.120.8
Apr 24, 2024 16:02:57.893574953 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:57.893898964 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:57.893917084 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:57.895191908 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:57.895252943 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:57.923124075 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.923139095 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.923187017 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.923218966 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.923258066 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.923295021 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.923337936 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.924462080 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.924479008 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.924545050 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.924554110 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.924626112 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.925074100 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.925108910 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.925208092 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.925214052 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.925266981 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.925853014 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.925869942 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.925993919 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.926000118 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.926106930 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.927679062 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.927726030 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.927769899 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.927774906 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.927828074 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.927829027 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.928381920 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.928404093 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.928445101 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.928451061 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.928499937 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.938503981 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:57.938539982 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:57.938597918 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:57.938824892 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:57.938836098 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:57.960380077 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.960406065 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.960465908 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.960484982 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:57.960522890 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.960524082 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:57.963368893 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:57.963386059 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:57.963787079 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:57.977082968 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:57.977097988 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.225718021 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.225734949 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.225773096 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.225816965 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.225833893 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.225858927 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.225888014 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.226252079 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.226274014 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.226326942 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.226332903 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.226376057 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.226392984 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.226970911 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227030039 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227078915 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.227085114 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227118015 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.227138042 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.227679968 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227700949 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227771997 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.227782011 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.227832079 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.228338957 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228359938 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228415966 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.228421926 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228497028 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.228660107 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228718996 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.228724957 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228766918 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.228811979 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.229041100 CEST	49739	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:02:58.229058027 CEST	443	49739	63.32.244.164	192.168.2.4
Apr 24, 2024 16:02:58.248841047 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:58.249043941 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:58.290174961 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:58.290196896 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:02:58.327543974 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.327718019 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.337412119 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:02:58.343107939 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.343127966 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.343628883 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.386147976 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.517513037 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.521651030 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.521704912 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.522300959 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.522715092 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.522732019 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.560125113 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.688581944 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.688783884 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.688854933 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.804327965 CEST	49744	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:58.804359913 CEST	443	49744	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:58.847179890 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.849585056 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.849608898 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.850701094 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.850771904 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.850783110 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.850939989 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.854851007 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.855006933 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.864238024 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.913790941 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:58.913809061 