Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://services.business-manange.com/

Overview

General Information

Sample URL:http://services.business-manange.com/
Analysis ID:1467906
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected BlockedWebSite
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1984,i,9630008480097638356,11724368922385271652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 1560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://services.business-manange.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_130JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.1.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security
      0.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: http://services.business-manange.com/Avira URL Cloud: detection malicious, Label: malware
        Source: http://services.business-manange.com/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
        Antivirus detection for URL or domain
        Source: https://services.business-manange.com/favicon.icoAvira URL Cloud: Label: malware
        Source: https://services.business-manange.com/cdn-cgi/images/icon-exclamation.png?1376755637Avira URL Cloud: Label: malware
        Source: https://services.business-manange.com/cdn-cgi/styles/cf.errors.cssAvira URL Cloud: Label: malware

        Phishing

        barindex
        Yara detected BlockedWebSite
        Source: Yara matchFile source: 0.1.pages.csv, type: HTML
        Source: Yara matchFile source: 0.0.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_130, type: DROPPED
        Source: https://services.business-manange.com/HTTP Parser: No favicon
        Source: https://services.business-manange.com/HTTP Parser: No favicon
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2
        Source: global trafficTCP traffic: 192.168.2.5:56214 -> 1.1.1.1:53
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: services.business-manange.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: services.business-manange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://services.business-manange.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: services.business-manange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://services.business-manange.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: services.business-manange.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://services.business-manange.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: services.business-manange.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
        Source: global trafficDNS traffic detected: DNS query: services.business-manange.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
        Source: unknownHTTP traffic detected: POST /report/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 451Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 22:51:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: Accept-EncodingCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89e2ae39a9f90f53-EWRalt-svc: h3=":443"; ma=86400
        Source: chromecache_129.2.drString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
        Source: chromecache_130.2.drString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
        Source: chromecache_130.2.drString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56218
        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 56218 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
        Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49714 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2
        Source: classification engineClassification label: mal64.phis.win@22/15@10/7
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1984,i,9630008480097638356,11724368922385271652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://services.business-manange.com/"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1984,i,9630008480097638356,11724368922385271652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		1
        Masquerading        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        http://services.business-manange.com/100%Avira URL Cloudmalware
        http://services.business-manange.com/100%SlashNextCredential Stealing type: Phishing & Social Engineering

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe
        https://services.business-manange.com/favicon.ico100%Avira URL Cloudmalware
        http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer0%Avira URL Cloudsafe
        https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
        https://services.business-manange.com/cdn-cgi/images/icon-exclamation.png?1376755637100%Avira URL Cloudmalware
        https://a.nel.cloudflare.com/report/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D0%Avira URL Cloudsafe
        https://services.business-manange.com/cdn-cgi/styles/cf.errors.css100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        a.nel.cloudflare.com
        		35.190.80.1
        		truefalse
          		unknown
          services.business-manange.com
          		172.67.138.117
          		truefalse
            		unknown
            www.google.com
            		172.217.16.196
            		truefalse
              		unknown
              fp2e7a.wpc.phicdn.net
              		192.229.221.95
              		truefalse
                		unknown
                windowsupdatebg.s.llnwi.net
                		46.228.146.128
                		truefalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://services.business-manange.com/cdn-cgi/images/icon-exclamation.png?1376755637false
                  • Avira URL Cloud: malware
                  		unknown
                  https://services.business-manange.com/cdn-cgi/styles/cf.errors.cssfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://services.business-manange.com/false
                    		unknown
                    https://services.business-manange.com/favicon.icofalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://a.nel.cloudflare.com/report/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3Dfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.cloudflare.com/learning/access-management/phishing-attack/chromecache_130.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404referchromecache_129.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.cloudflare.com/5xx-error-landingchromecache_130.2.drfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    104.21.54.113
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    35.190.80.1
                    		a.nel.cloudflare.comUnited States
                    		15169GOOGLEUSfalse
                    172.67.138.117
                    		services.business-manange.comUnited States
                    		13335CLOUDFLARENETUSfalse
                    172.217.16.196
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.6
                    192.168.2.5

