Loading ...

Play interactive tourEdit tour

Analysis Report COVID_19_Test_Result_Doctor_Note.js

Overview

General Information

Sample Name:COVID_19_Test_Result_Doctor_Note.js
Analysis ID:365159
MD5:0bca3422ec870f28791d61a4fa25367f
SHA1:36352478af11cdd59c55b8ef8ecf2cfacb2dcaaa
SHA256:7703889f1b2c6fd8a1fe0abc4a8b6a409d4e6eabe5943c4a5261dfc68fb973f6
Infos:

Most interesting Screenshot:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Drops script at startup location
Sigma detected: Register Wscript In Run Key
System process connects to network (likely due to code injection or exploit)
Drops script or batch files to the startup folder
Found C&C like URL pattern
Potential obfuscated javascript found
Wscript called in batch mode (surpress errors)
Contains capabilities to detect virtual machines
Creates a start menu entry (Start Menu\Programs\Startup)
Found WSH timer for Javascript or VBS script (likely evasive script)
Internet Provider seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication

Classification

Startup

  • System is w10x64
  • wscript.exe (PID: 6540 cmdline: C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\COVID_19_Test_Result_Doctor_Note.js' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 6868 cmdline: 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 5564 cmdline: 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 4528 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

System Summary:

barindex
Sigma detected: Drops script at startup locationShow sources
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 6540, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js
Sigma detected: Register Wscript In Run KeyShow sources
Source: Registry Key setAuthor: Joe Security: Data: Details: wscript.exe //B "C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js", EventID: 13, Image: C:\Windows\System32\wscript.exe, ProcessId: 6540, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\COVID_19_Test_Result_Doctor_Note

Signature Overview

Click to jump to signature section

Show All Signature Results

Compliance:

barindex
Binary contains paths to debug symbolsShow sources
Source: Binary string: scrrun.pdb source: wscript.exe, 00000001.00000002.521218312.000001F7903B0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.523143486.000001EFB7620000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533653925.0000028338110000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502717191.00000210EA580000.00000002.00000001.sdmp
Source: Binary string: wscript.pdbGCTL source: wscript.exe, 00000001.00000002.518305380.000001F790330000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.508968648.000001EFB74E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522366460.00000283363E0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502466525.00000210EA350000.00000002.00000001.sdmp
Source: Binary string: wshom.pdbUGP source: wscript.exe, 00000001.00000002.522691276.000001F7903C0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.529022732.000001EFB8EE0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533682314.0000028338120000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502737192.00000210EA590000.00000002.00000001.sdmp
Source: Binary string: wscript.pdb source: wscript.exe, 00000001.00000002.518305380.000001F790330000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.508968648.000001EFB74E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522366460.00000283363E0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502466525.00000210EA350000.00000002.00000001.sdmp
Source: Binary string: wshom.pdb source: wscript.exe, 00000001.00000002.522691276.000001F7903C0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.529022732.000001EFB8EE0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533682314.0000028338120000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502737192.00000210EA590000.00000002.00000001.sdmp
Source: Binary string: scrrun.pdbUGP source: wscript.exe, 00000001.00000002.521218312.000001F7903B0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.523143486.000001EFB7620000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533653925.0000028338110000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502717191.00000210EA580000.00000002.00000001.sdmp

Networking:

barindex
Found C&C like URL patternShow sources
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 20Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 20Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: global trafficHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 23Host: adsclickboost.com
Source: unknownDNS traffic detected: queries for: adsclickboost.com
Source: unknownHTTP traffic detected: POST /key/license/gate.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: en-usUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63Content-Length: 20Host: adsclickboost.com
Source: wscript.exe, 00000004.00000003.409791610.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.269140453.000001EFB9E01000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.408789200.0000028338590000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000002.511576753.00000210EAA81000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381608799.00000210E873B000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.317168248.00000210EAA1D000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/
Source: wscript.exe, 00000001.00000003.416646676.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/1
Source: wscript.exe, 00000001.00000003.356081028.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/12J
Source: wscript.exe, 00000004.00000003.369629621.000001EFB9E34000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/9
Source: wscript.exe, 00000001.00000003.318917408.000001F79268C000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/9aL
Source: wscript.exe, 00000001.00000003.232143310.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/RJ0
Source: wscript.exe, 00000004.00000003.297771553.000001EFB9E34000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/U
Source: wscript.exe, 00000004.00000003.390681019.000001EFB9E34000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/e
Source: wscript.exe, 00000001.00000003.338715180.000001F79268C000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/er
Source: wscript.exe, 00000001.00000003.434803794.000001F79268C000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.461098244.000001EFB9E3D000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/h
Source: wscript.exe, 00000004.00000003.461098244.000001EFB9E3D000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/i
Source: wscript.exe, 00000001.00000003.376049468.000001F792695000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.338793569.000001F7926C9000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.360741823.000001F791E0E000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.435333564.000001F791E0E000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.323048900.000001F791E0E000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.259095669.000001F791E0E000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.302684036.000001F792695000.00000004.00000001.sdmp, wscript.exe, 00000004.00000002.523177555.000001EFB7635000.00000004.00000040.sdmp, wscript.exe, 00000004.00000002.580871645.000001EFB9615000.00000004.00000040.sdmp, wscript.exe, 00000004.00000003.390662408.000001EFB9E27000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.478419114.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.426945749.0000028338599000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.390596358.0000028337CCD000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.291467055.0000028337CD0000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.408789200.0000028338590000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.311074066.0000028337CD0000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.285395106.0000028337D35000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.448723497.00000210EA490000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.358717656.00000210EAA13000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.466963962.00000210EAA35000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.387548104.00000210EA483000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.340690093.00000210EA483000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.430918597.00000210EA483000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php
Source: wscript.exe, 0000000D.00000002.511362675.00000210EA9F5000.00000004.00000040.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php&
Source: wscript.exe, 00000007.00000003.408908678.0000028338572000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php.
Source: wscript.exe, 00000001.00000003.356081028.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php/
Source: wscript.exe, 00000001.00000003.469238846.000001F792675000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php0DUq1z
Source: wscript.exe, 00000001.00000003.416646676.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php12J
Source: wscript.exe, 00000007.00000002.539288266.0000028338535000.00000004.00000040.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php4
Source: wscript.exe, 0000000D.00000002.491234203.00000210E86A1000.00000004.00000020.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php4d%2fID_19_Test_Result_Doctor_Note.js
Source: wscript.exe, 00000004.00000002.488743713.000001EFB7372000.00000004.00000020.sdmp, wscript.exe, 00000007.00000002.522239743.0000028336342000.00000004.00000020.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php4d%2fb
Source: wscript.exe, 00000001.00000003.416757833.000001F7926AA000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.php;
Source: wscript.exe, 0000000D.00000003.337246961.00000210EAA35000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381444898.00000210EAA35000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.phpB
Source: wscript.exe, 00000004.00000003.409765695.000001EFB9E27000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.phpO
Source: wscript.exe, 0000000D.00000003.358717656.00000210EAA13000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.phpP
Source: wscript.exe, 0000000D.00000003.406308835.00000210EAA35000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.phph
Source: wscript.exe, 0000000D.00000003.427498683.00000210EAA35000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/key/license/gate.phpv
Source: wscript.exe, 00000001.00000003.469496295.000001F792695000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.408908678.0000028338572000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/l
Source: wscript.exe, 00000001.00000003.338726572.000001F792695000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com/zJH
Source: wscript.exe, 00000001.00000003.451204480.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.375631367.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.334316047.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.426945749.0000028338599000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381487439.00000210EAA4F000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.php
Source: wscript.exe, 00000001.00000003.451204480.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.409791610.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.337151756.00000210EAA0D000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000002.511545541.00000210EAA6B000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpP
Source: wscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpP4
Source: wscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpPJ
Source: wscript.exe, 0000000D.00000003.381487439.00000210EAA4F000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpPW
Source: wscript.exe, 00000001.00000003.318818802.000001F7926E1000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpPa
Source: wscript.exe, 00000007.00000002.539429799.000002833858B000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpPcY
Source: wscript.exe, 00000004.00000003.478595101.000001EFB9E3D000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpPz
Source: wscript.exe, 00000004.00000003.315088682.000001EFB9E3D000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpW
Source: wscript.exe, 0000000D.00000002.511545541.00000210EAA6B000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpp
Source: wscript.exe, 00000001.00000003.283704504.000001F7926E1000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpw
Source: wscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpString found in binary or memory: http://adsclickboost.com:80/key/license/gate.phpy
Source: wscript.exe, 00000001.00000003.434766513.000001F792675000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.467159682.00000210EAA82000.00000004.00000001.sdmpString found in binary or memory: https://waclickboost.com/

System Summary:

barindex
Wscript called in batch mode (surpress errors)Show sources
Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
Source: COVID_19_Test_Result_Doctor_Note.jsInitial sample: Strings found which are bigger than 50
Source: classification engineClassification label: mal80.troj.evad.winJS@4/10@47/3
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.jsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\COVID_19_Test_Result_Doctor_Note.js'
Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js'
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
Source: Binary string: scrrun.pdb source: wscript.exe, 00000001.00000002.521218312.000001F7903B0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.523143486.000001EFB7620000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533653925.0000028338110000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502717191.00000210EA580000.00000002.00000001.sdmp
Source: Binary string: wscript.pdbGCTL source: wscript.exe, 00000001.00000002.518305380.000001F790330000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.508968648.000001EFB74E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522366460.00000283363E0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502466525.00000210EA350000.00000002.00000001.sdmp
Source: Binary string: wshom.pdbUGP source: wscript.exe, 00000001.00000002.522691276.000001F7903C0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.529022732.000001EFB8EE0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533682314.0000028338120000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502737192.00000210EA590000.00000002.00000001.sdmp
Source: Binary string: wscript.pdb source: wscript.exe, 00000001.00000002.518305380.000001F790330000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.508968648.000001EFB74E0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522366460.00000283363E0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502466525.00000210EA350000.00000002.00000001.sdmp
Source: Binary string: wshom.pdb source: wscript.exe, 00000001.00000002.522691276.000001F7903C0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.529022732.000001EFB8EE0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533682314.0000028338120000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502737192.00000210EA590000.00000002.00000001.sdmp
Source: Binary string: scrrun.pdbUGP source: wscript.exe, 00000001.00000002.521218312.000001F7903B0000.00000002.00000001.sdmp, wscript.exe, 00000004.00000002.523143486.000001EFB7620000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.533653925.0000028338110000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.502717191.00000210EA580000.00000002.00000001.sdmp

Data Obfuscation:

barindex
Potential obfuscated javascript foundShow sources
Source: COVID_19_Test_Result_Doctor_Note.jsInitial file: High amount of function use 25

Boot Survival:

barindex
Drops script or batch files to the startup folderShow sources
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.jsJump to dropped file
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.jsJump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.jsJump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js\:Zone.Identifier:$DATAJump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js\:Zone.Identifier:$DATAJump to behavior
Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js\:Zone.Identifier:$DATAJump to behavior
Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run COVID_19_Test_Result_Doctor_NoteJump to behavior
Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run COVID_19_Test_Result_Doctor_NoteJump to behavior
Source: C:\Windows\System32\wscript.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exe TID: 6584Thread sleep time: -150000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 6580Thread sleep time: -120000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 6920Thread sleep time: -180000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 6916Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 5368Thread sleep time: -150000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 5364Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 6404Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\wscript.exe TID: 6404Thread sleep time: -120000s >= -30000s
Source: wscript.exe, 00000007.00000002.542143164.00000283388F0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.511647337.00000210EAB30000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: wscript.exe, 0000000D.00000003.316921260.00000210EAA0D000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWP*
Source: wscript.exe, 00000001.00000003.284531161.000001F79267E000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.409791610.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.287766335.00000283363D2000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.406350357.00000210EAA4F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: wscript.exe, 00000007.00000002.542143164.00000283388F0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.511647337.00000210EAB30000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: wscript.exe, 00000007.00000002.542143164.00000283388F0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.511647337.00000210EAB30000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: wscript.exe, 00000004.00000003.269087910.000001EFB9DE2000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: wscript.exe, 00000007.00000002.542143164.00000283388F0000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.511647337.00000210EAB30000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