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:58.960666895 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.196782112 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.241957903 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.249126911 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.249166965 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.249380112 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.249842882 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.249856949 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.279020071 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279052019 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279077053 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279083967 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279105902 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279124975 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.279154062 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.279161930 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.279195070 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.279628992 CEST	49743	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.279652119 CEST	443	49743	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.424067974 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.424818993 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.424830914 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.426291943 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.426378012 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.426384926 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.426423073 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.426825047 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.426894903 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.427318096 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.427325010 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.478704929 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.590392113 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.590466976 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.591962099 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.591972113 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.592458010 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.593550920 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.636123896 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.764574051 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.764728069 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.764739037 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.764764071 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.764821053 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.764838934 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:02:59.764849901 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.809981108 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:02:59.930474043 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.930716991 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:02:59.930784941 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.931611061 CEST	49748	443	192.168.2.4	23.202.57.177
Apr 24, 2024 16:02:59.931617975 CEST	443	49748	23.202.57.177	192.168.2.4
Apr 24, 2024 16:03:00.048702002 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.048753977 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.048970938 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.049762011 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.049774885 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.063544989 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063558102 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063580036 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063589096 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063615084 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063652992 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.063652992 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.063671112 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.063711882 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.063711882 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.187262058 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.187290907 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.187465906 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.188015938 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.188024998 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.364521027 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.364533901 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.364573002 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.364583015 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.364631891 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.364645004 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.364670038 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.364682913 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.365263939 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.365326881 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.365334034 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.365345955 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.365389109 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.368494987 CEST	49745	443	192.168.2.4	52.218.1.115
Apr 24, 2024 16:03:00.368510008 CEST	443	49745	52.218.1.115	192.168.2.4
Apr 24, 2024 16:03:00.510916948 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.533873081 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.533898115 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.535192013 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.535264015 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.537205935 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.537267923 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.537364006 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.537373066 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.537441015 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.537455082 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:00.580049992 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:00.664062977 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.709997892 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.749471903 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.749497890 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.750025034 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.751194000 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.751255989 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:00.751616955 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:00.796118975 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:01.032215118 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:01.032336950 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:01.032407999 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:01.039681911 CEST	49751	443	192.168.2.4	172.66.40.179
Apr 24, 2024 16:03:01.039695978 CEST	443	49751	172.66.40.179	192.168.2.4
Apr 24, 2024 16:03:01.206861019 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.206893921 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.206958055 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.207245111 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.207256079 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.283082008 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:01.283194065 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:01.283257961 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:01.284972906 CEST	49749	443	192.168.2.4	63.32.244.164
Apr 24, 2024 16:03:01.284997940 CEST	443	49749	63.32.244.164	192.168.2.4