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1467906
                    Start date and time:2024-07-05 00:50:38 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 3s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://services.business-manange.com/
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal64.phis.win@22/15@10/7
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.186.110, 74.125.71.84, 34.104.35.123, 40.68.123.157, 46.228.146.128, 192.229.221.95, 20.3.187.198, 13.95.31.18, 216.58.206.35, 93.184.221.240
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: http://services.business-manange.com/

                    Simulations

                    Behavior and APIs

                    No simulations

                    LLM Input / Output

                    InputOutput
                    URL: https://services.business-manange.com/ Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title of the webpage suggests that it is a suspected phishing site, which is a red flag.","The text on the webpage warns users of potential phishing and encourages them to ignore and proceed with caution.","There is no login form present on the webpage, which is a good sign.","The text on the webpage does not create a sense of urgency or interest, which is a common tactic used in phishing attacks.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage, which is a good sign."]}
                    Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray 10: 89e2ae2b2f6243be  Your 'P: Click ta reveal  Performance & security by Cloudflare
                    URL: https://services.business-manange.com/ Model: Perplexity: mixtral-8x7b-instruct
                    {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title of the webpage 'Suspected phishing site | Cloudflare' indicates that the site is suspected of phishing.","The text 'This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.' clearly states that the site is suspected of phishing and is trying to steal sensitive information.","The text 'Ignore & Proceed' creates a sense of urgency for the user to proceed without fully understanding the risks associated with the site.","The webpage does not contain a login form, CAPTCHA or any other mechanism that would typically be present on a legitimate site.","The IP address '846.123.33' in the text is likely fake and not associated with a real user, further indicating the suspicious nature of the site."]}
                    Title: Suspected phishing site | Cloudflare OCR: O Warning Suspected Phishing This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source. Leam More Ignore & Proceed Cloudflare Ray 'D: 89e2ae2b2f6243be  Performance & security by Cloudflare Your IP: 846.123.33