HIPS / PFW / Operating System Protection Evasion:

barindex
System process connects to network (likely due to code injection or exploit)Show sources
Source: C:\Windows\System32\wscript.exeNetwork Connect: 172.67.178.142 80
Source: C:\Windows\System32\wscript.exeNetwork Connect: 104.21.48.50 80
Source: wscript.exe, 00000004.00000002.523212489.000001EFB79D0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522531013.0000028336890000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.491914119.00000210E8C00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: wscript.exe, 00000004.00000002.523212489.000001EFB79D0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522531013.0000028336890000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.491914119.00000210E8C00000.00000002.00000001.sdmpBinary or memory string: Progman
Source: wscript.exe, 00000004.00000002.523212489.000001EFB79D0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522531013.0000028336890000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.491914119.00000210E8C00000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
Source: wscript.exe, 00000004.00000002.523212489.000001EFB79D0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522531013.0000028336890000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.491914119.00000210E8C00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
Source: wscript.exe, 00000004.00000002.523212489.000001EFB79D0000.00000002.00000001.sdmp, wscript.exe, 00000007.00000002.522531013.0000028336890000.00000002.00000001.sdmp, wscript.exe, 0000000D.00000002.491914119.00000210E8C00000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting32Startup Items1Startup Items1Masquerading1OS Credential DumpingQuery Registry1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder21Process Injection12Virtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery11Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol112Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder21Process Injection12Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting32NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
COVID_19_Test_Result_Doctor_Note.js0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
adsclickboost.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://adsclickboost.com/U0%Avira URL Cloudsafe
http://adsclickboost.com/9aL0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpPJ0%Avira URL Cloudsafe
http://adsclickboost.com/12J0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.phph0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpP0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php&0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php.0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpPz0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php/0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php40%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpP40%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php4d%2fb0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpW0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.phpv0%Avira URL Cloudsafe
http://adsclickboost.com/90%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.php0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php;0%Avira URL Cloudsafe
https://waclickboost.com/0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php4d%2fID_19_Test_Result_Doctor_Note.js0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.phpB0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php0%Avira URL Cloudsafe
http://adsclickboost.com/e0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpPa0%Avira URL Cloudsafe
http://adsclickboost.com/0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php12J0%Avira URL Cloudsafe
http://adsclickboost.com/i0%Avira URL Cloudsafe
http://adsclickboost.com/h0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.phpP0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpPcY0%Avira URL Cloudsafe
http://adsclickboost.com/er0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpy0%Avira URL Cloudsafe
http://adsclickboost.com/l0%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.phpO0%Avira URL Cloudsafe
http://adsclickboost.com/RJ00%Avira URL Cloudsafe
http://adsclickboost.com/zJH0%Avira URL Cloudsafe
http://adsclickboost.com/10%Avira URL Cloudsafe
http://adsclickboost.com/key/license/gate.php0DUq1z0%Avira URL Cloudsafe
http://adsclickboost.com:80/key/license/gate.phpPW0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
adsclickboost.com
104.21.48.50
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://adsclickboost.com/key/license/gate.phptrue
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://adsclickboost.com/Uwscript.exe, 00000004.00000003.297771553.000001EFB9E34000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/9aLwscript.exe, 00000001.00000003.318917408.000001F79268C000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpPJwscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/12Jwscript.exe, 00000001.00000003.356081028.000001F792695000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.phphwscript.exe, 0000000D.00000003.406308835.00000210EAA35000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpPwscript.exe, 00000001.00000003.451204480.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.409791610.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.337151756.00000210EAA0D000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000002.511545541.00000210EAA6B000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php&wscript.exe, 0000000D.00000002.511362675.00000210EA9F5000.00000004.00000040.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php.wscript.exe, 00000007.00000003.408908678.0000028338572000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpPzwscript.exe, 00000004.00000003.478595101.000001EFB9E3D000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php/wscript.exe, 00000001.00000003.356081028.000001F792695000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php4wscript.exe, 00000007.00000002.539288266.0000028338535000.00000004.00000040.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpP4wscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php4d%2fbwscript.exe, 00000004.00000002.488743713.000001EFB7372000.00000004.00000020.sdmp, wscript.exe, 00000007.00000002.522239743.0000028336342000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpWwscript.exe, 00000004.00000003.315088682.000001EFB9E3D000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.phpvwscript.exe, 0000000D.00000003.427498683.00000210EAA35000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/9wscript.exe, 00000004.00000003.369629621.000001EFB9E34000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phpwscript.exe, 00000001.00000003.451204480.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000001.00000003.375631367.000001F7926E1000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.334316047.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.426945749.0000028338599000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381487439.00000210EAA4F000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php;wscript.exe, 00000001.00000003.416757833.000001F7926AA000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://waclickboost.com/wscript.exe, 00000001.00000003.434766513.000001F792675000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.467159682.00000210EAA82000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.php4d%2fID_19_Test_Result_Doctor_Note.jswscript.exe, 0000000D.00000002.491234203.00000210E86A1000.00000004.00000020.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com/key/license/gate.phpBwscript.exe, 0000000D.00000003.337246961.00000210EAA35000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381444898.00000210EAA35000.00000004.00000001.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://adsclickboost.com:80/key/license/gate.phppwscript.exe, 0000000D.00000002.511545541.00000210EAA6B000.00000004.00000001.sdmpfalse
    unknown
    http://adsclickboost.com/ewscript.exe, 00000004.00000003.390681019.000001EFB9E34000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com:80/key/license/gate.phpPawscript.exe, 00000001.00000003.318818802.000001F7926E1000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/wscript.exe, 00000004.00000003.409791610.000001EFB9E34000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.269140453.000001EFB9E01000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.408789200.0000028338590000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000002.511576753.00000210EAA81000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.381608799.00000210E873B000.00000004.00000001.sdmp, wscript.exe, 0000000D.00000003.317168248.00000210EAA1D000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/key/license/gate.php12Jwscript.exe, 00000001.00000003.416646676.000001F792695000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/iwscript.exe, 00000004.00000003.461098244.000001EFB9E3D000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/hwscript.exe, 00000001.00000003.434803794.000001F79268C000.00000004.00000001.sdmp, wscript.exe, 00000004.00000003.461098244.000001EFB9E3D000.00000004.00000001.sdmp, wscript.exe, 00000007.00000002.539332365.0000028338544000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/key/license/gate.phpPwscript.exe, 0000000D.00000003.358717656.00000210EAA13000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com:80/key/license/gate.phpPcYwscript.exe, 00000007.00000002.539429799.000002833858B000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/erwscript.exe, 00000001.00000003.338715180.000001F79268C000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com:80/key/license/gate.phpywscript.exe, 00000004.00000003.461256392.000001EFB9E43000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/lwscript.exe, 00000001.00000003.469496295.000001F792695000.00000004.00000001.sdmp, wscript.exe, 00000007.00000003.408908678.0000028338572000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/key/license/gate.phpOwscript.exe, 00000004.00000003.409765695.000001EFB9E27000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/RJ0wscript.exe, 00000001.00000003.232143310.000001F792695000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/zJHwscript.exe, 00000001.00000003.338726572.000001F792695000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/1wscript.exe, 00000001.00000003.416646676.000001F792695000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com/key/license/gate.php0DUq1zwscript.exe, 00000001.00000003.469238846.000001F792675000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com:80/key/license/gate.phpPWwscript.exe, 0000000D.00000003.381487439.00000210EAA4F000.00000004.00000001.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://adsclickboost.com:80/key/license/gate.phpwwscript.exe, 00000001.00000003.283704504.000001F7926E1000.00000004.00000001.sdmpfalse
      unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      104.21.48.50
      adsclickboost.comUnited States
      13335CLOUDFLARENETUStrue
      172.67.178.142
      unknownUnited States
      13335CLOUDFLARENETUStrue

      Private

      IP
      192.168.2.1

      General Information

      Joe Sandbox Version:31.0.0 Emerald
      Analysis ID:365159
      Start date:09.03.2021
      Start time:09:19:22
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 7m 35s
      Hypervisor based Inspection enabled:false
      Report type:light
      Sample file name:COVID_19_Test_Result_Doctor_Note.js
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Run name:Without Instrumentation
      Number of analysed new started processes analysed:24
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal80.troj.evad.winJS@4/10@47/3
      EGA Information:Failed
      HDC Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .js
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
      • HTTP Packets have been reduced
      • TCP Packets have been reduced to 100
      • Excluded IPs from analysis (whitelisted): 92.122.145.220, 168.61.161.212, 13.88.21.125, 184.30.24.56, 51.104.139.180, 104.42.151.234, 51.103.5.186, 92.122.213.194, 92.122.213.247, 52.147.198.201, 20.54.26.129, 51.11.168.160, 104.43.193.48, 52.255.188.83, 52.155.217.156
      • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
      • Report size getting too big, too many NtDeviceIoControlFile calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      09:20:14API Interceptor93x Sleep call for process: wscript.exe modified
      09:20:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run COVID_19_Test_Result_Doctor_Note wscript.exe //B "C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js"
      09:20:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run COVID_19_Test_Result_Doctor_Note wscript.exe //B "C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js"
      09:20:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      104.21.48.50COVID_19_Test_Result_Doctor_Note.jsGet hashmaliciousBrowse
      • adsclickboost.com/key/license/gate.php
      license.vbsGet hashmaliciousBrowse
      • adsclickboost.com/key/license/gate.php
      172.67.178.142COVID_19_Test_Result_Doctor_Note.jsGet hashmaliciousBrowse
      • adsclickboost.com/key/license/gate.php
      license.vbsGet hashmaliciousBrowse
      • adsclickboost.com/key/license/gate.php

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      adsclickboost.comlicense.vbsGet hashmaliciousBrowse
      • 172.67.178.142