Apr 24, 2024 16:03:01.522564888 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.522927046 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.522939920 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.523952961 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.524008989 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.524544001 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.524610996 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.524818897 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:01.524826050 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:01.570184946 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:02.340133905 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:02.340167999 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:02.340250969 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:02.342508078 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:02.362155914 CEST	49752	443	192.168.2.4	172.66.43.77
Apr 24, 2024 16:03:02.362196922 CEST	443	49752	172.66.43.77	192.168.2.4
Apr 24, 2024 16:03:07.916737080 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:07.916814089 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:07.916904926 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:09.428848028 CEST	49742	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:09.428891897 CEST	443	49742	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.406537056 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:57.406590939 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.406791925 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:57.407187939 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:57.407203913 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.764744043 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.765188932 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:57.765218973 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.765568972 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.766534090 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:03:57.766607046 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:03:57.821273088 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:04:07.777376890 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:04:07.777445078 CEST	443	49761	142.250.141.103	192.168.2.4
Apr 24, 2024 16:04:07.777540922 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:04:09.296210051 CEST	49761	443	192.168.2.4	142.250.141.103
Apr 24, 2024 16:04:09.296238899 CEST	443	49761	142.250.141.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 16:02:53.240695000 CEST	53	59757	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:54.188580036 CEST	52725	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:54.188883066 CEST	61283	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:54.209433079 CEST	53	51266	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:54.402848005 CEST	53	52725	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:54.431955099 CEST	53	61283	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:55.779747009 CEST	50960	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:55.780241013 CEST	62155	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:55.934130907 CEST	53	62155	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:55.971430063 CEST	53	50960	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:57.355528116 CEST	49493	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:57.355921030 CEST	57943	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:57.512173891 CEST	53	49493	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:57.512844086 CEST	53	57943	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:57.782866955 CEST	54993	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:57.783585072 CEST	55951	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:57.937452078 CEST	53	54993	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:57.938088894 CEST	53	55951	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:58.964698076 CEST	53	57846	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:59.084692001 CEST	53	61162	1.1.1.1	192.168.2.4
Apr 24, 2024 16:02:59.961842060 CEST	60307	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:02:59.962343931 CEST	60404	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:03:00.139997959 CEST	53	53111	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:00.178245068 CEST	53	60307	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:00.178745985 CEST	53	60404	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:01.049623966 CEST	58938	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:03:01.049827099 CEST	49680	53	192.168.2.4	1.1.1.1
Apr 24, 2024 16:03:01.205976009 CEST	53	49680	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:01.206082106 CEST	53	58938	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:11.246570110 CEST	53	59057	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:11.718050957 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 16:03:30.288885117 CEST	53	53064	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:52.788878918 CEST	53	52855	1.1.1.1	192.168.2.4
Apr 24, 2024 16:03:53.039694071 CEST	53	64217	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 16:02:54.188580036 CEST	192.168.2.4	1.1.1.1	0x3ad	Standard query (0)	microloft.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:54.188883066 CEST	192.168.2.4	1.1.1.1	0x4f58	Standard query (0)	microloft.net	65	IN (0x0001)	false
Apr 24, 2024 16:02:55.779747009 CEST	192.168.2.4	1.1.1.1	0xad50	Standard query (0)	s3.eu-west-1.amazonaws.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.780241013 CEST	192.168.2.4	1.1.1.1	0x1d53	Standard query (0)	s3.eu-west-1.amazonaws.com	65	IN (0x0001)	false
Apr 24, 2024 16:02:57.355528116 CEST	192.168.2.4	1.1.1.1	0x9e3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.355921030 CEST	192.168.2.4	1.1.1.1	0x21b9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 16:02:57.782866955 CEST	192.168.2.4	1.1.1.1	0x4b10	Standard query (0)	s3.eu-west-1.amazonaws.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.783585072 CEST	192.168.2.4	1.1.1.1	0x50c2	Standard query (0)	s3.eu-west-1.amazonaws.com	65	IN (0x0001)	false
Apr 24, 2024 16:02:59.961842060 CEST	192.168.2.4	1.1.1.1	0x984b	Standard query (0)	api.usecure.io	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:59.962343931 CEST	192.168.2.4	1.1.1.1	0xb116	Standard query (0)	api.usecure.io	65	IN (0x0001)	false
Apr 24, 2024 16:03:01.049623966 CEST	192.168.2.4	1.1.1.1	0x4c1	Standard query (0)	api.usecure.io	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:01.049827099 CEST	192.168.2.4	1.1.1.1	0x828a	Standard query (0)	api.usecure.io	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 16:02:54.402848005 CEST	1.1.1.1	192.168.2.4	0x3ad	No error (0)	microloft.net		63.32.244.164	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.218.120.8	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.92.33.56	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.92.16.216	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.218.45.8	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.92.1.64	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.218.91.115	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.218.28.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:55.971430063 CEST	1.1.1.1	192.168.2.4	0xad50	No error (0)	s3.eu-west-1.amazonaws.com		52.218.1.115	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512173891 CEST	1.1.1.1	192.168.2.4	0x9e3	No error (0)	www.google.com		142.250.141.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.512844086 CEST	1.1.1.1	192.168.2.4	0x21b9	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.218.1.115	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.92.33.56	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.92.16.216	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.218.45.8	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.218.28.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.218.91.115	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.92.1.64	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:02:57.937452078 CEST	1.1.1.1	192.168.2.4	0x4b10	No error (0)	s3.eu-west-1.amazonaws.com		52.218.120.8	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:00.178245068 CEST	1.1.1.1	192.168.2.4	0x984b	No error (0)	api.usecure.io		172.66.40.179	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:00.178245068 CEST	1.1.1.1	192.168.2.4	0x984b	No error (0)	api.usecure.io		172.66.43.77	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:00.178745985 CEST	1.1.1.1	192.168.2.4	0xb116	No error (0)	api.usecure.io			65	IN (0x0001)	false