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 21:51:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9771932448638325
                    Encrypted:false
                    SSDEEP:48:8tdFTNQw+HjidAKZdA19ehwiZUklqehZy+3:8lSwW6y
                    MD5:A13470462A5156E7385C86F99638BEC7
                    SHA1:2B8965A36BFB06ED61BAA6784B92B2593CFA409A
                    SHA-256:D61130F3BA0400EC8A177426F654106CD7337392DF85F496F5A5349701B47B1F
                    SHA-512:6DF1FD6A975E46643F2ACBD8FB1409C72FC4CFFD49105FB3BDDADD8945A35D3A3C4015BCDBA58D0BFAA799DE575E432BDDB585319E334BB4AFEBC8FBF42E099F
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.....f.d...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xo............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 21:51:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.9909365808210877
                    Encrypted:false
                    SSDEEP:48:8IdFTNQw+HjidAKZdA1weh/iZUkAQkqehqy+2:8WSw09Qry
                    MD5:8EE84F5F1ACCBB308F732C71DAFB187B
                    SHA1:EA70D57E672A7DFC31551364E28A9A4173056B1F
                    SHA-256:415A92FC2A6C841D21BD1249DDD6CF38360187D36289C66EB38AD06C625BAF40
                    SHA-512:C98B9E76E29932AE22B51DD338CE5EAB1B4E21A0635988B34AC356714673040BCE73C736847084859618A3EC090D210504CAEA82400E826B2DC0AEC25CE78C73
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.......d...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xo............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2693
                    Entropy (8bit):4.002934250265125
                    Encrypted:false
                    SSDEEP:48:8xCdFTNQwsHjidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xMSweney
                    MD5:B9A3BBCF750E9ACEA1D247273CD328C0
                    SHA1:5468AAD56CB88548802E69F716E005385ADD3F2D
                    SHA-256:0C9C7906492D49831070F4ACAD4FE48D337302708385B8CF8CD93A545CAEE9D1
                    SHA-512:C68B0D4A2F22470C0EC184C29653FB87C93919DED54451D458D5D77F26BD68398B5DD86775FA0DF0CBFCC687EBCF25B9A1F5E4C6026B09BC92F754A716FA3495
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 21:51:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.990431858394825
                    Encrypted:false
                    SSDEEP:48:8TCdFTNQw+HjidAKZdA1vehDiZUkwqehmy+R:8TMSwfEy
                    MD5:54765DAF95C2A07470E444449C7A9CD2
                    SHA1:E3280988470FA28BC102E1FF19C464DFEE597C26
                    SHA-256:365BC069C580957E9A0F4144876EEFE8FF1CA1774EE2820F547771FFE2213D05
                    SHA-512:F77581D601BA93E63B6995C38A6CE0CB8A6F95720A96A5D2D70889B0E6FD21BE3E25ED167DEB5CAB12692F8D2015F1281EE1897107931AB36D295CD2F7DA75C8
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.......d...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xo............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 21:51:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.9790461148135066
                    Encrypted:false
                    SSDEEP:48:8AWdFTNQw+HjidAKZdA1hehBiZUk1W1qehwy+C:8AYSwf9Qy
                    MD5:EC61EFD9EDD9AE7551D1022CFB947F97
                    SHA1:0515DB27EA9F851E407D900E2BB4FDDBE8393434
                    SHA-256:2484D22AB7E9985AB7D0BA5ACAF0E6A6E8DD28B59A09A49A31A07C2C98E612D1
                    SHA-512:79B66C3FC151654C4EF9B79A01B2607991930B39ABA10707011E1E88F5220B3C2C3DAA2F83B7504E6EDBA5CC2A50D9BDAE6C96861571F4CFA0D344CF4CBC82D4
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.......d...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xo............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jul 4 21:51:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2683
                    Entropy (8bit):3.9903232716207833
                    Encrypted:false
                    SSDEEP:48:8OdFTNQw+HjidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbey+yT+:8gSwXT/TbxWOvTbey7T
                    MD5:AFD7DD1EC8D68118D05ED5CD76764576
                    SHA1:31B19E7334EFF78A9576FB28F4F27439B4EF4B66
                    SHA-256:B90D5CDDEA6A67398A27033844D37964FCD3F14CA8D4D631B54C5DF2A79ABECC
                    SHA-512:831BBA8323F9B71C9EE5D77C81A2C81FAD5DCDD6B0F2E8A692966CFD25A754B964A11912B373E3B335FC65623751AD6DA8E75BD405180B49B85CDDC7D5F81BFE
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....QI..d...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xl.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xo............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Chrome Cache Entry: 126

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (24050)
                    Category:downloaded
                    Size (bytes):24051
                    Entropy (8bit):4.941039417164537
                    Encrypted:false
                    SSDEEP:192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
                    MD5:5E8C69A459A691B5D1B9BE442332C87D
                    SHA1:F24DD1AD7C9080575D92A9A9A2C42620725EF836
                    SHA-256:84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
                    SHA-512:6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
                    Malicious:false
                    Reputation:low
                    URL:https://services.business-manange.com/cdn-cgi/styles/cf.errors.css
                    Preview:#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

                    Chrome Cache Entry: 127

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                    Category:downloaded
                    Size (bytes):452
                    Entropy (8bit):7.0936408308765495
                    Encrypted:false
                    SSDEEP:12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
                    MD5:C33DE66281E933259772399D10A6AFE8
                    SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                    SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                    SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                    Malicious:false
                    Reputation:low
                    URL:https://services.business-manange.com/cdn-cgi/images/icon-exclamation.png?1376755637
                    Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                    Chrome Cache Entry: 128