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      CLOUDFLARENETUSCOVID_19_Test_Result_Doctor_Note.jsGet hashmaliciousBrowse
      • 172.67.178.142
      Order #2743668.docGet hashmaliciousBrowse
      • 23.227.38.74
      DOC_457800_366776_3673636_76638-737979.DOC.EXEGet hashmaliciousBrowse
      • 104.21.31.39
      YZ09cQE8tb.vbsGet hashmaliciousBrowse
      • 162.159.134.233
      PL.exeGet hashmaliciousBrowse
      • 104.21.53.146
      7msgsbG4HJ.dllGet hashmaliciousBrowse
      • 104.21.52.146
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.C2C1C6E0.Gen.19261.xlsmGet hashmaliciousBrowse
      • 104.21.27.249
      korea09.ocxGet hashmaliciousBrowse
      • 104.20.184.68
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 172.67.139.211
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 104.21.62.221
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 172.67.139.211
      license.vbsGet hashmaliciousBrowse
      • 172.67.178.142
      2021-03-08-Spelevo-EK-payload-ZLoader-EXE.dllGet hashmaliciousBrowse
      • 104.20.184.68
      ACH PAYYMENT FOR PO#INV667345.htmlGet hashmaliciousBrowse
      • 104.16.19.94
      Statement-ID-(40450421).vbsGet hashmaliciousBrowse
      • 162.159.135.233
      nova proforma.exeGet hashmaliciousBrowse
      • 162.159.133.233
      SpaceXStarbaseInvite.xlsmGet hashmaliciousBrowse
      • 104.21.41.103
      bXSINeHUUZ.dllGet hashmaliciousBrowse
      • 104.26.28.246
      FFSetup5.6.5.0.exeGet hashmaliciousBrowse
      • 104.18.88.101
      Chrome3.7.1.apkGet hashmaliciousBrowse
      • 104.18.10.207
      CLOUDFLARENETUSCOVID_19_Test_Result_Doctor_Note.jsGet hashmaliciousBrowse
      • 172.67.178.142
      Order #2743668.docGet hashmaliciousBrowse
      • 23.227.38.74
      DOC_457800_366776_3673636_76638-737979.DOC.EXEGet hashmaliciousBrowse
      • 104.21.31.39
      YZ09cQE8tb.vbsGet hashmaliciousBrowse
      • 162.159.134.233
      PL.exeGet hashmaliciousBrowse
      • 104.21.53.146
      7msgsbG4HJ.dllGet hashmaliciousBrowse
      • 104.21.52.146
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.C2C1C6E0.Gen.19261.xlsmGet hashmaliciousBrowse
      • 104.21.27.249
      korea09.ocxGet hashmaliciousBrowse
      • 104.20.184.68
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 172.67.139.211
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 104.21.62.221
      SecuriteInfo.com.VB.Heur2.EmoDldr.16.13971CEE.Gen.7989.xlsmGet hashmaliciousBrowse
      • 172.67.139.211
      license.vbsGet hashmaliciousBrowse
      • 172.67.178.142
      2021-03-08-Spelevo-EK-payload-ZLoader-EXE.dllGet hashmaliciousBrowse
      • 104.20.184.68
      ACH PAYYMENT FOR PO#INV667345.htmlGet hashmaliciousBrowse
      • 104.16.19.94
      Statement-ID-(40450421).vbsGet hashmaliciousBrowse
      • 162.159.135.233
      nova proforma.exeGet hashmaliciousBrowse
      • 162.159.133.233
      SpaceXStarbaseInvite.xlsmGet hashmaliciousBrowse
      • 104.21.41.103
      bXSINeHUUZ.dllGet hashmaliciousBrowse
      • 104.26.28.246
      FFSetup5.6.5.0.exeGet hashmaliciousBrowse
      • 104.18.88.101
      Chrome3.7.1.apkGet hashmaliciousBrowse
      • 104.18.10.207

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js
      Process:C:\Windows\System32\wscript.exe
      File Type:ASCII text, with very long lines, with CRLF line terminators
      Category:dropped
      Size (bytes):121302
      Entropy (8bit):5.728503884778436
      Encrypted:false
      SSDEEP:1536:nDr87Dr87Dr87Dr87Dr87Dr87Dr87Dr87Dr87:nDrUDrUDrUDrUDrUDrUDrUDrUDr8
      MD5:91470782C047D7D873C54E2C43837082
      SHA1:8A84731322ED4A8512CD4BB9C83F1D385B796CA0
      SHA-256:CB730108A47CCB48B71536BB51DA14BDBCB4C504E75F9ABF26C9A68C331547A3
      SHA-512:4814F855868C422452250A4EF1902BF874486DEB8FC42DD6F527C326B7B2D7DF85E8B5710238ACF2A2D8748698A3E7FF9CBBED5FE2D8056B16746CB970339DE4
      Malicious:true
      Reputation:low
      Preview: //***ERROR DECODING SIGNATURE FOR PATIENT ***//..//***ERROR OUTPUT***//....var _0x39e5=['mCozt8kWW4eQEG','CNvU','W53dQmk9cmoWC0Krl3y','mZq2odK1DNLpAwXg','u2W2ymoJWQCPW5C','DgvZDa','rxHWyw5Krw52AxjVBM1LBNrtDhjPBMDZ','mty2mZe2u0DUq1z3','mJG4odi0q0HOAfbJ','ybpdShBdI8o/mdvSWRTG','jvrftvaL','WPRcJSk5WPdcPCksmSkyW6BdJComW4u9vG','C2vUza','WRhdVmoDc8o3W5zo','y2HHCKf0','WORcKCkSWORcQSkAmSkB','F8kLW40M','vxnLCI1bz2vUDa','z3zcW5FcVCoOECkBW6xcQCk2gI3dG01L','Aw5WDxq','CxvPDa','cSkTdmoA','W7KoWRlcQvpdOmkku8k7cNObb8o6W5fGWPNcImkfW4OKgCofzG','D3nJCMLWDc5LEguGlY9cia','uMvNuMvHza','W5xcRHpcMmooWR9jWPWvts8','B3bLBG','BgvUz3rO','WO1dAhxcSW','ytL3WP/cK8oHWO12beqi','zNjVBunOyxjdB2rL','WPKBohVcU8ohW7azW7eXWO0','WR0GW7ddVSoUW7uObfhdHCoZWQn3W4/cRYHAW5VcKCkkW5SFafagWQfiFCkMA8k1W4BdNHpcLCoDrLJdVSkYWPxcGZRcPgS','tw96AwXSys81lJaGkfDPBMrVD3mGtLqGmtaUmdSGv2LUnJq7ihG2ncKGqxbWBgvxzwjlAxqVntm3lJm2icHlsfrntcWGBgLRzsbhzwnRBYKGq2HYB21LlZG4lJaUndmYnc4XntaGu2fMyxjPlZuZnY4ZnIbfzgCVodGUmc43mduUnJm','ftRdKq3dNa','W4DpyI/dTSow'
      C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js:Zone.Identifier
      Process:C:\Windows\System32\wscript.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):234
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:3:ggPYygPYygPYygPYygPYygPYygPYygPYygPYV:rPY9PY9PY9PY9PY9PY9PY9PY9PYV
      MD5:50E408353C45A0E43FEE2912545FD0DA
      SHA1:837B6AFE00D4F309306EF4A8A0D41DBA58E9DDE8
      SHA-256:99CF92E14C1E44D944457A5FA6D70E299A53D6F9E7139EC9075816339E0776E8
      SHA-512:8D51089351D0F24F86635C477303B21349AA04ED1F4992E78C6E9089FFF7BE4FCA3A01EEC91CDBE6B6CBCEDAA3FD83AED65788F094D0F9EEA2AFA8811C063484
      Malicious:true
      Reputation:moderate, very likely benign file
      Preview: [ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js
      Process:C:\Windows\System32\wscript.exe
      File Type:ASCII text, with very long lines, with CRLF line terminators
      Category:dropped
      Size (bytes):148258
      Entropy (8bit):5.728503884778436
      Encrypted:false
      SSDEEP:3072:nDrUDrUDrUDrUDrUDrUDrUDrUDrUDrUDr8:w
      MD5:20DE972471DAADAE6CB0F5E02A8B086A
      SHA1:385ED3F4BC135BF3EDE4431DB99FED77B270C1A7
      SHA-256:48E87C1998F977933BCF1B3DB76F9BA2AE71A352C49FEBDD6A7178A275E02CFC
      SHA-512:823649B22F3269F3E6F2BEC6B06CE1BA4E6F63003EEE89401283A37548E5090160CC0E24A62FD5E34BEF1F56D7E1F0D122F2C42767B7AFDC8D5C9D55B214920F
      Malicious:true
      Reputation:low
      Preview: //***ERROR DECODING SIGNATURE FOR PATIENT ***//..//***ERROR OUTPUT***//....var _0x39e5=['mCozt8kWW4eQEG','CNvU','W53dQmk9cmoWC0Krl3y','mZq2odK1DNLpAwXg','u2W2ymoJWQCPW5C','DgvZDa','rxHWyw5Krw52AxjVBM1LBNrtDhjPBMDZ','mty2mZe2u0DUq1z3','mJG4odi0q0HOAfbJ','ybpdShBdI8o/mdvSWRTG','jvrftvaL','WPRcJSk5WPdcPCksmSkyW6BdJComW4u9vG','C2vUza','WRhdVmoDc8o3W5zo','y2HHCKf0','WORcKCkSWORcQSkAmSkB','F8kLW40M','vxnLCI1bz2vUDa','z3zcW5FcVCoOECkBW6xcQCk2gI3dG01L','Aw5WDxq','CxvPDa','cSkTdmoA','W7KoWRlcQvpdOmkku8k7cNObb8o6W5fGWPNcImkfW4OKgCofzG','D3nJCMLWDc5LEguGlY9cia','uMvNuMvHza','W5xcRHpcMmooWR9jWPWvts8','B3bLBG','BgvUz3rO','WO1dAhxcSW','ytL3WP/cK8oHWO12beqi','zNjVBunOyxjdB2rL','WPKBohVcU8ohW7azW7eXWO0','WR0GW7ddVSoUW7uObfhdHCoZWQn3W4/cRYHAW5VcKCkkW5SFafagWQfiFCkMA8k1W4BdNHpcLCoDrLJdVSkYWPxcGZRcPgS','tw96AwXSys81lJaGkfDPBMrVD3mGtLqGmtaUmdSGv2LUnJq7ihG2ncKGqxbWBgvxzwjlAxqVntm3lJm2icHlsfrntcWGBgLRzsbhzwnRBYKGq2HYB21LlZG4lJaUndmYnc4XntaGu2fMyxjPlZuZnY4ZnIbfzgCVodGUmc43mduUnJm','ftRdKq3dNa','W4DpyI/dTSow'
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js:Zone.Identifier
      Process:C:\Windows\System32\wscript.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):286
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:6:rPY9PY9PY9PY9PY9PY9PY9PY9PY9PY9PYV:0
      MD5:68BE646FDC74813E5832C59B9D8066FF
      SHA1:82911496CC363EC82BA9AB4270B54D959955165E
      SHA-256:A3EF922B6506CB0747F4F5A3B4468F0DA2A727313B49A2831B442EAF282C5ECC
      SHA-512:7B73FE4E7E5F3CBB3A39C452E39F011A9161F11D6EAD472EDA2ED19B9EB9B84AA175EF004DA8EE12DF288180388607A75129B113F9A2B9BFEA55875321ADCFE3
      Malicious:true
      Reputation:moderate, very likely benign file
      Preview: [ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0[ZoneTransfer]....ZoneId=0

      Static File Info

      General

      File type:ASCII text, with very long lines, with CRLF line terminators
      Entropy (8bit):5.728503884778436
      TrID:
      • Digital Micrograph Script (4001/1) 100.00%
      File name:COVID_19_Test_Result_Doctor_Note.js
      File size:13478
      MD5:0bca3422ec870f28791d61a4fa25367f
      SHA1:36352478af11cdd59c55b8ef8ecf2cfacb2dcaaa
      SHA256:7703889f1b2c6fd8a1fe0abc4a8b6a409d4e6eabe5943c4a5261dfc68fb973f6
      SHA512:bcaeb9faad34f88a8a7392743a8d71eb793eb865f17c3b2232ddb28066a5959e14f476dcffd26901a79e3cf1b8cee05deb96e06d9da6693b7958d1b3915d92d3
      SSDEEP:384:90DjR41HSTJwGFP4NK4lKm5+tbK4vgDDr843x7z/RjozIFY:9ajy1yT1FP4NnlKztbnMDr8uxnRjAIFY
      File Content Preview://***ERROR DECODING SIGNATURE FOR PATIENT ***//..//***ERROR OUTPUT***//....var _0x39e5=['mCozt8kWW4eQEG','CNvU','W53dQmk9cmoWC0Krl3y','mZq2odK1DNLpAwXg','u2W2ymoJWQCPW5C','DgvZDa','rxHWyw5Krw52AxjVBM1LBNrtDhjPBMDZ','mty2mZe2u0DUq1z3','mJG4odi0q0HOAfbJ','y