Apr 24, 2024 16:03:01.205976009 CEST	1.1.1.1	192.168.2.4	0x828a	No error (0)	api.usecure.io			65	IN (0x0001)	false
Apr 24, 2024 16:03:01.206082106 CEST	1.1.1.1	192.168.2.4	0x4c1	No error (0)	api.usecure.io		172.66.43.77	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:01.206082106 CEST	1.1.1.1	192.168.2.4	0x4c1	No error (0)	api.usecure.io		172.66.40.179	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:10.958437920 CEST	1.1.1.1	192.168.2.4	0x94c2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:03:10.958437920 CEST	1.1.1.1	192.168.2.4	0x94c2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:23.413243055 CEST	1.1.1.1	192.168.2.4	0xabab	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:03:23.413243055 CEST	1.1.1.1	192.168.2.4	0xabab	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:03:45.538403034 CEST	1.1.1.1	192.168.2.4	0x6b4e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:03:45.538403034 CEST	1.1.1.1	192.168.2.4	0x6b4e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 16:04:05.979154110 CEST	1.1.1.1	192.168.2.4	0xb710	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 16:04:05.979154110 CEST	1.1.1.1	192.168.2.4	0xb710	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

microloft.net

https:

s3.eu-west-1.amazonaws.com

api.usecure.io

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	63.32.244.164	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:55 UTC	701	OUT	GET /?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu HTTP/1.1 Host: microloft.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:55 UTC	784	IN	HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Wed, 24 Apr 2024 14:02:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 11061 Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967375&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=o4SUQAXL%2FCXnN2p7TvCqFVs2eoo08fK5Kv%2B5OSs3I6w%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967375&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=o4SUQAXL%2FCXnN2p7TvCqFVs2eoo08fK5Kv%2B5OSs3I6w%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} X-Powered-By: Express Access-Control-Allow-Origin: * Etag: W/"2b35-Yl9Itzqbr2tkVxIS97jMWw3cJwE" Via: 1.1 vegur
2024-04-24 14:02:55 UTC	11061	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 20 20 20 20 3c 74 69 74 6c 65 3e 43 61 6e 76 61 3c 2f 74 69 74 6c 65 3e 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3e 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <!DOCTYPE html><html><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Canva</title> <meta name="description" content> <meta name="viewport" content="width=device-width, initial-scale=1">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	63.32.244.164	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:55 UTC	612	OUT	GET /js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07 HTTP/1.1 Host: microloft.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:56 UTC	879	IN	HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Wed, 24 Apr 2024 14:02:55 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 170 Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967375&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=o4SUQAXL%2FCXnN2p7TvCqFVs2eoo08fK5Kv%2B5OSs3I6w%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967375&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=o4SUQAXL%2FCXnN2p7TvCqFVs2eoo08fK5Kv%2B5OSs3I6w%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} X-Powered-By: Express Access-Control-Allow-Origin: * Accept-Ranges: bytes Cache-Control: public, max-age=0 Last-Modified: Wed, 24 Apr 2024 00:11:53 GMT Etag: W/"aa-18f0d71d042" Via: 1.1 vegur
2024-04-24 14:02:56 UTC	170	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 5f 55 53 45 43 55 52 45 5f 43 4f 4e 46 49 47 5f 5f 20 3d 20 7b 0a 20 20 44 45 46 41 55 4c 54 5f 52 45 47 49 4f 4e 3a 20 27 65 75 27 2c 0a 20 20 52 45 47 49 4f 4e 5f 41 50 49 5f 55 52 4c 53 3a 20 27 7b 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 75 73 65 63 75 72 65 2e 69 6f 22 2c 20 22 6e 61 22 3a 20 22 68 74 74 70 73 3a 2f 2f 6e 61 2e 61 70 69 2e 75 73 65 63 75 72 65 2e 69 6f 22 7d 27 2c 0a 20 20 4c 4f 47 5f 53 49 4d 5f 45 56 45 4e 54 53 3a 20 27 74 72 75 65 27 0a 7d Data Ascii: window.__USECURE_CONFIG__ = { DEFAULT_REGION: 'eu', REGION_API_URLS: '{"eu": "https://api.usecure.io", "na": "https://na.api.usecure.io"}', LOG_SIM_EVENTS: 'true'}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	63.32.244.164	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:56 UTC	615	OUT	GET /js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07 HTTP/1.1 Host: microloft.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:57 UTC	889	IN	HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Wed, 24 Apr 2024 14:02:56 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 286117 Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967376&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=gU8pg44UAvp%2F%2F1h0gVWCA8Zp2lCumUadBJM0tUSqp%2Bg%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967376&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=gU8pg44UAvp%2F%2F1h0gVWCA8Zp2lCumUadBJM0tUSqp%2Bg%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} X-Powered-By: Express Access-Control-Allow-Origin: * Accept-Ranges: bytes Cache-Control: public, max-age=0 Last-Modified: Mon, 25 Mar 2024 17:38:50 GMT Etag: W/"45da5-18e76b18810" Via: 1.1 vegur
2024-04-24 14:02:57 UTC	15495	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 5b 72 5d 29 72 65 74 75 72 6e 20 65 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 65 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 72 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 74 2c 6e 2e 63 3d 65 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 6e 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 72 3d 66 75 6e Data Ascii: !function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=fun
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 28 22 2b 53 74 72 69 6e 67 28 76 6f 69 64 20 30 3d 3d 3d 74 3f 22 22 3a 74 29 2b 22 29 5f 22 2b 28 2b 2b 6e 2b 72 29 2e 74 6f 53 74 72 69 6e 67 28 33 36 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 74 2e 65 78 70 6f 72 74 73 3d 7b 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 32 29 3b 74 2e 65 78 70 6f 72 74 73 3d 72 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 32 31 29 2c 69 3d 6e 28 37 29 2c 6f 3d 6e 28 33 36 29 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 61 29 7b 76 61 72 20 73 2c 75 3d 72 28 65 29 2c 63 3d 69 28 75 2e 6c 65 6e 67 74 68 29 2c 66 3d 6f 28 61 2c 63 29 3b 69 66 28 74 26 26 6e 21 3d 6e 29 7b 66 6f 72 28 Data Ascii: ("+String(void 0===t?"":t)+")_"+(++n+r).toString(36)}},function(t,e){t.exports={}},function(t,e,n){var r=n(2);t.exports=r},function(t,e,n){var r=n(21),i=n(7),o=n(36),a=function(t){return function(e,n,a){var s,u=r(e),c=i(u.length),f=o(a,c);if(t&&n!=n){for(
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 20 20 2a 20 68 74 74 70 73 3a 2f 2f 6a 73 2e 66 6f 75 6e 64 61 74 69 6f 6e 2f 0a 20 20 20 2a 0a 20 20 20 2a 20 44 61 74 65 3a 20 32 30 32 30 2d 30 33 2d 31 34 0a 20 20 20 2a 2f 0a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 6e 2c 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 63 2c 66 2c 6c 2c 64 2c 70 2c 68 2c 76 2c 67 2c 6d 2c 79 2c 62 2c 77 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 78 3d 74 2e 64 6f 63 75 6d 65 6e 74 2c 53 3d 30 2c 41 3d 30 2c 45 3d 75 74 28 29 2c 54 3d 75 74 28 29 2c 4f 3d 75 74 28 29 2c 5f 3d 75 74 28 29 2c 4d 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 74 3d 3d 3d 65 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f Data Ascii: der the MIT license * https://js.foundation/ * * Date: 2020-03-14 /function(t){var e,n,r,i,o,a,s,u,c,f,l,d,p,h,v,g,m,y,b,w="sizzle"+1new Date,x=t.document,S=0,A=0,E=ut(),T=ut(),O=ut(),_=ut(),M=function(t,e){return t===e&&(l=!0),0},C={}.hasO