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):452
                    Entropy (8bit):7.0936408308765495
                    Encrypted:false
                    SSDEEP:12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
                    MD5:C33DE66281E933259772399D10A6AFE8
                    SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                    SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                    SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                    Malicious:false
                    Reputation:low
                    Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                    Chrome Cache Entry: 129

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (4070)
                    Category:downloaded
                    Size (bytes):10421
                    Entropy (8bit):5.341075039866162
                    Encrypted:false
                    SSDEEP:192:rlYHC0HNXGZkHQU7ydPJq5S2KqQVX/uTK3w3DK+tMy47R/Ga0kVhFuPwf8Pn93Jl:FVGaRF8I8WdTnX+Ii
                    MD5:0B72BC1A614566F2E6C503CDAEF7210F
                    SHA1:14DA8126257CD9FFC3FD845A194653EC18923390
                    SHA-256:B31262821E000B310DA41F99C8139EE6EE703BDDC7A29ADD667B66471D11D24B
                    SHA-512:003F07C6317224C0872F0F4C7A4BBEFE7A5476C27B7842B0A3A10E471DD0602B809DA94D84223789D79D2FB6F11E7921CEB1EAB8732FBF28C5BB850CF6D27113
                    Malicious:false
                    Reputation:low
                    URL:https://services.business-manange.com/favicon.ico
                    Preview:...<!DOCTYPE html>.<html>. <head>. <meta http-equiv="Content-type" content="text/html; charset=utf-8">. <meta http-equiv="Cache-control" content="no-cache">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="0">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>404 Not Found</title>. <style type="text/css">. body {. font-family: Arial, Helvetica, sans-serif;. font-size: 14px;. line-height: 1.428571429;. background-color: #ffffff;. color: #2F3230;. padding: 0;. margin: 0;. }. section, footer {. display: block;. padding: 0;. margin: 0;. }. .container {. margin-left: auto;. margin-right: auto;. padding: 0 10px;. }. .response-info {. color: #CCCCCC;. }. .status-code {. font-size:

                    Chrome Cache Entry: 130

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (394)
                    Category:downloaded
                    Size (bytes):4394
                    Entropy (8bit):5.080994135778902
                    Encrypted:false
                    SSDEEP:96:1j9jwIjYjUDK/D5DMF+BOisjA2ZLimzHrR49PaQxJbGD:1j9jhjYjIK/Vo+tsdZOmbrO9ieJGD
                    MD5:F840F3D4E3028429325A24EC50AF9B54
                    SHA1:DEECF79E4995620E826AEBB9CF623A8A3F1E18FD
                    SHA-256:03982763B653848ACBC19E9BABAAD74C4B1412D5415D84952AFF9CE5D4EF6B8B
                    SHA-512:759B7A276CA0D86D05491CD81841CC2BD5EBF32510D915525CD3B1896B7D06A3373B64116FCC7E59C4ACBEF197A3B65A0A38CA583AB52C6BB6EA4EECDF4F6BA2
                    Malicious:false
                    Reputation:low
                    URL:https://services.business-manange.com/
                    Preview:<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site | Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 5, 2024 00:51:22.502623081 CEST49674443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:22.502629995 CEST49675443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:22.596460104 CEST49673443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:29.834983110 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:29.835015059 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:29.835076094 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:29.868221045 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:29.868235111 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.351445913 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.351768017 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.351785898 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.352730989 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.352792025 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.353934050 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.353997946 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.354249954 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.354258060 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.395839930 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.481004000 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481035948 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481055021 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481087923 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481126070 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.481137991 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481170893 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.481185913 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.481226921 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.500507116 CEST49709443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.500519037 CEST44349709104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.578247070 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.578340054 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:30.578486919 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.578763008 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:30.578798056 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.054462910 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.074640989 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.074696064 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.075021029 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.076102018 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.076220036 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.076936960 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.120521069 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182801962 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182853937 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182885885 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182920933 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182923079 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.182949066 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.182988882 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.182990074 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.183016062 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.183036089 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.183038950 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.183048010 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.183087111 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.183104038 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.183166981 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.183437109 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.231194019 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.231209993 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.272773981 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.272804022 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.272836924 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.272842884 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.272865057 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.272892952 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.273190022 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.273238897 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.273253918 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.273601055 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.273655891 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.274403095 CEST49712443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.274430037 CEST44349712104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.459911108 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.459964037 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.460035086 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.460911036 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.460927010 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.962582111 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.970098019 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.970118046 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.970639944 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.971666098 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:31.971748114 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:31.971966982 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.012504101 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.053447962 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.053473949 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:32.053632975 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.055486917 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.055497885 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:32.090399027 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.090466976 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.090526104 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.091979980 CEST49713443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.091991901 CEST44349713104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.103091955 CEST49675443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:32.103108883 CEST49674443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:32.138938904 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.138988018 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.139064074 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.142139912 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.142154932 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.144824982 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.144849062 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.144998074 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.145900965 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.145915985 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.180306911 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.180341005 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.180588007 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.180972099 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.180985928 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.202416897 CEST49673443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:32.650391102 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.660681963 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.660708904 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.660996914 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.662404060 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.662461996 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.662947893 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:32.665409088 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.665895939 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.665909052 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.666930914 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.666996002 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.667638063 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.667700052 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.668071032 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.668077946 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.708499908 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:32.709856987 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:32.709929943 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.714538097 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.730743885 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.730782986 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:32.731137037 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:32.778547049 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.806230068 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.809834003 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.809850931 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.811475992 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.811542034 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.812555075 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.812628984 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.812695980 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.826244116 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.826368093 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.872307062 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.872328997 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:32.919168949 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:32.948445082 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:32.963912010 CEST49717443192.168.2.5172.67.138.117