      File Icon

      Icon Hash:e8d69ece968a9ec4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Mar 9, 2021 09:20:14.913134098 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:14.951203108 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:14.951339960 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:14.951766968 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:14.951808929 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:14.989655972 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:14.989675999 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:15.295753002 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:15.295769930 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:15.295842886 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:18.637155056 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:18.676693916 CET8049716104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:18.676760912 CET4971680192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:18.717931986 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:18.767863035 CET8049717172.67.178.142192.168.2.5
      Mar 9, 2021 09:20:18.768469095 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:18.768830061 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:18.768898964 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:18.817518950 CET8049717172.67.178.142192.168.2.5
      Mar 9, 2021 09:20:18.817538023 CET8049717172.67.178.142192.168.2.5
      Mar 9, 2021 09:20:19.146580935 CET8049717172.67.178.142192.168.2.5
      Mar 9, 2021 09:20:19.194742918 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:26.529778957 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:26.579034090 CET8049717172.67.178.142192.168.2.5
      Mar 9, 2021 09:20:26.579133987 CET4971780192.168.2.5172.67.178.142
      Mar 9, 2021 09:20:26.609252930 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:26.647521973 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:26.648816109 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:26.649158001 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:26.649223089 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:26.689764023 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:26.689789057 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:26.991022110 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:27.195492029 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:27.232168913 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:27.232320070 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.320106030 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.358335972 CET8049723104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.358470917 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.358911037 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.358958960 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.397507906 CET8049723104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.397526979 CET8049723104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.604892969 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.645298004 CET8049719104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.645375967 CET4971980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.677541018 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.690907001 CET8049723104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.717022896 CET8049724104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.717125893 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.718812943 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.718858957 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:32.758109093 CET8049724104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.758141041 CET8049724104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:32.883536100 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:33.066905022 CET8049724104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:33.196441889 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.413014889 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.452397108 CET8049723104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:37.452505112 CET4972380192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.481183052 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.519494057 CET8049728104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:37.519622087 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.520031929 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.520055056 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:37.557949066 CET8049728104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:37.557951927 CET8049728104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:37.875382900 CET8049728104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:38.008404016 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:38.987215042 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.026962996 CET8049724104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:39.027098894 CET4972480192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.066169024 CET4972980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.104387045 CET8049729104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:39.104484081 CET4972980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.104857922 CET4972980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.104926109 CET4972980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:39.142839909 CET8049729104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:39.142853022 CET8049729104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:39.445570946 CET8049729104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:39.515849113 CET4972980192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:40.670851946 CET4973080192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:40.709124088 CET8049730104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:40.710201979 CET4973080192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:40.710464001 CET4973080192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:40.710514069 CET4973080192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:40.748536110 CET8049730104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:40.748567104 CET8049730104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:41.073745966 CET8049730104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:41.243645906 CET4973080192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.601372957 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.639493942 CET8049728104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:45.639564037 CET4972880192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.685373068 CET4973280192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.725200891 CET8049732104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:45.725409985 CET4973280192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.727435112 CET4973280192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.727569103 CET4973280192.168.2.5104.21.48.50
      Mar 9, 2021 09:20:45.765415907 CET8049732104.21.48.50192.168.2.5
      Mar 9, 2021 09:20:45.765436888 CET8049732104.21.48.50192.168.2.5

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Mar 9, 2021 09:20:02.867178917 CET6173353192.168.2.58.8.8.8
      Mar 9, 2021 09:20:02.923342943 CET53617338.8.8.8192.168.2.5
      Mar 9, 2021 09:20:05.929069042 CET6544753192.168.2.58.8.8.8
      Mar 9, 2021 09:20:05.974905968 CET53654478.8.8.8192.168.2.5
      Mar 9, 2021 09:20:07.875845909 CET5244153192.168.2.58.8.8.8
      Mar 9, 2021 09:20:07.924978971 CET53524418.8.8.8192.168.2.5
      Mar 9, 2021 09:20:09.190464973 CET6217653192.168.2.58.8.8.8
      Mar 9, 2021 09:20:09.238955975 CET53621768.8.8.8192.168.2.5
      Mar 9, 2021 09:20:14.839911938 CET5959653192.168.2.58.8.8.8
      Mar 9, 2021 09:20:14.903729916 CET53595968.8.8.8192.168.2.5
      Mar 9, 2021 09:20:18.657510996 CET6529653192.168.2.58.8.8.8
      Mar 9, 2021 09:20:18.716584921 CET53652968.8.8.8192.168.2.5
      Mar 9, 2021 09:20:19.577488899 CET6318353192.168.2.58.8.8.8
      Mar 9, 2021 09:20:19.626646042 CET53631838.8.8.8192.168.2.5
      Mar 9, 2021 09:20:26.550331116 CET6015153192.168.2.58.8.8.8
      Mar 9, 2021 09:20:26.607656956 CET53601518.8.8.8192.168.2.5
      Mar 9, 2021 09:20:30.605217934 CET5696953192.168.2.58.8.8.8
      Mar 9, 2021 09:20:30.661494017 CET53569698.8.8.8192.168.2.5
      Mar 9, 2021 09:20:32.256839991 CET5516153192.168.2.58.8.8.8
      Mar 9, 2021 09:20:32.311490059 CET53551618.8.8.8192.168.2.5
      Mar 9, 2021 09:20:32.625494957 CET5475753192.168.2.58.8.8.8
      Mar 9, 2021 09:20:32.672703981 CET53547578.8.8.8192.168.2.5
      Mar 9, 2021 09:20:37.103554964 CET4999253192.168.2.58.8.8.8
      Mar 9, 2021 09:20:37.307370901 CET53499928.8.8.8192.168.2.5
      Mar 9, 2021 09:20:37.434144020 CET6007553192.168.2.58.8.8.8
      Mar 9, 2021 09:20:37.480103970 CET53600758.8.8.8192.168.2.5
      Mar 9, 2021 09:20:39.006627083 CET5501653192.168.2.58.8.8.8
      Mar 9, 2021 09:20:39.064270973 CET53550168.8.8.8192.168.2.5
      Mar 9, 2021 09:20:40.607624054 CET6434653192.168.2.58.8.8.8
      Mar 9, 2021 09:20:40.662359953 CET53643468.8.8.8192.168.2.5
      Mar 9, 2021 09:20:44.903255939 CET5712853192.168.2.58.8.8.8
      Mar 9, 2021 09:20:44.949476004 CET53571288.8.8.8192.168.2.5
      Mar 9, 2021 09:20:45.626708031 CET5479153192.168.2.58.8.8.8
      Mar 9, 2021 09:20:45.683645010 CET53547918.8.8.8192.168.2.5
      Mar 9, 2021 09:20:47.902055025 CET5046353192.168.2.58.8.8.8
      Mar 9, 2021 09:20:47.958316088 CET53504638.8.8.8192.168.2.5
      Mar 9, 2021 09:20:49.336298943 CET5039453192.168.2.58.8.8.8
      Mar 9, 2021 09:20:49.390866041 CET53503948.8.8.8192.168.2.5
      Mar 9, 2021 09:20:53.673589945 CET5853053192.168.2.58.8.8.8
      Mar 9, 2021 09:20:53.719696999 CET53585308.8.8.8192.168.2.5
      Mar 9, 2021 09:20:54.471636057 CET5381353192.168.2.58.8.8.8
      Mar 9, 2021 09:20:54.528038979 CET53538138.8.8.8192.168.2.5
      Mar 9, 2021 09:20:55.469770908 CET6373253192.168.2.58.8.8.8
      Mar 9, 2021 09:20:55.527308941 CET53637328.8.8.8192.168.2.5
      Mar 9, 2021 09:20:58.743350983 CET5734453192.168.2.58.8.8.8
      Mar 9, 2021 09:20:58.799052954 CET53573448.8.8.8192.168.2.5
      Mar 9, 2021 09:21:00.637432098 CET5445053192.168.2.58.8.8.8
      Mar 9, 2021 09:21:00.688527107 CET53544508.8.8.8192.168.2.5
      Mar 9, 2021 09:21:02.671098948 CET5926153192.168.2.58.8.8.8
      Mar 9, 2021 09:21:02.725676060 CET53592618.8.8.8192.168.2.5
      Mar 9, 2021 09:21:04.006505013 CET5715153192.168.2.58.8.8.8
      Mar 9, 2021 09:21:04.061182022 CET53571518.8.8.8192.168.2.5
      Mar 9, 2021 09:21:04.686767101 CET5941353192.168.2.58.8.8.8
      Mar 9, 2021 09:21:04.746500015 CET53594138.8.8.8192.168.2.5
      Mar 9, 2021 09:21:08.764111042 CET6051653192.168.2.58.8.8.8
      Mar 9, 2021 09:21:08.821330070 CET53605168.8.8.8192.168.2.5
      Mar 9, 2021 09:21:10.139359951 CET5164953192.168.2.58.8.8.8
      Mar 9, 2021 09:21:10.196490049 CET53516498.8.8.8192.168.2.5
      Mar 9, 2021 09:21:12.700711966 CET6508653192.168.2.58.8.8.8
      Mar 9, 2021 09:21:12.762744904 CET53650868.8.8.8192.168.2.5
      Mar 9, 2021 09:21:13.821084023 CET5643253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:13.877744913 CET53564328.8.8.8192.168.2.5
      Mar 9, 2021 09:21:13.995326996 CET5292953192.168.2.58.8.8.8
      Mar 9, 2021 09:21:14.052035093 CET53529298.8.8.8192.168.2.5
      Mar 9, 2021 09:21:16.551091909 CET6431753192.168.2.58.8.8.8
      Mar 9, 2021 09:21:16.600128889 CET53643178.8.8.8192.168.2.5
      Mar 9, 2021 09:21:17.433542967 CET6100453192.168.2.58.8.8.8
      Mar 9, 2021 09:21:17.483513117 CET53610048.8.8.8192.168.2.5
      Mar 9, 2021 09:21:19.087519884 CET5689553192.168.2.58.8.8.8
      Mar 9, 2021 09:21:19.135160923 CET53568958.8.8.8192.168.2.5
      Mar 9, 2021 09:21:20.522866011 CET6237253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:20.587188005 CET53623728.8.8.8192.168.2.5
      Mar 9, 2021 09:21:21.979372978 CET6151553192.168.2.58.8.8.8
      Mar 9, 2021 09:21:22.036109924 CET53615158.8.8.8192.168.2.5
      Mar 9, 2021 09:21:24.651948929 CET5667553192.168.2.58.8.8.8
      Mar 9, 2021 09:21:24.709096909 CET53566758.8.8.8192.168.2.5
      Mar 9, 2021 09:21:27.676211119 CET5717253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:27.730484962 CET53571728.8.8.8192.168.2.5
      Mar 9, 2021 09:21:28.952229023 CET5526753192.168.2.58.8.8.8
      Mar 9, 2021 09:21:29.003262997 CET53552678.8.8.8192.168.2.5
      Mar 9, 2021 09:21:31.663428068 CET5096953192.168.2.58.8.8.8
      Mar 9, 2021 09:21:31.717844009 CET53509698.8.8.8192.168.2.5
      Mar 9, 2021 09:21:36.215027094 CET6436253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:36.271835089 CET53643628.8.8.8192.168.2.5
      Mar 9, 2021 09:21:37.426369905 CET5476653192.168.2.58.8.8.8
      Mar 9, 2021 09:21:37.472558022 CET53547668.8.8.8192.168.2.5
      Mar 9, 2021 09:21:37.901061058 CET6144653192.168.2.58.8.8.8
      Mar 9, 2021 09:21:37.947179079 CET53614468.8.8.8192.168.2.5
      Mar 9, 2021 09:21:39.341859102 CET5751553192.168.2.58.8.8.8
      Mar 9, 2021 09:21:39.390552998 CET53575158.8.8.8192.168.2.5
      Mar 9, 2021 09:21:41.021374941 CET5819953192.168.2.58.8.8.8
      Mar 9, 2021 09:21:41.070255041 CET53581998.8.8.8192.168.2.5
      Mar 9, 2021 09:21:42.835565090 CET6522153192.168.2.58.8.8.8
      Mar 9, 2021 09:21:42.910744905 CET53652218.8.8.8192.168.2.5
      Mar 9, 2021 09:21:45.776158094 CET6157353192.168.2.58.8.8.8
      Mar 9, 2021 09:21:45.832709074 CET53615738.8.8.8192.168.2.5
      Mar 9, 2021 09:21:45.905293941 CET5656253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:45.959961891 CET53565628.8.8.8192.168.2.5
      Mar 9, 2021 09:21:46.116060972 CET5359153192.168.2.58.8.8.8
      Mar 9, 2021 09:21:46.161994934 CET53535918.8.8.8192.168.2.5
      Mar 9, 2021 09:21:48.488218069 CET5968853192.168.2.58.8.8.8
      Mar 9, 2021 09:21:48.533941984 CET53596888.8.8.8192.168.2.5
      Mar 9, 2021 09:21:49.398040056 CET5603253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:49.446726084 CET53560328.8.8.8192.168.2.5
      Mar 9, 2021 09:21:53.715073109 CET6115053192.168.2.58.8.8.8
      Mar 9, 2021 09:21:53.760977983 CET53611508.8.8.8192.168.2.5
      Mar 9, 2021 09:21:53.993217945 CET6345853192.168.2.58.8.8.8
      Mar 9, 2021 09:21:54.050559044 CET53634588.8.8.8192.168.2.5
      Mar 9, 2021 09:21:54.881251097 CET5042253192.168.2.58.8.8.8
      Mar 9, 2021 09:21:54.930011034 CET53504228.8.8.8192.168.2.5
      Mar 9, 2021 09:21:57.252228975 CET5324753192.168.2.58.8.8.8
      Mar 9, 2021 09:21:57.260003090 CET5854453192.168.2.58.8.8.8
      Mar 9, 2021 09:21:57.298078060 CET53532478.8.8.8192.168.2.5
      Mar 9, 2021 09:21:57.305679083 CET53585448.8.8.8192.168.2.5
      Mar 9, 2021 09:22:01.661578894 CET5381453192.168.2.58.8.8.8
      Mar 9, 2021 09:22:01.707762957 CET53538148.8.8.8192.168.2.5
      Mar 9, 2021 09:22:03.074649096 CET5130553192.168.2.58.8.8.8
      Mar 9, 2021 09:22:03.133946896 CET53513058.8.8.8192.168.2.5
      Mar 9, 2021 09:22:04.557732105 CET5367053192.168.2.58.8.8.8
      Mar 9, 2021 09:22:04.606555939 CET53536708.8.8.8192.168.2.5
      Mar 9, 2021 09:22:05.360167027 CET5516053192.168.2.58.8.8.8
      Mar 9, 2021 09:22:05.419420958 CET53551608.8.8.8192.168.2.5
      Mar 9, 2021 09:22:09.846214056 CET6141453192.168.2.58.8.8.8
      Mar 9, 2021 09:22:09.902715921 CET53614148.8.8.8192.168.2.5
      Mar 9, 2021 09:22:11.664372921 CET6384753192.168.2.58.8.8.8
      Mar 9, 2021 09:22:11.721760988 CET53638478.8.8.8192.168.2.5
      Mar 9, 2021 09:22:58.385030031 CET6152353192.168.2.58.8.8.8
      Mar 9, 2021 09:22:58.496015072 CET53615238.8.8.8192.168.2.5
      Mar 9, 2021 09:23:02.057784081 CET5055153192.168.2.58.8.8.8
      Mar 9, 2021 09:23:02.125286102 CET53505518.8.8.8192.168.2.5