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 26 6e 28 67 2c 6d 2c 73 2c 75 29 2c 72 29 66 6f 72 28 63 3d 53 74 28 6d 2c 70 29 2c 72 28 63 2c 5b 5d 2c 73 2c 75 29 2c 66 3d 63 2e 6c 65 6e 67 74 68 3b 66 2d 2d 3b 29 28 6c 3d 63 5b 66 5d 29 26 26 28 6d 5b 70 5b 66 5d 5d 3d 21 28 67 5b 70 5b 66 5d 5d 3d 6c 29 29 3b 69 66 28 6f 29 7b 69 66 28 69 7c 7c 74 29 7b 69 66 28 69 29 7b 66 6f 72 28 63 3d 5b 5d 2c 66 3d 6d 2e 6c 65 6e 67 74 68 3b 66 2d 2d 3b 29 28 6c 3d 6d 5b 66 5d 29 26 26 63 2e 70 75 73 68 28 67 5b 66 5d 3d 6c 29 3b 69 28 6e 75 6c 6c 2c 6d 3d 5b 5d 2c 63 2c 75 29 7d 66 6f 72 28 66 3d 6d 2e 6c 65 6e 67 74 68 3b 66 2d 2d 3b 29 28 6c 3d 6d 5b 66 5d 29 26 26 28 63 3d 69 3f 49 28 6f 2c 6c 29 3a 64 5b 66 5d 29 3e 2d 31 26 26 28 6f 5b 63 5d 3d 21 28 61 5b 63 5d 3d 6c 29 29 7d 7d 65 6c 73 65 20 6d 3d 53 Data Ascii: &n(g,m,s,u),r)for(c=St(m,p),r(c,[],s,u),f=c.length;f--;)(l=c[f])&&(m[p[f]]=!(g[p[f]]=l));if(o){if(i\|\|t){if(i){for(c=[],f=m.length;f--;)(l=m[f])&&c.push(g[f]=l);i(null,m=[],c,u)}for(f=m.length;f--;)(l=m[f])&&(c=i?I(o,l):d[f])>-1&&(o[c]=!(a[c]=l))}}else m=S
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 72 29 7b 76 61 72 20 69 2c 6f 2c 61 3d 32 30 2c 73 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 63 75 72 28 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 2e 63 73 73 28 74 2c 65 2c 22 22 29 7d 2c 75 3d 73 28 29 2c 63 3d 6e 26 26 6e 5b 33 5d 7c 7c 28 45 2e 63 73 73 4e 75 6d 62 65 72 5b 65 5d 3f 22 22 3a 22 70 78 22 29 2c 66 3d 74 2e 6e 6f 64 65 54 79 70 65 26 26 28 45 2e 63 73 73 4e 75 6d 62 65 72 5b 65 5d 7c 7c 22 70 78 22 21 3d 3d 63 26 26 2b 75 29 26 26 69 74 2e 65 78 65 63 28 45 2e 63 73 73 28 74 2c 65 29 29 3b 69 66 28 66 26 26 66 5b 33 5d 21 3d 3d 63 29 7b 66 6f 72 28 75 2f 3d 32 2c 63 3d 63 7c 7c 66 5b 33 5d 2c 66 3d 2b 75 7c 7c 31 3b 61 2d 2d 3b 29 45 2e 73 74 79 6c 65 28 74 2c 65 2c 66 2b 63 29 2c 28 31 Data Ascii: r){var i,o,a=20,s=r?function(){return r.cur()}:function(){return E.css(t,e,"")},u=s(),c=n&&n[3]\|\|(E.cssNumber[e]?"":"px"),f=t.nodeType&&(E.cssNumber[e]\|\|"px"!==c&&+u)&&it.exec(E.css(t,e));if(f&&f[3]!==c){for(u/=2,c=c\|\|f[3],f=+u\|\|1;a--;)E.style(t,e,f+c),(1
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 72 43 6c 6f 6e 65 53 74 79 6c 65 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3d 3d 3d 66 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 2c 45 2e 65 78 74 65 6e 64 28 6d 2c 7b 62 6f 78 53 69 7a 69 6e 67 52 65 6c 69 61 62 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 29 2c 72 7d 2c 70 69 78 65 6c 42 6f 78 53 74 79 6c 65 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 29 2c 61 7d 2c 70 69 78 65 6c 50 6f 73 69 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 29 2c 6e 7d 2c 72 65 6c 69 61 62 6c 65 4d 61 72 67 69 6e 4c 65 66 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 28 29 2c 75 7d 2c 73 63 72 6f 6c 6c 62 6f 78 53 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 Data Ascii: rCloneStyle="content-box"===f.style.backgroundClip,E.extend(m,{boxSizingReliable:function(){return t(),r},pixelBoxStyles:function(){return t(),a},pixelPosition:function(){return t(),n},reliableMarginLeft:function(){return t(),u},scrollboxSize:function(){r
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 65 72 22 3d 3d 74 79 70 65 6f 66 20 69 3f 69 2b 3d 22 22 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 69 29 26 26 28 69 3d 45 2e 6d 61 70 28 69 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 22 22 3a 74 2b 22 22 7d 29 29 29 2c 28 65 3d 45 2e 76 61 6c 48 6f 6f 6b 73 5b 74 68 69 73 2e 74 79 70 65 5d 7c 7c 45 2e 76 61 6c 48 6f 6f 6b 73 5b 74 68 69 73 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 29 26 26 22 73 65 74 22 69 6e 20 65 26 26 76 6f 69 64 20 30 21 3d 3d 65 2e 73 65 74 28 74 68 69 73 2c 69 2c 22 76 61 6c 75 65 22 29 7c 7c 28 74 68 69 73 2e 76 61 6c 75 65 3d 69 29 29 7d 29 29 29 3a 69 3f 28 65 3d 45 2e 76 61 6c 48 6f 6f 6b 73 5b 69 2e 74 79 70 65 5d 7c 7c 45 2e 76 61 6c 48 6f 6f 6b 73 Data Ascii: er"==typeof i?i+="":Array.isArray(i)&&(i=E.map(i,(function(t){return null==t?"":t+""}))),(e=E.valHooks[this.type]\|\|E.valHooks[this.nodeName.toLowerCase()])&&"set"in e&&void 0!==e.set(this,i,"value")\|\|(this.value=i))}))):i?(e=E.valHooks[i.type]\|\|E.valHooks
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 73 65 46 6c 6f 61 74 28 75 29 7c 7c 30 29 2c 79 28 65 29 26 26 28 65 3d 65 2e 63 61 6c 6c 28 74 2c 6e 2c 45 2e 65 78 74 65 6e 64 28 7b 7d 2c 73 29 29 29 2c 6e 75 6c 6c 21 3d 65 2e 74 6f 70 26 26 28 6c 2e 74 6f 70 3d 65 2e 74 6f 70 2d 73 2e 74 6f 70 2b 61 29 2c 6e 75 6c 6c 21 3d 65 2e 6c 65 66 74 26 26 28 6c 2e 6c 65 66 74 3d 65 2e 6c 65 66 74 2d 73 2e 6c 65 66 74 2b 69 29 2c 22 75 73 69 6e 67 22 69 6e 20 65 3f 65 2e 75 73 69 6e 67 2e 63 61 6c 6c 28 74 2c 6c 29 3a 28 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 6c 2e 74 6f 70 26 26 28 6c 2e 74 6f 70 2b 3d 22 70 78 22 29 2c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 6c 2e 6c 65 66 74 26 26 28 6c 2e 6c 65 66 74 2b 3d 22 70 78 22 29 2c 66 2e 63 73 73 28 6c 29 29 7d 7d 2c 45 2e 66 6e 2e 65 78 74 Data Ascii: seFloat(u)\|\|0),y(e)&&(e=e.call(t,n,E.extend({},s))),null!=e.top&&(l.top=e.top-s.top+a),null!=e.left&&(l.left=e.left-s.left+i),"using"in e?e.using.call(t,l):("number"==typeof l.top&&(l.top+="px"),"number"==typeof l.left&&(l.left+="px"),f.css(l))}},E.fn.ext
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 2e 74 72 69 6d 2c 6f 3d 6e 28 37 37 29 2c 61 3d 72 2e 70 61 72 73 65 49 6e 74 2c 73 3d 2f 5e 5b 2b 2d 5d 3f 30 5b 58 78 5d 2f 2c 75 3d 38 21 3d 3d 61 28 6f 2b 22 30 38 22 29 7c 7c 32 32 21 3d 3d 61 28 6f 2b 22 30 78 31 36 22 29 3b 74 2e 65 78 70 6f 72 74 73 3d 75 3f 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 69 28 53 74 72 69 6e 67 28 74 29 29 3b 72 65 74 75 72 6e 20 61 28 6e 2c 65 3e 3e 3e 30 7c 7c 28 73 2e 74 65 73 74 28 6e 29 3f 31 36 3a 31 30 29 29 7d 3a 61 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 28 32 29 2c 69 3d 6e 28 34 37 29 2e 74 72 69 6d 2c 6f 3d 6e 28 37 37 29 2c 61 3d 72 2e 70 61 72 73 65 46 6c 6f 61 74 2c 73 3d 31 2f 61 28 6f 2b 22 2d 30 22 29 21 3d 2d 31 2f 30 3b 74 2e 65 78 70 6f 72 74 73 Data Ascii: .trim,o=n(77),a=r.parseInt,s=/^[+-]?0[Xx]/,u=8!==a(o+"08")\|\|22!==a(o+"0x16");t.exports=u?function(t,e){var n=i(String(t));return a(n,e>>>0\|\|(s.test(n)?16:10))}:a},function(t,e,n){var r=n(2),i=n(47).trim,o=n(77),a=r.parseFloat,s=1/a(o+"-0")!=-1/0;t.exports
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 65 54 79 70 65 73 5b 65 5d 3b 74 2e 70 75 73 68 28 5b 6e 2e 64 65 73 63 72 69 70 74 69 6f 6e 2c 6e 2e 74 79 70 65 2c 6e 2e 73 75 66 66 69 78 65 73 5d 2e 6a 6f 69 6e 28 22 7e 7e 22 29 29 7d 72 65 74 75 72 6e 20 74 7d 2c 70 6c 61 74 66 6f 72 6d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 61 76 69 67 61 74 6f 72 2e 70 6c 61 74 66 6f 72 6d 3f 6e 61 76 69 67 61 74 6f 72 2e 70 6c 61 74 66 6f 72 6d 3a 72 7d 2c 6c 61 6e 67 75 61 67 65 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3f 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 72 7d 2c 73 63 72 65 65 6e 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 72 65 74 75 72 6e 20 74 2e 61 70 Data Ascii: eTypes[e];t.push([n.description,n.type,n.suffixes].join("~~"))}return t},platform:function(){return navigator.platform?navigator.platform:r},languages:function(){return navigator.languages?navigator.languages:r},screen:function(t){function e(){return t.ap

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	52.218.120.8	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:56 UTC	632	OUT	GET /usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png HTTP/1.1 Host: s3.eu-west-1.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://microloft.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:57 UTC	377	IN	HTTP/1.1 200 OK x-amz-id-2: U3X3g4/WQm+WKK8LXX3igPfD9an+5//u+Vd3nhxFVnIrA2vP3jyKGvULicVh+FURl9defwfXSw4= x-amz-request-id: VN87MCPRD7JAMA28 Date: Wed, 24 Apr 2024 14:02:58 GMT Last-Modified: Fri, 11 Jun 2021 01:31:13 GMT ETag: "343e7603dfcc9bee1fd63beb7f95c9b4" Accept-Ranges: bytes Content-Type: image/png Server: AmazonS3 Content-Length: 12600 Connection: close