                    Jul 5, 2024 00:51:32.963939905 CEST44349717172.67.138.117192.168.2.5
                    Jul 5, 2024 00:51:32.988511086 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.136363983 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.136440992 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.138160944 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:33.344829082 CEST49714443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:33.344857931 CEST44349714184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.432459116 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432746887 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432773113 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432794094 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.432796001 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432826042 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432859898 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432868004 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.432877064 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432895899 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.432909012 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432934046 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.432975054 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.432981968 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.433001995 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.433037043 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.433181047 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.437863111 CEST49716443192.168.2.5104.21.54.113
                    Jul 5, 2024 00:51:33.437891960 CEST44349716104.21.54.113192.168.2.5
                    Jul 5, 2024 00:51:33.457091093 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:33.457165956 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.457271099 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:33.458029032 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:33.458058119 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:33.843453884 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:33.843503952 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:33.843604088 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:33.844443083 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:33.844471931 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:33.924793959 CEST4434970323.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:33.924876928 CEST49703443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:34.124543905 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.124643087 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.127919912 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.127974987 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.128276110 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.129750013 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.176507950 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.314722061 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.315054893 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.315092087 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.315962076 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.316066980 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.318695068 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.318768978 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.319046021 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.319067955 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.372266054 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.408622026 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.408699989 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.408818007 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.410403967 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.410446882 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.410484076 CEST49718443192.168.2.5184.28.90.27
                    Jul 5, 2024 00:51:34.410501003 CEST44349718184.28.90.27192.168.2.5
                    Jul 5, 2024 00:51:34.444180012 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.444653034 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.444664001 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.444689989 CEST4434972135.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.444735050 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.444792032 CEST49721443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.446022034 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.446053028 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.446163893 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.446937084 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.446950912 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.919517994 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.919780016 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.919810057 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.920145035 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.920588970 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.920655966 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:34.923810959 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:34.968499899 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:35.070167065 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:35.070245981 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:35.070301056 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:35.070507050 CEST49722443192.168.2.535.190.80.1
                    Jul 5, 2024 00:51:35.070527077 CEST4434972235.190.80.1192.168.2.5
                    Jul 5, 2024 00:51:42.694664955 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:42.694732904 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:42.694868088 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:43.753113985 CEST49715443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:51:43.753145933 CEST44349715172.217.16.196192.168.2.5
                    Jul 5, 2024 00:51:44.719336033 CEST49703443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:44.719449997 CEST49703443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:44.719786882 CEST49727443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:44.719832897 CEST4434972723.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:44.719918013 CEST49727443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:44.720154047 CEST49727443192.168.2.523.1.237.91
                    Jul 5, 2024 00:51:44.720170021 CEST4434972723.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:44.724107027 CEST4434970323.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:44.724276066 CEST4434970323.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:45.356013060 CEST4434972723.1.237.91192.168.2.5
                    Jul 5, 2024 00:51:45.356110096 CEST49727443192.168.2.523.1.237.91
                    Jul 5, 2024 00:52:04.630722046 CEST4434972723.1.237.91192.168.2.5
                    Jul 5, 2024 00:52:04.630948067 CEST49727443192.168.2.523.1.237.91
                    Jul 5, 2024 00:52:09.848846912 CEST5621453192.168.2.51.1.1.1
                    Jul 5, 2024 00:52:09.854033947 CEST53562141.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:09.854095936 CEST5621453192.168.2.51.1.1.1
                    Jul 5, 2024 00:52:09.854121923 CEST5621453192.168.2.51.1.1.1
                    Jul 5, 2024 00:52:09.859071970 CEST53562141.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:10.431672096 CEST53562141.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:10.432411909 CEST5621453192.168.2.51.1.1.1
                    Jul 5, 2024 00:52:10.438668013 CEST53562141.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:10.438781977 CEST5621453192.168.2.51.1.1.1
                    Jul 5, 2024 00:52:32.172657967 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:32.172708035 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.172831059 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:32.173548937 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:32.173563004 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.817364931 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.817720890 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:32.817737103 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.818074942 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.818965912 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:32.819031954 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:32.872741938 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:43.061700106 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:43.061781883 CEST44356218172.217.16.196192.168.2.5
                    Jul 5, 2024 00:52:43.065468073 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:43.719060898 CEST56218443192.168.2.5172.217.16.196
                    Jul 5, 2024 00:52:43.719150066 CEST44356218172.217.16.196192.168.2.5