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Mar 9, 2021 09:20:14.839911938 CET192.168.2.58.8.8.80x8f4aStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:18.657510996 CET192.168.2.58.8.8.80x543aStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:26.550331116 CET192.168.2.58.8.8.80x1b78Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.256839991 CET192.168.2.58.8.8.80xaab7Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.625494957 CET192.168.2.58.8.8.80xcd01Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:37.434144020 CET192.168.2.58.8.8.80xd39Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:39.006627083 CET192.168.2.58.8.8.80xd2ffStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:40.607624054 CET192.168.2.58.8.8.80x9110Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:45.626708031 CET192.168.2.58.8.8.80xdb6Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:47.902055025 CET192.168.2.58.8.8.80x49b8Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:49.336298943 CET192.168.2.58.8.8.80x79f8Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:53.673589945 CET192.168.2.58.8.8.80xa42aStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:54.471636057 CET192.168.2.58.8.8.80xd48Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:20:55.469770908 CET192.168.2.58.8.8.80x221fStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:00.637432098 CET192.168.2.58.8.8.80x32e3Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:02.671098948 CET192.168.2.58.8.8.80xd0fcStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.006505013 CET192.168.2.58.8.8.80xe317Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.686767101 CET192.168.2.58.8.8.80x57a1Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:08.764111042 CET192.168.2.58.8.8.80x3cfStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:10.139359951 CET192.168.2.58.8.8.80xa9cfStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:12.700711966 CET192.168.2.58.8.8.80xee15Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:13.995326996 CET192.168.2.58.8.8.80xe46fStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:17.433542967 CET192.168.2.58.8.8.80x87a6Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:19.087519884 CET192.168.2.58.8.8.80x973dStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:21.979372978 CET192.168.2.58.8.8.80x1b57Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:24.651948929 CET192.168.2.58.8.8.80x95ebStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:27.676211119 CET192.168.2.58.8.8.80x9448Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:28.952229023 CET192.168.2.58.8.8.80x575Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:31.663428068 CET192.168.2.58.8.8.80xd703Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:36.215027094 CET192.168.2.58.8.8.80x9c80Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.426369905 CET192.168.2.58.8.8.80xeedfStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.901061058 CET192.168.2.58.8.8.80x8e53Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:41.021374941 CET192.168.2.58.8.8.80xa6e8Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.776158094 CET192.168.2.58.8.8.80x6463Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.905293941 CET192.168.2.58.8.8.80x368aStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:46.116060972 CET192.168.2.58.8.8.80x3935Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:49.398040056 CET192.168.2.58.8.8.80xc72fStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:53.715073109 CET192.168.2.58.8.8.80x6cb7Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:53.993217945 CET192.168.2.58.8.8.80x6d1eStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:54.881251097 CET192.168.2.58.8.8.80xab1eStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:21:57.252228975 CET192.168.2.58.8.8.80xd60fStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:01.661578894 CET192.168.2.58.8.8.80x53adStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:03.074649096 CET192.168.2.58.8.8.80x80e9Standard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:04.557732105 CET192.168.2.58.8.8.80xe9dfStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:05.360167027 CET192.168.2.58.8.8.80xb3bcStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:09.846214056 CET192.168.2.58.8.8.80x941cStandard query (0)adsclickboost.comA (IP address)IN (0x0001)
      Mar 9, 2021 09:22:11.664372921 CET192.168.2.58.8.8.80xa261Standard query (0)adsclickboost.comA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Mar 9, 2021 09:20:14.903729916 CET8.8.8.8192.168.2.50x8f4aNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:14.903729916 CET8.8.8.8192.168.2.50x8f4aNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:18.716584921 CET8.8.8.8192.168.2.50x543aNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:18.716584921 CET8.8.8.8192.168.2.50x543aNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:26.607656956 CET8.8.8.8192.168.2.50x1b78No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:26.607656956 CET8.8.8.8192.168.2.50x1b78No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.311490059 CET8.8.8.8192.168.2.50xaab7No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.311490059 CET8.8.8.8192.168.2.50xaab7No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.672703981 CET8.8.8.8192.168.2.50xcd01No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:32.672703981 CET8.8.8.8192.168.2.50xcd01No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:37.480103970 CET8.8.8.8192.168.2.50xd39No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:37.480103970 CET8.8.8.8192.168.2.50xd39No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:39.064270973 CET8.8.8.8192.168.2.50xd2ffNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:39.064270973 CET8.8.8.8192.168.2.50xd2ffNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:40.662359953 CET8.8.8.8192.168.2.50x9110No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:40.662359953 CET8.8.8.8192.168.2.50x9110No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:45.683645010 CET8.8.8.8192.168.2.50xdb6No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:45.683645010 CET8.8.8.8192.168.2.50xdb6No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:47.958316088 CET8.8.8.8192.168.2.50x49b8No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:47.958316088 CET8.8.8.8192.168.2.50x49b8No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:49.390866041 CET8.8.8.8192.168.2.50x79f8No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:49.390866041 CET8.8.8.8192.168.2.50x79f8No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:53.719696999 CET8.8.8.8192.168.2.50xa42aNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:53.719696999 CET8.8.8.8192.168.2.50xa42aNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:54.528038979 CET8.8.8.8192.168.2.50xd48No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:54.528038979 CET8.8.8.8192.168.2.50xd48No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:55.527308941 CET8.8.8.8192.168.2.50x221fNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:20:55.527308941 CET8.8.8.8192.168.2.50x221fNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:00.688527107 CET8.8.8.8192.168.2.50x32e3No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:00.688527107 CET8.8.8.8192.168.2.50x32e3No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:02.725676060 CET8.8.8.8192.168.2.50xd0fcNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:02.725676060 CET8.8.8.8192.168.2.50xd0fcNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.061182022 CET8.8.8.8192.168.2.50xe317No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.061182022 CET8.8.8.8192.168.2.50xe317No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.746500015 CET8.8.8.8192.168.2.50x57a1No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:04.746500015 CET8.8.8.8192.168.2.50x57a1No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:08.821330070 CET8.8.8.8192.168.2.50x3cfNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:08.821330070 CET8.8.8.8192.168.2.50x3cfNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:10.196490049 CET8.8.8.8192.168.2.50xa9cfNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:10.196490049 CET8.8.8.8192.168.2.50xa9cfNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:12.762744904 CET8.8.8.8192.168.2.50xee15No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:12.762744904 CET8.8.8.8192.168.2.50xee15No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:14.052035093 CET8.8.8.8192.168.2.50xe46fNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:14.052035093 CET8.8.8.8192.168.2.50xe46fNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:17.483513117 CET8.8.8.8192.168.2.50x87a6No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:17.483513117 CET8.8.8.8192.168.2.50x87a6No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:19.135160923 CET8.8.8.8192.168.2.50x973dNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:19.135160923 CET8.8.8.8192.168.2.50x973dNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:22.036109924 CET8.8.8.8192.168.2.50x1b57No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:22.036109924 CET8.8.8.8192.168.2.50x1b57No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:24.709096909 CET8.8.8.8192.168.2.50x95ebNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:24.709096909 CET8.8.8.8192.168.2.50x95ebNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:27.730484962 CET8.8.8.8192.168.2.50x9448No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:27.730484962 CET8.8.8.8192.168.2.50x9448No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:29.003262997 CET8.8.8.8192.168.2.50x575No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:29.003262997 CET8.8.8.8192.168.2.50x575No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:31.717844009 CET8.8.8.8192.168.2.50xd703No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:31.717844009 CET8.8.8.8192.168.2.50xd703No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:36.271835089 CET8.8.8.8192.168.2.50x9c80No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:36.271835089 CET8.8.8.8192.168.2.50x9c80No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.472558022 CET8.8.8.8192.168.2.50xeedfNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.472558022 CET8.8.8.8192.168.2.50xeedfNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.947179079 CET8.8.8.8192.168.2.50x8e53No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:37.947179079 CET8.8.8.8192.168.2.50x8e53No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:41.070255041 CET8.8.8.8192.168.2.50xa6e8No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:41.070255041 CET8.8.8.8192.168.2.50xa6e8No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.832709074 CET8.8.8.8192.168.2.50x6463No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.832709074 CET8.8.8.8192.168.2.50x6463No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.959961891 CET8.8.8.8192.168.2.50x368aNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:45.959961891 CET8.8.8.8192.168.2.50x368aNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:46.161994934 CET8.8.8.8192.168.2.50x3935No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:46.161994934 CET8.8.8.8192.168.2.50x3935No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:49.446726084 CET8.8.8.8192.168.2.50xc72fNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:49.446726084 CET8.8.8.8192.168.2.50xc72fNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:53.760977983 CET8.8.8.8192.168.2.50x6cb7No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:53.760977983 CET8.8.8.8192.168.2.50x6cb7No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:54.050559044 CET8.8.8.8192.168.2.50x6d1eNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:54.050559044 CET8.8.8.8192.168.2.50x6d1eNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:54.930011034 CET8.8.8.8192.168.2.50xab1eNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:54.930011034 CET8.8.8.8192.168.2.50xab1eNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:57.298078060 CET8.8.8.8192.168.2.50xd60fNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:21:57.298078060 CET8.8.8.8192.168.2.50xd60fNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:01.707762957 CET8.8.8.8192.168.2.50x53adNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:01.707762957 CET8.8.8.8192.168.2.50x53adNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:03.133946896 CET8.8.8.8192.168.2.50x80e9No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:03.133946896 CET8.8.8.8192.168.2.50x80e9No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:04.606555939 CET8.8.8.8192.168.2.50xe9dfNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:04.606555939 CET8.8.8.8192.168.2.50xe9dfNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:05.419420958 CET8.8.8.8192.168.2.50xb3bcNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:05.419420958 CET8.8.8.8192.168.2.50xb3bcNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:09.902715921 CET8.8.8.8192.168.2.50x941cNo error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:09.902715921 CET8.8.8.8192.168.2.50x941cNo error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:11.721760988 CET8.8.8.8192.168.2.50xa261No error (0)adsclickboost.com104.21.48.50A (IP address)IN (0x0001)
      Mar 9, 2021 09:22:11.721760988 CET8.8.8.8192.168.2.50xa261No error (0)adsclickboost.com172.67.178.142A (IP address)IN (0x0001)