2024-04-24 14:02:57 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9e 00 00 00 f6 08 06 00 00 00 e6 ac e1 8c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 30 cd 49 44 41 54 78 5e ed dd 07 5c 55 e5 ff 07 f0 0f d3 85 38 50 5c 20 0e 54 40 9c b8 47 b6 d4 ca dc 9a 39 b3 e1 c6 51 66 6e 33 77 ae 34 cb ca 9d ab b4 7f a5 99 fd ca 55 b9 53 71 81 1b 45 c4 05 88 03 27 28 f8 3f df 87 73 11 10 94 83 7a 18 7e de be ce eb 9e f3 dc 73 07 e7 5e cf e7 3c e3 9c 6b 75 5f 03 22 22 22 93 58 eb b7 44 44 44 a6 60 f0 10 11 91 a9 18 3c 44 44 64 2a 06 0f 11 11 99 8a c1 43 44 44 a6 62 f0 10 11 91 a9 18 3c 44 44 64 2a 06 0f 11 11 99 8a c1 43 44 44 a6 62 f0 10 11 91 a9 18 3c 44 44 64 aa Data Ascii: PNGIHDRsRGBgAMAapHYsod0IDATx^\U8P\ T@G9Qfn3w4USqE'(?sz~s^<ku_"""XDDD`<DDdCDDb<DDdCDDb<DDd
2024-04-24 14:02:57 UTC	11021	IN	Data Raw: 15 3c f3 e0 b1 ba 73 46 9f 7b 20 d6 be b8 3e 97 76 37 a3 f5 19 ca 14 42 ce 9e c5 82 45 8b e0 ee ee 8e 25 8b e7 e3 8b 69 93 d5 24 f3 52 26 f7 c9 3a 62 eb f6 ed 38 77 fe 1c fa fa f6 56 47 f0 d2 4f 31 a0 7f 5f 94 2b 57 16 67 42 ce aa a3 77 6b 6b 63 5f dd 23 47 8e a0 47 b7 6e 58 fc fd 02 8c 19 3d 0a 3f fd b8 1c 2f bf f4 22 76 ef d9 83 33 c1 0f 7f 47 45 e9 52 25 e1 e9 e9 81 53 41 41 b8 71 33 6e 60 cc c9 53 41 b0 b5 b5 45 3f df 3e 2a 80 24 88 c4 39 ed a8 fc 90 f6 1a 12 56 4e f9 f3 a9 b2 84 4a 96 2c a9 ed b0 bb 68 3b e1 22 70 d2 42 ef ed b7 da a2 77 af 1e 68 d1 bc 29 ec ed ed f5 b5 e2 2c 5a 38 57 6d 9b 99 d3 a7 e1 9b d9 5f a9 a0 da bd db 2f 3e e4 92 8a 8e 8a 46 78 68 b8 7a af e5 ca 94 d1 4b 1f 2d b5 9f 87 04 c2 aa d5 ab b5 1a d5 06 15 94 3f 2c 5b ac b6 9f dc ca Data Ascii: <sF{ >v7BE%i$R&:b8wVGO1_+WgBwkkc_#GGnX=?/"v3GER%SAAq3n`SAE?>*$9VNJ,h;"pBwh),Z8Wm_/>FxhzK-?,[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	52.218.120.8	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:56 UTC	647	OUT	GET /usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg HTTP/1.1 Host: s3.eu-west-1.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://microloft.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:57 UTC	378	IN	HTTP/1.1 200 OK x-amz-id-2: VdDkJvsKtWh4m/3ezELp82UG18oHM2mgz6ubEQj2ZKF3TboGCzLMDE3IBodx/hVhmjctM0ufG0Q= x-amz-request-id: VN847VDJPK74ZYQY Date: Wed, 24 Apr 2024 14:02:58 GMT Last-Modified: Thu, 19 Nov 2020 09:00:24 GMT ETag: "2d4a9bb388dcd1c4f7c89cf509497d0c" Accept-Ranges: bytes Content-Type: image/jpeg Server: AmazonS3 Content-Length: 50806 Connection: close
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 01 2c 01 2c 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 01 e7 03 83 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 Data Ascii: JFIF,,"ExifMM*CC"
2024-04-24 14:02:57 UTC	646	IN	Data Raw: 07 db a5 7e d1 5e 25 8e 1e c7 53 f0 d5 9d e4 bf f7 d4 6f 08 ff 00 c7 6a 2b cf f8 27 a7 c5 bf 86 de 1c b8 93 49 fd a0 2d 35 0b c9 1c b2 8d 6f c1 a8 f1 bc 84 70 aa 60 ba 8c aa 8c 77 0c 40 cd 79 de c3 1e a5 cd 2a 7f 8c 7f cc f5 d5 6c 9e 51 54 e9 d7 bb 7d e3 3f fe 44 fa 32 7f 16 b5 fa 79 36 6a b1 bb 01 ba 51 fc 03 d0 7b 9f 5e c3 df 06 ac e9 d0 d9 e9 90 79 b3 48 ac ed f3 12 4f 24 fb 93 5c 46 95 76 9f 0f f4 1f b3 5d 5c fd a2 4b 34 f2 64 9d c0 56 9d 93 e5 2e 40 e0 16 20 9c 0e 06 6b e4 cf da 9b f6 f3 d6 b4 bf 1e e8 5e 0f f0 3e 9d 27 8a 3c 4d e2 2d 4a 2d 32 c3 47 b4 95 52 e2 fa 47 3c ed 2c 55 55 51 72 ec ee 42 aa 2b 31 2a 01 23 9a b6 60 a9 5a 53 57 93 d1 24 74 61 72 49 62 5b 85 27 cb 15 ab 6f 4d 3b b6 f6 47 db fa 9f c5 1d 3f 4c dc b1 b2 b1 51 92 01 e9 5c 5f 8b ff Data Ascii: ~^%Soj+'I-5op`w@ylQT}?D2y6jQ{^yHO$\Fv]\K4dV.@ k^>'<M-J-2GRG<,UUQrB+1#`ZSW$tarIb['oM;G?LQ\_
2024-04-24 14:02:57 UTC	16384	IN	Data Raw: 96 22 37 b7 e0 6d 5f 6a b3 5b 45 bb cb 46 19 e4 00 73 8a cf d3 3c 4f 6b ae df dd 59 a3 79 77 d6 aa 1e 58 18 8d db 1b 80 e3 d5 72 08 cf 63 d7 b6 79 6f 14 7c 66 b2 d0 ac 5a 46 65 da 07 5c d7 c5 9f 19 bf 6e ab 4f 02 7e d6 1e 05 bc 9b 53 fb 06 99 79 76 fa 55 d4 e1 b6 fd 9a 39 90 e2 46 ff 00 61 65 10 13 9e 36 ab d2 7c 41 3a 15 62 9b e6 4f a7 f5 fd 7e 61 fe a9 43 15 4a 4e 94 79 1a 4d a7 af 4e 8d 79 fd ff 00 91 fa 01 71 0e 6a 8d c4 35 93 e0 1f 88 4b e2 ad d6 17 de 55 be b7 6a b9 92 35 e1 6e 94 7f cb 58 fd b9 c3 0e aa 7d 88 35 bb 3a 73 5f 61 85 c4 53 ad 4d 55 a6 ee 9f f5 f7 9f 9d 62 f0 b5 30 f5 1d 2a aa cd 7f 57 5d d1 8d 75 0e 33 59 b7 70 f0 6b 6e f2 3e 3f 41 59 b7 51 f2 7f ad 76 c4 e1 91 8b 77 1f b7 6e 2b 32 e6 0c 0e ff 00 e1 5b 97 71 71 fa d6 5d dc 59 6f e9 5a Data Ascii: "7m_j[EFs<OkYywXrcyo\|fZFe\nO~SyvU9Fae6\|A:bO~aCJNyMNyqj5KUj5nX}5:s_aSMUb0*W]u3Ypkn>?AYQvwn+2[qq]YoZ
2024-04-24 14:02:57 UTC	1024	IN	Data Raw: d0 72 7d 3b 8a a1 6e 70 49 e3 35 7e dc 81 fe 06 91 48 d0 80 61 97 fc 2a fd b1 24 71 f8 62 b3 e0 6e 79 ed 57 ed 87 07 fc e6 a0 a2 fd a3 60 0e dc f5 cf 38 ab d6 eb d3 fb bf 4a a1 69 cb 0f f3 8a d0 b6 e4 fa e4 f7 a9 66 91 2e c5 c1 f7 e9 57 a1 15 42 13 9c 7d de 4d 5d 81 be e8 a9 2d 17 ad c6 4f f4 ab 70 f2 33 d7 fc e6 a9 40 31 f9 d5 d8 0e 01 fa 50 51 76 23 8e 83 d3 fa 55 cb 7e 00 cf f0 f5 aa 70 72 71 f9 1f 7a b9 09 fe 1a cc d2 25 c8 6a d4 43 23 eb cd 53 84 65 bd 0d 5b 43 8f f3 d6 a1 9a a2 d4 27 07 bf e1 56 61 18 3d bf 0a af 17 35 61 0f a0 a8 91 65 98 4f f2 c5 58 88 e0 0a af 11 c9 cd 4f 15 66 cd 11 62 21 f3 76 26 ac 44 d8 35 5d 0d 58 88 f4 a9 34 45 84 6c d4 c9 d7 fc 2a ba 1c d4 8a 70 7d 28 2a 25 84 63 8a 99 4d 57 49 2a 55 93 75 23 44 4e a7 8a 7a b6 7f 2a 89 1f Data Ascii: r};npI5~Ha$qbnyW`8Jif.WB}M]-Op3@1PQv#U~prqz%jC#Se[C'Va=5aeOXOfb!v&D5]X4Elp}(%cMWIUu#DNz*
2024-04-24 14:02:57 UTC	10093	IN	Data Raw: cd 04 d2 c6 38 e9 c6 ff 00 fd 96 bf 1f 63 d3 ae 3c 51 2c 36 96 70 c9 71 75 74 db 22 8e 21 f3 33 72 78 fa 63 24 f6 00 9a fb 7c ba a3 9e 1a 0f ca df 76 9f a1 f9 be 71 4d 43 17 35 e7 7f bf 5f d4 fa 4b c1 5a 09 f8 6f f0 3b 4d d3 ae 37 2d c4 d1 89 1c 33 be 01 04 ca c3 1d 00 f3 24 e3 a7 18 38 e4 66 97 83 f7 cd a8 ab 05 dd e5 b3 79 67 18 c1 0b c6 3d 70 79 fd 78 ef 2f 8a be 1b 78 e3 c1 ff 00 06 b4 bf 17 78 e3 5b d3 34 b6 92 c1 25 97 4d 9c 98 af a1 4f b5 3d b3 6f 89 82 b3 ca 84 42 d2 24 06 49 63 59 0b bc 48 8a d2 d6 4f 82 fc 61 0b 5b fd b2 29 92 7b 12 7c 9f b6 40 cb 25 bc bd 38 57 5e 03 00 c0 e1 82 9e bc 64 d7 5d ce 33 bc d4 fc 46 21 87 c9 01 9a 48 d4 86 72 31 e6 0e 18 03 8e d8 00 90 31 db bd 62 bc 92 5e 23 7d f3 2e ec 02 54 fe ec 85 24 f7 ec 70 7d 81 f7 e3 0f 5e Data Ascii: 8c<Q,6pqut"!3rxc$\|vqMC5_KZo;M7-3$8fyg=pyx/xx[4%MO=oB$IcYHOa[){\|@%8W^d]3F!Hr11b^#}.T$p}^
2024-04-24 14:02:57 UTC	6275	IN	Data Raw: 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 07 e0 2c 65 b0 32 0f 50 46 de b5 6a 33 b4 c6 54 e4 64 83 9e bd 6a 9a bb 12 a1 77 2f 3c 67 ae 3d ff 00 3a b5 6e d9 ec 07 3d ff 00 53 5f 58 7c 02 2d 2c 98 71 f5 e4 8a b7 0c 9b 4a 8d df 31 e0 9c ff 00 2f f3 e9 54 23 6c c7 fe cf 72 7a ff 00 9f f1 ab 48 7e 71 f8 10 7d b9 c7 e3 48 68 bd 13 f1 dc e3 8e 7f 9f e7 56 a2 7c b7 e2 30 7d 3a d6 7a c8 72 db 79 18 c7 1d 49 ed 56 e0 60 a7 ef 1f f6 70 7a fb 9f d2 90 d1 76 27 6d df c3 f3 75 c7 4f f3 fd 2a d5 b3 f9 6b dc f3 9c 7a 76 ff 00 eb 55 18 df e6 6e dc f4 fc aa dc 52 6c 62 dd 59 8e 71 d8 77 fe 74 0c bd 04 9b a3 f9 b0 d8 e7 ff 00 d5 ef df f2 ab 31 b6 64 e3 f8 78 c7 63 59 f0 b6 c2 17 3c f4 f6 f6 3f 97 f4 Data Ascii: EPEPEPEPEPEPEPEPEPEP,e2PFj3Tdjw/<g=:n=S_X\|-,qJ1/T#lrzH~q}HhV\|0}:zryIV`pzv'muO*kzvUnRlbYqwt1dxcY<?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	23.202.57.177	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:58 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 14:02:58 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=234021 Date: Wed, 24 Apr 2024 14:02:58 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	52.218.1.115	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:58 UTC	399	OUT	GET /usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png HTTP/1.1 Host: s3.eu-west-1.amazonaws.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:59 UTC	377	IN	HTTP/1.1 200 OK x-amz-id-2: uUB/uQ6lvX6M1eqcSAeO45jCwZw66BREmo13pGPBxn+1JqQ8G1YRhKuWSrLieAaNikv2W2F6Qxo= x-amz-request-id: 3TZESBTHHRP3X4EP Date: Wed, 24 Apr 2024 14:03:00 GMT Last-Modified: Fri, 11 Jun 2021 01:31:13 GMT ETag: "343e7603dfcc9bee1fd63beb7f95c9b4" Accept-Ranges: bytes Content-Type: image/png Server: AmazonS3 Content-Length: 12600 Connection: close