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 5, 2024 00:51:27.585993052 CEST53570241.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:27.591604948 CEST53633041.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:28.579521894 CEST53519511.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:29.563504934 CEST5306253192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:29.563846111 CEST6350453192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:29.742870092 CEST53530621.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:29.743345022 CEST53635041.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:29.795917988 CEST5482853192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:29.796171904 CEST5819853192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:29.815536022 CEST53548281.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:29.836997032 CEST53581981.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:32.127290964 CEST5217753192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:32.127460957 CEST5244253192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:32.134486914 CEST53524421.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:32.134501934 CEST53521771.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:32.159398079 CEST5904053192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:32.160041094 CEST6380453192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:32.179095984 CEST53638041.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:32.179614067 CEST53590401.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:33.818239927 CEST6313853192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:33.818429947 CEST5179653192.168.2.51.1.1.1
                    Jul 5, 2024 00:51:33.825098991 CEST53517961.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:33.825238943 CEST53631381.1.1.1192.168.2.5
                    Jul 5, 2024 00:51:45.729496956 CEST53506951.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:04.768697023 CEST53631551.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:09.848499060 CEST53509561.1.1.1192.168.2.5
                    Jul 5, 2024 00:52:27.211468935 CEST53604721.1.1.1192.168.2.5

                    ICMP Packets

                    TimestampSource IPDest IPChecksumCodeType
                    Jul 5, 2024 00:51:29.837068081 CEST192.168.2.51.1.1.1c23d(Port unreachable)Destination Unreachable