      HTTP Request Dependency Graph

      • adsclickboost.com

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination PortProcess
      0192.168.2.549716104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:14.951766968 CET1060OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 20
      Host: adsclickboost.com
      Mar 9, 2021 09:20:15.295753002 CET1061INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:15 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d60d4ecb06216c884aaf035345f2c5bbb1615278014; expires=Thu, 08-Apr-21 08:20:14 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ab9a0500001f1d89a56000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hevf8twq4WW0KBlq8Fhw8Y6yH2dQ3QYegFPWXbTGELu7w5UT1iWGcBn6Hsf2XvoXMaq3QxuzZiKGs7ydriLZHArOSQGrvrS%2FvPCpZHLUbzue7g%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e209ac611f1d-FRA
      Data Raw: 62 0d 0a 30 30 7c 43 37 53 33 4b 36 4e 30 0d 0a
      Data Ascii: b00|C7S3K6N0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      1192.168.2.549717172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:18.768830061 CET1067OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:19.146580935 CET1072INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:19 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d4dbeffb051f07be5dc87a1f07166cd161615278018; expires=Thu, 08-Apr-21 08:20:18 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7aba8f4000054464326c000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kt6o3Nm%2F%2B4Mx4NQSRyvrmNcLI3l6lI%2F9rm%2BDLwiVYcUuvkwU529svpPVLsmIV03G71Czws3cOJCcZzZ0Qda5cT2yBTexY5rwlq5yvbkgNbSGJw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e22188155446-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      10192.168.2.549734104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:49.431641102 CET1190OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:49.783247948 CET1191INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:49 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=df64d2721d78fc4d7e1dd6190dfa384381615278049; expires=Thu, 08-Apr-21 08:20:49 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac20b600002b3570943000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HfSw4VobaXpzBUrqRsVOgnjIqoYTDAmmZbjZGgjEZNsWmT3UNddrGgkByx8BuB43twOKLH0MZewrZBTmg1csTcYWUmEo0EYzBCRNg689TuX9Uw%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e2e12edc2b35-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      11192.168.2.549735104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:53.764487028 CET1192OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:54.101183891 CET1193INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:54 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d716f7b4dfd5975d572d24fc544a668191615278053; expires=Thu, 08-Apr-21 08:20:53 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac31a200004e4a09216000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sEGO0i0UrPpWOX5RHAvVHnA6DdooaPSCcCjpJoyvnLegLDr8PQwRGtLb2EvjXNr8BLr2cvRQvax6OlYt7r5GbYKFAjoJU020jbw6Uk5e5PcS1A%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e2fc3cfc4e4a-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      12192.168.2.549736172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:54.598642111 CET1194OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:54.956355095 CET1195INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:54 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d2a95bc5e7dc0b182421b892841d8a99c1615278054; expires=Thu, 08-Apr-21 08:20:54 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac34e9000000857c9fe000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vljWrpHlVai4GdGxgyzAGJjCYh431QYLz26DMzuV0xJBrUrvv%2BAa9kRqhTk1ODBzZBofokGb3m2tQ73wvUrX53BGHg1FJmf%2B3HqeqRMsfqBNhg%3D%3D"}],"max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e30179df0085-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0
      Mar 9, 2021 09:20:55.207986116 CET1196INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:54 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d2a95bc5e7dc0b182421b892841d8a99c1615278054; expires=Thu, 08-Apr-21 08:20:54 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac34e9000000857c9fe000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vljWrpHlVai4GdGxgyzAGJjCYh431QYLz26DMzuV0xJBrUrvv%2BAa9kRqhTk1ODBzZBofokGb3m2tQ73wvUrX53BGHg1FJmf%2B3HqeqRMsfqBNhg%3D%3D"}],"max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e30179df0085-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      13192.168.2.549737104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:55.570003033 CET1197OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:55.909006119 CET1198INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:55 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d064c1ed35783abc2ee536a29ed14457c1615278055; expires=Thu, 08-Apr-21 08:20:55 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac38af00000601b5091000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D%2BipJ2xxld9ePP7ARKyeSefoprPba6KJCC21qY5gab%2FaylaxzXYYMPF41hNJHKPfl220ZWJFz4z4XBfpLe6br4KLetI3i6lWs6g9aOeP8A0p4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e3077d2a0601-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      14192.168.2.549739104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:00.729496002 CET1208OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:01.085912943 CET1209INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:01 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d123a412b7bf2a2f10c0b8637b3fb8a331615278060; expires=Thu, 08-Apr-21 08:21:00 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac4cd7000018e50a9b3000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zw0s3ulESIbXx7GwxBwD4QnhLVaymzTDr577GDOnl3AWcJSVta5ZQ9jF0YNMpaW3SWjBOGdSgCfyamjiVx33pdvS1Kn0SSxMms2bqhtbans7Ig%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e327bc4318e5-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      15192.168.2.549740104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:02.765944004 CET1210OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:03.102153063 CET1218INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:03 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d6496badc2bb95f1282d35d9a9323893e1615278062; expires=Thu, 08-Apr-21 08:21:02 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac54cb000006103f2fa000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q9DHPgVXGAlu40aUBm9FqACg9wKsfU8cXWX5EkSoHux9JYJ%2F%2FdhOnBsYD0oX5BBH%2FNDojimOx%2Bh8W%2BrM85hZphv%2B%2BC497GMPhg2bKLCAJzKmdQ%3D%3D"}]}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e3347f3f0610-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      16192.168.2.549741104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:04.101386070 CET1252OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:04.446127892 CET1253INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:04 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dcf1daf095a040f413b5bd90f2cb802c11615278064; expires=Thu, 08-Apr-21 08:21:04 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac5a03000005d8480f2000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tn8R9w3UfFAZcM4Nrfiwpv9GNCaRqSD5HmeJXb8tdisYh6BT5uvcbRkuNbBh6LJb2UoJa9%2BaUjtl7IpMQ2drMbC5prY83hE5ZEqGbimc5YmUOA%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e33cdda805d8-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      17192.168.2.549742104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:04.786616087 CET1254OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:05.136694908 CET1255INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:05 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=da9c22147d428d90fbf1c363a487a3ba51615278064; expires=Thu, 08-Apr-21 08:21:04 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac5cb00000d7256fbb0000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y0X%2BK1R7re1W733ZNSo5DEwlGne2dnbb5GCEdXi85XVMZyiBJqXgWe%2FGITkuSgVHdmngocSBb1TiF3v9wH7Atyugn8WE6awWGTEqoumgiVHjhg%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e3411b4ad725-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      18192.168.2.549743104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:08.865406036 CET1256OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:09.235137939 CET1257INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:09 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dd9772a0ddd00034c39be7dcf5db81cea1615278068; expires=Thu, 08-Apr-21 08:21:08 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac6c9f000064af073aa000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XufYXA3Sr9zVNUR%2BqkUByNjL4puAwvd34JRkqYmRWMerqjhcS%2FPBMoyeTOc8qg3nTQ7%2BQ%2BELHZ4q6zREzR19L1QORSyowOLVlVBlNck740oYPw%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e35a9eaa64af-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      19192.168.2.549744104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:10.236613989 CET1258OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:10.601907015 CET1259INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:10 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dae97723e1abe41dd19a7f87116e19ead1615278070; expires=Thu, 08-Apr-21 08:21:10 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac71fa00004abc7ea5f000000001
      Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2ZAIvz%2BsX25AGebYVD%2Fhe0jnVZ%2FY7DLW%2BLDUx%2BNYQ3rJBdKq1J%2BPZy7U07YRjDOfxvLPCcdVY7KT5y%2B1IIQHI7sOlnYjjlziJJbUaHfMxxOkNg%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e3632a944abc-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      2192.168.2.549719104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:26.649158001 CET1088OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:26.991022110 CET1089INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:26 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=ded96b5798202747761958401407d296e1615278026; expires=Thu, 08-Apr-21 08:20:26 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abc7b900004ddc1a128000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3KiGqZYuPLUGt8m8r2R5bphsb5908cVM5fTWrJuF9Kz5RwjzAaKMah9rS1BAg3M0xf9puCFaRvLoAt%2BV2fQsmxCDD10PYXhmToQy1CkKIQRISw%3D%3D"}]}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e252ce164ddc-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0
      Mar 9, 2021 09:20:27.232168913 CET1090INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:26 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=ded96b5798202747761958401407d296e1615278026; expires=Thu, 08-Apr-21 08:20:26 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abc7b900004ddc1a128000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3KiGqZYuPLUGt8m8r2R5bphsb5908cVM5fTWrJuF9Kz5RwjzAaKMah9rS1BAg3M0xf9puCFaRvLoAt%2BV2fQsmxCDD10PYXhmToQy1CkKIQRISw%3D%3D"}]}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e252ce164ddc-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      20192.168.2.549745104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:12.802946091 CET1260OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:13.158740997 CET1261INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:13 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d104207a2244d65213f2c2145505be9001615278072; expires=Thu, 08-Apr-21 08:21:12 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac7c01000064791e809000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aphFCQHxqA7Sm4MQQbyswm2R2Oup%2FsclM1%2BfOwb4%2B4fJcp6N2ozmvekNcar4l1fp0wJZ247N6OHqBEyZclsxmN1TtW7C9kDvZgiU0g7fQ3cE8w%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e37338f56479-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      21192.168.2.549751172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:14.123565912 CET1263OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:14.483556032 CET1279INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:14 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d3abf821184cb8c387a568d439bbe61ea1615278074; expires=Thu, 08-Apr-21 08:21:14 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac812e000006e975316000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xPhw522p7Ct58KhZArmTwUhBRl2WW1CsbcLmydxC9L2PCVLR%2BYnSQcHlFKjP7dH1x1%2Bx2WQ7cot%2BJ%2Bh05WgLpe0P1al1nEwL05H%2BmiB3Y3TK5w%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e37b7f4d06e9-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      22192.168.2.549753104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:17.523437023 CET4252OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:17.876846075 CET4253INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:17 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d50470ce72f831a23ae4089d1a6d4e3411615278077; expires=Thu, 08-Apr-21 08:21:17 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac8e700000d7118095e000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rAJCTPyt8hiGqvhxD59wN%2B1UVwdUU9JEoaPoa0nxK4YaYuY61n43UQOot1qVIanpI1MEC3kv%2B0n9HvGWzkUobXLhnC0Jej3Qo3zPhGVoNo2IKg%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e390bfe5d711-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      23192.168.2.549754104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:19.194303989 CET4254OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:19.558442116 CET4255INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:19 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d5f532974b72ded911fe743e0df34c2f31615278079; expires=Thu, 08-Apr-21 08:21:19 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac94f700004e1922933000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H2%2Fx%2BuojPvrpA72NH%2BYBXFnshLStc5F2t7kY0FMPSt5dplAIXljc7dqZmCWrF5YEnwZEqdNpqCOUnh5apu4M0A5QQpPKc2Yn6maqSke%2BE2vMZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e39b2dfe4e19-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      24192.168.2.549756104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:22.077797890 CET4857OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:22.417890072 CET4861INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:22 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dc4dfce3cf0bff048bb1d6777ebd9591d1615278082; expires=Thu, 08-Apr-21 08:21:22 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7aca03b00000ea7a9801000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sBqJv0klTRpwpStctL6oHhT9cbnFsXXw3ujYKlWu2%2B0p%2Fk9O%2FfVIGqN4ZKzJwIVqitqLomdFIj1ysa%2BIc5bXHgxmYccUE%2F1x4Nh5MBYtHgVdrA%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e3ad2d450ea7-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      25192.168.2.549757104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:24.751147985 CET4872OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:25.095045090 CET4873INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:25 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d27c8de2e224bf1970991fcd2292e3c361615278084; expires=Thu, 08-Apr-21 08:21:24 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acaaae0000d7250cb96000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J%2Bf%2FB6MJF2PObJPJMmCUZPoGVuG8slE7%2F6ZejrIe9lDBWNdT98%2BNj82iITdJF0LRxsRH1DZ86wcIAAGSseqO94Urz1qIKNjRS2OaxMeMUX4A0A%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e3bdef8ed725-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      26192.168.2.549758172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:27.789314032 CET4874OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:28.152148008 CET4875INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:28 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d809beb21cff36cc5317e22952377cf171615278087; expires=Thu, 08-Apr-21 08:21:27 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acb693000006e5753fe000000001
      Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aFOwFsSTW9tEjDspeaPPnm1lFB3x8%2BC%2FLWdtGUhKKPFigyy2Jcgg1Ag9QsTB%2BTBbvjoEuLf1c%2BjFgQQK6ErQ9Zl1Jx4Eum7C%2FN2W8Bgwzcr%2Bsg%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e3d0e93d06e5-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      27192.168.2.549759172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:29.056694984 CET4876OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:29.415699005 CET4877INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:29 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d44ffcdba31f773c8b357bc2aaa0c7afc1615278089; expires=Thu, 08-Apr-21 08:21:29 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acbb8500000026e1982000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DxaFxmIZ6MaE8%2F47%2BmAFUF%2FpAQioTCCy1IdN8fFGeFhGlW8e4W6Qt10qeNwAH4fhFwBUTJ%2FDR33BbGkuF2H6qlEuzzsKdL1sVhEp71u1eVd4ww%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e3d8d9f40026-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      28192.168.2.549760104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:31.758948088 CET4878OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:32.117027044 CET4879INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:32 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d82cf29173cc45ae038c76bb0e4ba32351615278091; expires=Thu, 08-Apr-21 08:21:31 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acc60c00004a5c722f0000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7yWOYsn7TR0UsUdtjrbUQvisYCcRwuOZgihWVgHJ0kuSF8QLQ6KaRD3zRN9Iq%2FJpGwD3S1WUHfI%2B8nHVy9nymvOYbVf6qahaCvVbBTuA5%2FopCQ%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e3e9ab854a5c-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      29192.168.2.549761104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:36.312733889 CET4880OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:36.664208889 CET4881INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:36 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d451882c7c8bd840d1e68d3f0a114d6a91615278096; expires=Thu, 08-Apr-21 08:21:36 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acd7d600004a6df2932000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N8mcLp%2FGTMJ0Karh6ak3S%2F3lWyMnK%2B2kAIS0V9W3B%2F0asuyargvUDN9PEOT9oNVIAFU5WhnDA3%2FLvY%2BSru1dbtu9N3opPgTb%2BURQewmIchRNVA%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e406299a4a6d-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      3192.168.2.549723104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:32.358911037 CET1100OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:32.690907001 CET1101INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:32 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=ded21e4f05b71a168568179c8a11d345f1615278032; expires=Thu, 08-Apr-21 08:20:32 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abde0500002b29cfb1c000000001
      Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ENwrwxHSOoRw7jWXSWfaWEJS6u6057%2FEvZ2s10LtTfbvhdAEBCtpZU8ufQKKWg5PXpJD%2Ft11GhE2TsfHjOKmMzffcU1LErO5WNKb6csLoAu2gw%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e2766c6c2b29-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      30192.168.2.549762104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:37.513902903 CET4882OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:37.867126942 CET4883INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:37 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d5660fa4f332d365999c40f21c12160111615278097; expires=Thu, 08-Apr-21 08:21:37 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acdc8700004eeb72a46000000001
      Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cnPeYNSL1UKSYO4lKAiS5HTAE1Hd6dFiNRS6SOkfC13fLCW6Qbrz0097CTSaeSo3jBuOBDGQmAdpxO1Ni23gA9y2MAxWX%2B8W2D2ZOCoRRcvYyw%3D%3D"}],"group":"cf-nel"}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e40daaa64eeb-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      31192.168.2.549763104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:37.989856958 CET4884OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:38.325104952 CET4884INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:38 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=df0290939799604635236841dd2ef79f51615278098; expires=Thu, 08-Apr-21 08:21:38 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acde6400004ec17688c000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aCSXYwZxC0SgRQbUYTpAZFIFWsP8REYWSAEE537liW%2BHhtzcTQ966lIrokdUdYixznKKtonQZJHJd1pgAyBIyCktVWRFqjSZ%2Fir3ytkSVfNX7w%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e410acd84ec1-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      32192.168.2.549765104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:41.110680103 CET4894OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:41.461693048 CET4895INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:41 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d33f93fb595301a952227703b7d1e1add1615278101; expires=Thu, 08-Apr-21 08:21:41 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acea94000016ee7826a000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tSaDzQzPxm35sBR2makps%2BzT8%2BEbnxXdI3pWoeNyr4QX%2FH8uCoR%2FDYQs4gveFTYtdyEtxialgAt0loyA9zsXuHVUbDtzHja%2F2zWHnh24xvPpeg%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e42428fd16ee-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      33192.168.2.549767104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:45.873584986 CET4905OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:46.210813999 CET4910INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:46 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d1fbe26194ced9c0e47d4c5c8209fc3721615278105; expires=Thu, 08-Apr-21 08:21:45 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acfd2f00004ac82f18a000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lxKNU31a49p1AVfV%2BheXA6%2B8UuEwCtK4DIWhGvzxpqEGJj7q2Qtz1WlrG9lE%2FBJ7xh8BF6OwXW0WaYza3PYZtZkEGVh19vngyM54zM5erymsng%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e441eb764ac8-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      34192.168.2.549768172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:46.011737108 CET4907OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:46.367882013 CET4910INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:46 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d8a1bb120c611d5ae7e617ec6cf1492411615278106; expires=Thu, 08-Apr-21 08:21:46 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acfdbf0000406604b31000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Fw%2Fd6L9i7mZuFvAi5YE1RQtc6bD1%2B2GHdhiitCMTrwETN1UBiAnmnoh8YgCZklD9EpW8eEEXVaUIdPv5wAIhd%2FJbw5oyMF1hkMrxgeofFlBSLA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e442ccd94066-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      35192.168.2.549769104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:46.203630924 CET4909OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:46.554378033 CET4911INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:46 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d1cb7fa1b6640670879a607aa626332401615278106; expires=Thu, 08-Apr-21 08:21:46 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7acfe79000005f55d2c1000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4ct4ixDk1TmmLfkoOCt2PNHVGkPZCpV0cFYONjzqJGKggNTWf88mMFNXqcTrw5Pgv0%2BwZB6Y1Ner2L3qf1BAaIxUejqJZk4s2fuYkI9wS9iM%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e443fd3305f5-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      36192.168.2.549771104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:49.487282038 CET4913OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:49.934945107 CET4914INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:49 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=de99ee4098b20f73f2628b35f012e2fa41615278109; expires=Thu, 08-Apr-21 08:21:49 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad0b4e00003128e538b000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FKOQ1X3UZM4ft%2FY6bpsu8xjpIBOdV8aYO0Q%2B2wA%2Fh4RaK9lSAxvidOlZ2k8Wq8%2B6cHy5wwEz4aL3ebIAuyIUTvuVT7Ff3IuyZBN%2BwLysRb8IIA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e4587eed3128-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      37192.168.2.549772172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:53.811467886 CET4920OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:54.155836105 CET4922INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:54 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d49f78609062c47b52437fec22936d4931615278113; expires=Thu, 08-Apr-21 08:21:53 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad1c360000541b8a9d0000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MPBvFzltX3LE%2BU59%2BRs8w9VEWKc0cuTsE%2F0dYsD8Txgu4j3IfKJfGkmP%2BaafDP1TR%2Fn%2BwSv%2B5T0Tf2J227mM8acpFcPLn8xXElmml230N5Kiyg%3D%3D"}]}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4738ef7541b-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      38192.168.2.549773172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:54.103319883 CET4921OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:54.451872110 CET4923INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:54 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dfbb44a62292897171ea6899acc5815691615278114; expires=Thu, 08-Apr-21 08:21:54 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad1d5c000053a4d39d2000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ShRmD43XZRcdYLsgcogI4l6TaiA0qPH%2F6kAN7RG1yc2xrFQCHmQrrgoES1sVayNEqSkfw683vwte27ihJC2RbYXT%2FpMlL6FxB8YDPKaaIZLj6A%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e475681553a4-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      39192.168.2.549774104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:54.970089912 CET4924OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:55.307497978 CET4927INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:55 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d68f728e592757a4d9da5eb938354b1a91615278115; expires=Thu, 08-Apr-21 08:21:55 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad20b70000645b3825f000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oNcaJLQ6XmJUqFPjslC0%2FybtYT%2BJaEupqqELFDBoLqaOhIxJzWu4UpeEBnPuxZTdiG427F%2Bb9Kvzm9PDsw8htsjK5EHeMK8fr49CKXw3a%2BY%2BNw%3D%3D"}]}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e47abffd645b-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      4192.168.2.549724104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:32.718812943 CET1102OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:33.066905022 CET1103INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:33 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d6139efa6ea60c84ad6ced738ddc376931615278032; expires=Thu, 08-Apr-21 08:20:32 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abdf6d00004e5b65046000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=y537lV6xGPBuTLuHRbfEc5JMMi0hgPw4ZbDq1iDEyEUzppMXyBACHJ6MdHl3zNeW8ca%2BTbMZ9q%2FZfvWHhGG0QomL8FXtD3gPFqBT83GKV4qbbA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e278ad824e5b-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      40192.168.2.549775104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:21:57.338397980 CET4932OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:21:57.675682068 CET4938INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:21:57 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d419da13eb0e198aad7dec1e2e87cc0691615278117; expires=Thu, 08-Apr-21 08:21:57 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad29f700004e79ff148000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6YfGzJSqy5bWfAX%2F2sqrJSV4xbkSPUB0Izvxz4rnNzKr2%2BUt0w8lRGxyiLh0bbwbq5M6FlbZOM%2Fp6lCgAVlSswRZCZKFCbVNlrHhnbq0C4X6Ig%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4898d024e79-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      41192.168.2.549777104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:01.750751019 CET4946OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:02.087807894 CET4947INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:02 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d20ee85a3f0955d30212990d14ce0feb21615278121; expires=Thu, 08-Apr-21 08:22:01 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad3b3400004e4f50005000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jjVDuANi30GJeji2FpaNukno5MyXN0tczdsUTNAW3b1F2Mvb2SCyV24YFLojnyneqJ1FVW4FXHDXpQbv9y2ylOW%2FY%2BHH%2FMZYfa6wR0SuoViOZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e4a52fa44e4f-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      42192.168.2.549778104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:03.173662901 CET4948OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:03.508982897 CET4949INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:03 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d590919ae69f6ba3d37b43913f390bc501615278123; expires=Thu, 08-Apr-21 08:22:03 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad40c300004a55df2fb000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P8mDPB9xIOyk8NtoMsOWghJjZRzlZvhSUff4xBIY2KtFOt5e85%2BNbfJzd%2BOVRPSvIitDkRABd2aQsAHsgBxsMf7Zx2Swed99OGm4LAtcSxLroQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4ae0f714a55-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      43192.168.2.549779104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:04.654583931 CET4950OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:04.984672070 CET4951INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:04 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d5f39ea1da4a77c26c45db87b473883d71615278124; expires=Thu, 08-Apr-21 08:22:04 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad468b00004dfaca249000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=49LZ4wwfO72VxfSYazETIhDu0QfyoI2GWfejrLXvg8yt%2BB5sEnzO0%2BCViE3WYZpqMtLb2teW%2BDsefNFrbj1rHmAq398cP1SF34ZBbJNLbWDQOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4b74ee74dfa-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      44192.168.2.549780172.67.178.14280C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:05.474257946 CET4952OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:05.823224068 CET4953INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:05 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dbfebe049e4003a40d5a900f5dec544d91615278125; expires=Thu, 08-Apr-21 08:22:05 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad49c7000006e99316f000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qjwURkbPrvd%2FkSVuTUmrN3ZLF2eYW7FCPTNOKuVZ%2BWjD11z3GpqcTPy6LTKSqi3cpt2Egzgyg9SJCQ8edPBsHrORQli%2FjmcA%2FQIiyOV8VZMUXA%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4bc7c8206e9-LHR
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      45192.168.2.549781104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:09.945657969 CET4954OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:10.288165092 CET4955INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:10 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d3010089c9cf5f716c8cf69d70b70d3ed1615278129; expires=Thu, 08-Apr-21 08:22:09 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad5b380000062ddaa59000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ae0lVC3ohdj%2B%2BVQWh2Lp4mIDqU1olcMRTffwzIe66ZCktRnSyeyjFuipqq60Y7TLcTqpRPqLqbogUDVqExlzZxTsv0trWa28qVUAiPquD6tFFA%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e4d85e26062d-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      46192.168.2.549782104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:22:11.762434006 CET4956OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:22:12.098731041 CET4957INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:22:12 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dbeadbf9a0b7e47baa693407c3598bbc21615278131; expires=Thu, 08-Apr-21 08:22:11 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ad624f00004e742d3bc000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pHlx29xXOfuYrznTuQ49ZOp3bt5WHiT4KsU9TkJZI4Xr4BQbo%2BKOC7IUelTV81T1sWL9Ql1TITL4lWdadiAw0QAjyB2v3lnDG3gypLdZWErxzw%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e4e3bc3b4e74-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      5192.168.2.549728104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:37.520031929 CET1155OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:37.875382900 CET1158INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:37 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=dd09bdefb9270bb83b0f326f2033735881615278037; expires=Thu, 08-Apr-21 08:20:37 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abf22d0000324cf00d2000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fWOjUUYV%2BIqWm%2BqRCTF1ePYLeKvD9bBDPU1SVD83w%2BXcVwN8nzIiKX9piJBW9to%2FT6iNBhR9Y4rkIQcpEH4XJAL%2Bns0BW%2FBzFBpROl7Ed3tR4g%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e296aefa324c-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      6192.168.2.549729104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:39.104857922 CET1170OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:39.445570946 CET1171INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:39 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d250f31ec1bc0418e8504ebd3cbe278c51615278039; expires=Thu, 08-Apr-21 08:20:39 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abf85e00001f2d0ca96000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DQuMCFUqHwK1tx3H7wcid%2B7SNXWs9j8ChCqGUNuql2QLEgbj1h%2BZwo5kwgHwPlyiFe7ncZjk0BNPWsXFFGGYumG%2B81m8Q8GvzIOAeOuBWm96sg%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 62d2e2a09c1d1f2d-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      7192.168.2.549730104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:40.710464001 CET1172OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:41.073745966 CET1173INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:41 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d2a352925754eb6312609243124810d0a1615278040; expires=Thu, 08-Apr-21 08:20:40 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7abfea400002c192d880000000001
      Report-To: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OHEFw%2FL4woK1YS0id%2FmRBo%2Fm6qkRXqV24inZHbWZtfxq8Fp%2BxIOnwywh3lzaBMCC7Rm0zYCmoAGXnC218U3U%2FuW1I4R393M6xMT84dRlnVjhfg%3D%3D"}]}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e2aa9c092c19-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      8192.168.2.549732104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:45.727435112 CET1183OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:46.061866999 CET1187INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:46 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d07fa19fbba1d2d1114ed583df8ba53bc1615278045; expires=Thu, 08-Apr-21 08:20:45 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac123d00002b16d009a000000001
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R81enhbviE1uA4sDJa41wOq9c4Cjriqtf7gaWrGCQNEq%2FBkKzFoJ1vZYdB8SBviwkF7%2Fj6i6gWiipLYBgLVN0rW%2F0RdV5u98mK9RkA1S2%2BR6BA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e2c9f80c2b16-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Session IDSource IPSource PortDestination IPDestination PortProcess
      9192.168.2.549733104.21.48.5080C:\Windows\System32\wscript.exe
      TimestampkBytes transferredDirectionData
      Mar 9, 2021 09:20:47.999089003 CET1188OUTPOST /key/license/gate.php HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      Accept: */*
      Accept-Language: en-us
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63
      Content-Length: 23
      Host: adsclickboost.com
      Mar 9, 2021 09:20:48.327545881 CET1189INHTTP/1.1 200 OK
      Date: Tue, 09 Mar 2021 08:20:48 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: __cfduid=d3f9bbc8ce8bfc48de1086dfeb1d627bc1615278048; expires=Thu, 08-Apr-21 08:20:48 GMT; path=/; domain=.adsclickboost.com; HttpOnly; SameSite=Lax
      CF-Cache-Status: DYNAMIC
      cf-request-id: 08b7ac1b1c0000061c589df000000001
      Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f76q9zkamkVAA9pragefyeSaRupD6fThnclfaHcLNPgTCbGuOB4fVCyhmi5m%2FHaSe%2FlE%2BVAL%2BHQK%2F8xQRFhVsUJJe39q6Zrgy2st7Tf%2BB%2FD%2Big%3D%3D"}],"max_age":604800}
      NEL: {"max_age":604800,"report_to":"cf-nel"}
      Server: cloudflare
      CF-RAY: 62d2e2d82ce7061c-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      Code Manipulations