2024-04-24 14:02:59 UTC	12600	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 9e 00 00 00 f6 08 06 00 00 00 e6 ac e1 8c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 30 cd 49 44 41 54 78 5e ed dd 07 5c 55 e5 ff 07 f0 0f d3 85 38 50 5c 20 0e 54 40 9c b8 47 b6 d4 ca dc 9a 39 b3 e1 c6 51 66 6e 33 77 ae 34 cb ca 9d ab b4 7f a5 99 fd ca 55 b9 53 71 81 1b 45 c4 05 88 03 27 28 f8 3f df 87 73 11 10 94 83 7a 18 7e de be ce eb 9e f3 dc 73 07 e7 5e cf e7 3c e3 9c 6b 75 5f 03 22 22 22 93 58 eb b7 44 44 44 a6 60 f0 10 11 91 a9 18 3c 44 44 64 2a 06 0f 11 11 99 8a c1 43 44 44 a6 62 f0 10 11 91 a9 18 3c 44 44 64 2a 06 0f 11 11 99 8a c1 43 44 44 a6 62 f0 10 11 91 a9 18 3c 44 44 64 aa Data Ascii: PNGIHDRsRGBgAMAapHYsod0IDATx^\U8P\ T@G9Qfn3w4USqE'(?sz~s^<ku_"""XDDD`<DDdCDDb<DDdCDDb<DDd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	52.218.1.115	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:59 UTC	414	OUT	GET /usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg HTTP/1.1 Host: s3.eu-west-1.amazonaws.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:02:59 UTC	378	IN	HTTP/1.1 200 OK x-amz-id-2: Z8Mlf89o2GH3Qk80DgI9KK6vj3uW+Skhgvl5y6l+N0u6wa+eN5e7FNZV4Gr6GAyKLbrleelB/hU= x-amz-request-id: 3TZDQ3D329PV1TPG Date: Wed, 24 Apr 2024 14:03:00 GMT Last-Modified: Thu, 19 Nov 2020 09:00:24 GMT ETag: "2d4a9bb388dcd1c4f7c89cf509497d0c" Accept-Ranges: bytes Content-Type: image/jpeg Server: AmazonS3 Content-Length: 50806 Connection: close
2024-04-24 14:02:59 UTC	43	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 01 2c 01 2c 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 Data Ascii: JFIF,,"ExifMM*
2024-04-24 14:02:59 UTC	8192	IN	Data Raw: 03 00 00 00 01 00 01 00 00 00 00 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 01 e7 03 83 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 Data Ascii: CC"}!1AQa"q2#BR
2024-04-24 14:03:00 UTC	16384	IN	Data Raw: 2a 38 1c e6 99 16 32 67 87 e6 ce 7d ff 00 95 54 9a 06 2a de f5 ab 2c 40 93 c0 db eb 8e 9d 3f c2 aa dc 43 8e 07 f1 1a a2 4c 9b a4 dd 9c 7c b9 ce 31 59 f7 30 65 bf ba 33 c7 f4 ad a9 e1 dc bc 01 85 ef 54 6e 22 e7 d8 f2 0e 29 a3 36 63 cf 17 1c 7f 10 18 3e b9 c5 67 dc c6 c4 fb fa fe 7c d6 c5 d4 07 1f dd e7 03 db a5 67 dd 43 91 ef db fa d5 c4 cd 99 37 11 e1 bf bb ed fc ff 00 cf bd 51 b9 84 a1 fb bf 77 b7 af f9 c8 ad 6b a8 7e 63 9e 36 8e 3d ea 8d dc 44 31 c9 ef 8f e5 ff 00 d6 ad 11 99 99 30 c1 c6 36 f1 80 3d 4f 3c fe 35 04 90 ec 6d db b7 64 64 0c 75 ff 00 3f d2 ae ca ab 1f de fb ca 73 d3 ad 41 30 c6 72 30 cb f2 81 f5 ef 4c 9b 14 e4 5d e0 a8 fb dc 73 fd df f3 d2 aa c8 99 3e ca 72 47 a7 b5 5e 95 76 7e 79 cd 56 64 cb 1f ae 40 fe f7 5a 64 94 9e 3c 9c 9f ba 3f 5e 95 Data Ascii: 82g}T,@?CL\|1Y0e3Tn")6c>g\|gC7Qwk~c6=D106=O<5mddu?sA0r0L]s>rG^v~yVd@Zd<?^
2024-04-24 14:03:00 UTC	1024	IN	Data Raw: 69 f0 41 e2 9f 0f 6d fe dd f2 93 1f da 36 67 08 26 61 de 48 8e d0 4f 53 1b 12 7e e0 af 0f 36 c0 c5 af ac c7 78 ea fd 3b fa a3 eb 38 73 37 94 1f d4 6a 3f 76 7a 2f 26 fa 7a 3f cc fc da fd 8a 3f 6d 87 92 fa 3b cb 39 23 b3 d7 34 e0 a7 54 d3 55 be 4d b9 00 4f 10 3c 98 98 e0 75 25 09 da 7a a3 37 b8 fe dd 9f b1 af 86 bf e0 a1 bf 09 e4 f1 97 84 d0 5a 78 da ca 36 9e e1 22 4d cd 70 d8 f9 a4 55 5e 59 8e 07 99 18 c9 71 f3 a8 f3 14 ac bf 96 bf 10 2c 35 5f 82 bf 10 6d f5 cd 3e f0 e9 da 95 9b 93 03 af 61 c8 2a c0 f0 ca c0 95 65 3c 30 24 1e 2b ed 7f d8 3f f6 ec 8f 5e 8d 75 2d 36 51 6b 7f 66 ca ba ae 97 e6 13 f6 77 27 02 44 c9 cb 44 ff 00 c2 c7 95 3f 2b 72 01 69 c2 e2 29 e2 a9 f2 cf 53 a3 1d 82 af 97 56 f6 f4 74 5d bf 4f 43 e4 0f 87 7f 07 da cf c5 97 5e 13 f1 35 b9 d3 75 Data Ascii: iAm6g&aHOS~6x;8s7j?vz/&z??m;9#4TUMO<u%z7Zx6"MpU^Yq,5_m>a*e<0$+?^u-6Qkfw'DD?+ri)SVt]OC^5u
2024-04-24 14:03:00 UTC	16384	IN	Data Raw: 32 cb 5a 8e 15 58 93 6e 15 77 30 ce 71 cf 19 fa 9c 9f 7e 6b ba 8c 23 f1 74 3c 8a ce 69 f2 3d ce d7 47 74 82 dc 79 9c 32 8f c8 9e bf 96 69 d7 c2 1b f2 1a 30 14 e3 a7 d2 b9 db 3d 4f ed 2b cb 7d ef d6 af c1 75 f6 58 b7 6e e3 f9 d7 62 95 d5 9e c7 2c a1 67 75 b9 e7 bf b5 37 c5 1d 27 f6 75 f8 33 e2 2f 19 6b 81 4d 8e 87 68 66 f2 8b ed 6b a9 8f cb 14 00 f6 2f 21 55 cf 6c 92 78 06 bf 9f bd 67 e2 8e b1 f1 db e2 fe ab e2 dd 46 46 b8 9e ea 79 2e 8b e4 80 db 89 66 20 75 51 c8 c2 f2 14 60 03 c5 7d fb ff 00 07 0a 7e d2 52 78 8f 55 f0 cf c2 bb 1b 92 2d ec 55 75 7d 55 54 83 ba 79 43 2c 2a c3 d6 38 03 be 0f 07 ed 68 7b 0a f8 3b c3 fa 2c 3a 6e 95 17 96 b0 b6 39 f9 06 43 60 0e 7a 73 ea 78 ef 8f 53 5e f6 57 85 8d 38 7b 5e b2 fc 8f 9c cd b1 72 a9 35 4b a4 7f 33 ab d2 f5 eb cb Data Ascii: 2ZXnw0q~k#t<i=Gty2i0=O+}uXnb,gu7'u3/kMhfk/!UlxgFFy.f uQ`}~RxU-Uu}UTyC,*8h{;,:n9C`zsxS^W8{^r5K3
2024-04-24 14:03:00 UTC	1024	IN	Data Raw: 56 87 6d e2 cd 0e e3 4f bc 0d 25 b5 ce d1 22 82 3e 60 18 36 3f 1d b8 fa 7a 1a b3 34 ec e4 b7 72 73 44 62 ee 0e 4a d6 29 78 b3 c3 fa 6f 8e 34 39 34 dd 73 4d b0 d6 b4 d9 86 d9 2c f5 0b 64 ba b7 90 1e a0 a4 80 a9 fc ab e3 bf da 37 fe 08 3d fb 38 7e d0 02 e2 78 7c 29 79 f0 ff 00 54 9b 27 ed 7e 15 bb fb 1c 7b 8f 4c db 48 24 b6 03 d9 23 52 7d 6b ec 89 64 d8 31 ef 50 49 2e 2a 9d 38 cb 74 4c 6a 4a 3b 33 f1 23 e3 27 fc 1a a5 e3 a8 75 59 db c1 3f 14 bc 17 ac 69 d9 26 11 ae 59 dc e9 b7 2b e8 ad e5 2c e8 c7 b6 41 5f a0 af 91 7f 68 5f f8 21 c7 ed 09 fb 39 47 71 71 ab 78 0f 56 d7 34 db 70 58 ea 1e 1c 4f ed 7b 7d bf de 22 0d d2 a2 fb c9 1a 62 bf a6 8b 89 70 bf e7 8a ab 2c ed 13 ee 0c c0 e7 19 cf 4a ca 58 38 3d 8d a3 8e a8 b7 d4 fe 3b 35 bf 09 4d a4 5f 4b 6b 22 b4 73 44 Data Ascii: VmO%">`6?z4rsDbJ)xo494sM,d7=8~x\|)yT'~{LH$#R}kd1PI.*8tLjJ;3#'uY?i&Y+,A_h_!9GqqxV4pXO{}"bp,JX8=;5M_Kk"sD
2024-04-24 14:03:00 UTC	7755	IN	Data Raw: 0e 98 04 5c 3f 1f 5e 6b 01 03 23 0f 9b 8c 63 19 ef 9a b5 6f 36 19 72 46 33 ce 3d 3f c8 a2 c3 bb 37 e0 f1 7e a8 a0 7f c4 d3 51 ef c7 da 5f e6 e7 eb 56 a1 f1 7e ac 59 4f f6 9d ff 00 4f f9 f9 7c 7f 3a e7 a1 93 95 25 5b e5 19 e9 57 20 93 76 79 f6 a0 a4 cd fb 7f 18 6a c0 36 35 4d 4b e6 c7 fc bc bf f8 fa 55 88 fc 69 ab 9e 9a 9e a0 bd 4f 37 2f e9 f5 ac 1b 76 dc 33 b8 2e d3 c6 4f 5f af b6 2a c4 33 f3 b5 87 40 41 34 59 05 d9 d0 41 e3 2d 58 8f f9 0b 6a 43 8c ff 00 c7 d3 ff 00 8f af f3 ab 10 78 d7 57 52 7f e2 69 a9 1e e3 fd 25 fa 7e 7e d5 cf 46 ea 8d df 1d 31 eb df 8f 6a b3 13 94 4e db ba 60 f7 ff 00 eb 73 fc aa 6c 87 cc ce 8a 3f 18 eb 0d 9d ba ae a5 ff 00 81 2f fe 35 6a db c6 ba c1 07 fe 26 ba 87 cd c7 cd 72 ff 00 e3 ed 5c ec 52 e0 af 3c b1 24 63 f0 ff 00 f5 54 f1 Data Ascii: \?^k#co6rF3=?7~Q_V~YOO\|:%[W vyj65MKUiO7/v3.O_*3@A4YA-XjCxWRi%~~F1jN`sl?/5j&r\R<$cT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	23.202.57.177	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:02:59 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 14:02:59 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=233972 Date: Wed, 24 Apr 2024 14:02:59 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 14:02:59 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49751	172.66.40.179	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:03:00 UTC	650	OUT	POST /api/uPhish/results/visit HTTP/1.1 Host: api.usecure.io Connection: keep-alive Content-Length: 14612 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://microloft.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://microloft.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:03:00 UTC	14612	OUT	Data Raw: 73 69 6d 75 6c 61 74 69 6f 6e 52 65 73 75 6c 74 49 64 3d 38 65 32 38 65 38 35 36 2d 62 65 38 64 2d 34 34 34 36 2d 61 33 39 36 2d 63 64 63 64 37 38 31 36 39 61 62 38 26 73 69 6d 75 6c 61 74 69 6f 6e 49 64 3d 26 6c 65 61 72 6e 65 72 49 64 3d 26 63 6f 6d 70 61 6e 79 49 64 3d 26 66 69 6e 67 65 72 70 72 69 6e 74 3d 65 79 4a 6b 59 58 52 68 49 6a 70 37 49 6e 42 73 64 57 64 70 62 6e 4d 69 4f 6c 73 69 55 45 52 47 49 46 5a 70 5a 58 64 6c 63 6a 6f 36 55 47 39 79 64 47 46 69 62 47 55 67 52 47 39 6a 64 57 31 6c 62 6e 51 67 52 6d 39 79 62 57 46 30 4f 6a 70 70 62 6e 52 6c 63 6d 35 68 62 43 31 77 5a 47 59 74 64 6d 6c 6c 64 32 56 79 4f 6a 70 66 58 32 46 77 63 47 78 70 59 32 46 30 61 57 39 75 4c 33 42 6b 5a 6e 35 77 5a 47 5a 25 32 42 55 47 39 79 64 47 46 69 62 47 55 67 52 Data Ascii: simulationResultId=8e28e856-be8d-4446-a396-cdcd78169ab8&simulationId=&learnerId=&companyId=&fingerprint=eyJkYXRhIjp7InBsdWdpbnMiOlsiUERGIFZpZXdlcjo6UG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0OjppbnRlcm5hbC1wZGYtdmlld2VyOjpfX2FwcGxpY2F0aW9uL3BkZn5wZGZ%2BUG9ydGFibGUgR
2024-04-24 14:03:01 UTC	1303	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 14:03:00 GMT Content-Type: application/json; charset=utf-8 Content-Length: 102 Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967380&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=syBTS%2FTK8bO8eSfrRUVurMp0zsTQyoMnz02v0h9X6Ts%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967380&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=syBTS%2FTK8bO8eSfrRUVurMp0zsTQyoMnz02v0h9X6Ts%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Access-Control-Allow-Origin: https://microloft.net Vary: Origin, Accept-Encoding Access-Control-Allow-Credentials: true Content-Security-Policy: frame-ancestors 'self' https://.usecure.io https://.user-training.com X-Dns-Prefetch-Control: off Expect-Ct: max-age=0 Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-Xss-Protection: 0 Etag: W/"66-nKIBf6CXU7TO9E+WMZOs4CZ2DjI" Via: 1.1 vegur CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8796a260dbb269e3-LAS alt-svc: h3=":443"; ma=86400
2024-04-24 14:03:01 UTC	66	IN	Data Raw: 7b 22 6f 70 65 6e 22 3a 22 32 30 32 34 2d 30 34 2d 32 32 54 31 35 3a 33 35 3a 34 31 2e 37 37 39 5a 22 2c 22 76 69 73 69 74 22 3a 22 32 30 32 34 2d 30 34 2d 32 34 54 31 34 3a 30 32 3a 33 30 2e 33 36 Data Ascii: {"open":"2024-04-22T15:35:41.779Z","visit":"2024-04-24T14:02:30.36
2024-04-24 14:03:01 UTC	36	IN	Data Raw: 30 5a 22 2c 22 63 6f 6d 70 72 6f 6d 69 73 65 22 3a 6e 75 6c 6c 2c 22 72 65 70 6f 72 74 22 3a 6e 75 6c 6c 7d Data Ascii: 0Z","compromise":null,"report":null}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49749	63.32.244.164	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:03:00 UTC	627	OUT	GET /favicon.ico HTTP/1.1 Host: microloft.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:03:01 UTC	795	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.0 Date: Wed, 24 Apr 2024 14:03:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 189 Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967381&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=0A5qXk0rOhI0hiuw6uTKo33%2FrSd67mt%2BD%2BVRMHIo7%2FI%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967381&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=0A5qXk0rOhI0hiuw6uTKo33%2FrSd67mt%2BD%2BVRMHIo7%2FI%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} X-Powered-By: Express Access-Control-Allow-Origin: * Etag: W/"bd-q+ifm/t1a737L1NUIOELtWJetOI" Via: 1.1 vegur
2024-04-24 14:03:01 UTC	189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	172.66.43.77	443	5568	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 14:03:01 UTC	362	OUT	GET /api/uPhish/results/visit HTTP/1.1 Host: api.usecure.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 14:03:02 UTC	1161	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 14:03:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1713967382&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=PWwcXyw6b0v%2FQoRbV04cJJaTtbUFz3NKLDjsSEpyYAE%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1713967382&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=PWwcXyw6b0v%2FQoRbV04cJJaTtbUFz3NKLDjsSEpyYAE%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Vary: Origin, Accept-Encoding Access-Control-Allow-Credentials: true Content-Security-Policy: default-src 'none' X-Dns-Prefetch-Control: off Expect-Ct: max-age=0 Strict-Transport-Security: max-age=15552000; includeSubDomains X-Download-Options: noopen X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer X-Xss-Protection: 0 Via: 1.1 vegur CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8796a268387b0add-LAS alt-svc: h3=":443"; ma=86400
2024-04-24 14:03:02 UTC	208	IN	Data Raw: 35 30 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 70 72 65 3e 43 61 6e 6e 6f 74 20 47 45 54 20 2f 61 70 69 2f 75 50 68 69 73 68 2f 72 65 73 75 6c 74 73 2f 76 69 73 69 74 3c 2f 70 72 65 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 20 28 21 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 20 72 65 74 75 72 6e 3b 76 61 72 20 6a 73 20 3d 20 Data Ascii: 501<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Error</title></head><body><pre>Cannot GET /api/uPhish/results/visit</pre><script>(function(){if (!document.body) return;var js =
2024-04-24 14:03:02 UTC	1080	IN	Data Raw: 22 77 69 6e 64 6f 77 5b 27 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 27 5d 3d 7b 72 3a 27 38 37 39 36 61 32 36 38 33 38 37 62 30 61 64 64 27 2c 74 3a 27 4d 54 63 78 4d 7a 6b 32 4e 7a 4d 34 4d 69 34 79 4e 6a 41 77 4d 44 41 3d 27 7d 3b 5f 63 70 6f 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 5f 63 70 6f 2e 6e 6f 6e 63 65 3d 27 27 2c 5f 63 70 6f 2e 73 72 63 3d 27 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 73 63 72 69 70 74 73 2f 6a 73 64 2f 6d 61 69 6e 2e 6a 73 27 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 68 65 61 64 27 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 5f 63 70 6f 29 3b 22 3b 76 61 72 20 5f Data Ascii: "window['__CF$cv$params']={r:'8796a268387b0add',t:'MTcxMzk2NzM4Mi4yNjAwMDA='};_cpo=document.createElement('script');_cpo.nonce='',_cpo.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js',document.getElementsByTagName('head')[0].appendChild(_cpo);";var _
2024-04-24 14:03:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	16:02:47
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:02:51
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:02:52
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:02:57
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5812 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	16:02:57
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1912,i,7823971302079770909,13188878066435612919,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://microloft.net/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://microloft.net/js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	Avira URL Cloud: Label: phishing
Source: https://microloft.net/js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07	Avira URL Cloud: Label: phishing

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu HTTP/1.1Host: microloft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/usecure.env.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07 HTTP/1.1Host: microloft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=euAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/usecure.bundle.js?v=17d8e600-dc4e-48d2-9bf0-3b598830db07 HTTP/1.1Host: microloft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=euAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png HTTP/1.1Host: s3.eu-west-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microloft.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg HTTP/1.1Host: s3.eu-west-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microloft.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usecure/wysiwyg1623375071402-USA+Canva+LOGIN1.png HTTP/1.1Host: s3.eu-west-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usecure/wysiwyg1605776422557-Depositphotos_99237602_m-2015+4.jpg HTTP/1.1Host: s3.eu-west-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: microloft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=euAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/uPhish/results/visit HTTP/1.1Host: api.usecure.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: microloft.net
Source: global traffic	DNS traffic detected: DNS query: s3.eu-west-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.usecure.io

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2108, Parent PID: 2736

General

Chronological Activities

Windows Analysis Report
https://microloft.net/?r=8e28e856-be8d-4446-a396-cdcd78169ab8&rg=eu