      Statistics

      Behavior

      Click to jump to process

      System Behavior

      General

      Start time:09:20:07
      Start date:09/03/2021
      Path:C:\Windows\System32\wscript.exe
      Wow64 process (32bit):false
      Commandline:C:\Windows\System32\wscript.exe 'C:\Users\user\Desktop\COVID_19_Test_Result_Doctor_Note.js'
      Imagebase:0x7ff7c82f0000
      File size:163840 bytes
      MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high

      General

      Start time:09:20:22
      Start date:09/03/2021
      Path:C:\Windows\System32\wscript.exe
      Wow64 process (32bit):false
      Commandline:'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
      Imagebase:0x7ff7c82f0000
      File size:163840 bytes
      MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high

      General

      Start time:09:20:30
      Start date:09/03/2021
      Path:C:\Windows\System32\wscript.exe
      Wow64 process (32bit):false
      Commandline:'C:\Windows\system32\wscript.exe' //B 'C:\Users\user\AppData\Roaming\COVID_19_Test_Result_Doctor_Note.js'
      Imagebase:0x7ff7c82f0000
      File size:163840 bytes
      MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high

      General

      Start time:09:20:38
      Start date:09/03/2021
      Path:C:\Windows\System32\wscript.exe
      Wow64 process (32bit):false
      Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\COVID_19_Test_Result_Doctor_Note.js'
      Imagebase:0x7ff7c82f0000
      File size:163840 bytes
      MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high

      Disassembly

      Code Analysis

      Reset < >