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jul 5, 2024 00:51:29.563504934 CEST192.168.2.51.1.1.10x6261Standard query (0)services.business-manange.comA (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.563846111 CEST192.168.2.51.1.1.10x28deStandard query (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:29.795917988 CEST192.168.2.51.1.1.10x5a9fStandard query (0)services.business-manange.comA (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.796171904 CEST192.168.2.51.1.1.10xfc9aStandard query (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:32.127290964 CEST192.168.2.51.1.1.10x2b7aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:32.127460957 CEST192.168.2.51.1.1.10x10dfStandard query (0)www.google.com65IN (0x0001)false
                    Jul 5, 2024 00:51:32.159398079 CEST192.168.2.51.1.1.10xc61fStandard query (0)services.business-manange.comA (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:32.160041094 CEST192.168.2.51.1.1.10xd792Standard query (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:33.818239927 CEST192.168.2.51.1.1.10xf8e8Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:33.818429947 CEST192.168.2.51.1.1.10xbc9cStandard query (0)a.nel.cloudflare.com65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jul 5, 2024 00:51:29.742870092 CEST1.1.1.1192.168.2.50x6261No error (0)services.business-manange.com172.67.138.117A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.742870092 CEST1.1.1.1192.168.2.50x6261No error (0)services.business-manange.com104.21.54.113A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.743345022 CEST1.1.1.1192.168.2.50x28deNo error (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:29.815536022 CEST1.1.1.1192.168.2.50x5a9fNo error (0)services.business-manange.com104.21.54.113A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.815536022 CEST1.1.1.1192.168.2.50x5a9fNo error (0)services.business-manange.com172.67.138.117A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:29.836997032 CEST1.1.1.1192.168.2.50xfc9aNo error (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:32.134486914 CEST1.1.1.1192.168.2.50x10dfNo error (0)www.google.com65IN (0x0001)false
                    Jul 5, 2024 00:51:32.134501934 CEST1.1.1.1192.168.2.50x2b7aNo error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:32.179095984 CEST1.1.1.1192.168.2.50xd792No error (0)services.business-manange.com65IN (0x0001)false
                    Jul 5, 2024 00:51:32.179614067 CEST1.1.1.1192.168.2.50xc61fNo error (0)services.business-manange.com172.67.138.117A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:32.179614067 CEST1.1.1.1192.168.2.50xc61fNo error (0)services.business-manange.com104.21.54.113A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:33.825238943 CEST1.1.1.1192.168.2.50xf8e8No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:43.302417040 CEST1.1.1.1192.168.2.50x3699No error (0)windowsupdatebg.s.llnwi.net46.228.146.128A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:44.065723896 CEST1.1.1.1192.168.2.50xd925No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Jul 5, 2024 00:51:44.065723896 CEST1.1.1.1192.168.2.50xd925No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:51:57.999867916 CEST1.1.1.1192.168.2.50x3ed9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Jul 5, 2024 00:51:57.999867916 CEST1.1.1.1192.168.2.50x3ed9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                    Jul 5, 2024 00:52:52.458301067 CEST1.1.1.1192.168.2.50x8ae2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                    Jul 5, 2024 00:52:52.458301067 CEST1.1.1.1192.168.2.50x8ae2No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • services.business-manange.com
                    • https:
                    • fs.microsoft.com
                    • a.nel.cloudflare.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.549709104.21.54.1134431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:30 UTC672OUTGET / HTTP/1.1
                    Host: services.business-manange.com
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:30 UTC575INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 22:51:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: close
                    X-Frame-Options: SAMEORIGIN
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qH2WbpUnPMMAn%2BVy1wuOplJU%2Fel55B5yMEG4rxAWRg%2FFD%2BlG8HpyRsDFn8csQ0HJW4B7ydsaMCKCOCbxfsMrFhRW85hU3ihyJR6STbXACpb2K63pxzOBrhTx%2FmBRT0wMqZZ9%2FoQe19K3PNYuh50rpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e2ae2b2f6243be-EWR
                    2024-07-04 22:51:30 UTC794INData Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                    Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                    2024-07-04 22:51:30 UTC1369INData Raw: 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d
                    Data Ascii: ' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = docum
                    2024-07-04 22:51:30 UTC1369INData Raw: 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6f 65 51 69 65 4f 45 74 68 76 54 76 53 41 45 4c 6a 37 4a 46 53 2e 30 46 57 66 4b 69 4b 4d 4d 71 68 41 56 30 63 49 43 45 64 62 67 2d 31 37 32 30 31 33 33 34 39 30 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63
                    Data Ascii: ctype="text/plain"> <input type="hidden" name="atok" value="oeQieOEthvTvSAELj7JFS.0FWfKiKMMqhAV0cICEdbg-1720133490-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attac
                    2024-07-04 22:51:30 UTC870INData Raw: 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22
                    Data Ascii: cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="
                    2024-07-04 22:51:30 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.549712104.21.54.1134431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:31 UTC585OUTGET /cdn-cgi/styles/cf.errors.css HTTP/1.1
                    Host: services.business-manange.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: text/css,*/*;q=0.1
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: style
                    Referer: https://services.business-manange.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:31 UTC411INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 22:51:31 GMT
                    Content-Type: text/css
                    Content-Length: 24051
                    Connection: close
                    Last-Modified: Thu, 04 Jul 2024 09:57:21 GMT
                    ETag: "66867201-5df3"
                    Server: cloudflare
                    CF-RAY: 89e2ae2f9901433e-EWR
                    X-Frame-Options: DENY
                    X-Content-Type-Options: nosniff
                    Expires: Fri, 05 Jul 2024 00:51:31 GMT
                    Cache-Control: max-age=7200
                    Cache-Control: public
                    Accept-Ranges: bytes
                    2024-07-04 22:51:31 UTC958INData Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70
                    Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
                    2024-07-04 22:51:31 UTC1369INData Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f
                    Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
                    2024-07-04 22:51:31 UTC1369INData Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d
                    Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
                    2024-07-04 22:51:31 UTC1369INData Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69
                    Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
                    2024-07-04 22:51:31 UTC1369INData Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73
                    Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
                    2024-07-04 22:51:31 UTC1369INData Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65
                    Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
                    2024-07-04 22:51:31 UTC1369INData Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c
                    Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
                    2024-07-04 22:51:31 UTC1369INData Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23
                    Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
                    2024-07-04 22:51:31 UTC1369INData Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e
                    Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
                    2024-07-04 22:51:31 UTC1369INData Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e
                    Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.549713104.21.54.1134431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:31 UTC677OUTGET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
                    Host: services.business-manange.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://services.business-manange.com/cdn-cgi/styles/cf.errors.css
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:32 UTC409INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 22:51:32 GMT
                    Content-Type: image/png
                    Content-Length: 452
                    Connection: close
                    Last-Modified: Fri, 28 Jun 2024 11:25:31 GMT
                    ETag: "667e9dab-1c4"
                    Server: cloudflare
                    CF-RAY: 89e2ae353ccf1774-EWR
                    X-Frame-Options: DENY
                    X-Content-Type-Options: nosniff
                    Expires: Fri, 05 Jul 2024 00:51:32 GMT
                    Cache-Control: max-age=7200
                    Cache-Control: public
                    Accept-Ranges: bytes
                    2024-07-04 22:51:32 UTC452INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65
                    Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~|:t5mfpi/e%%nPe


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.549716104.21.54.1134431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:32 UTC614OUTGET /favicon.ico HTTP/1.1
                    Host: services.business-manange.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://services.business-manange.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:33 UTC645INHTTP/1.1 404 Not Found
                    Date: Thu, 04 Jul 2024 22:51:33 GMT
                    Content-Type: text/html
                    Transfer-Encoding: chunked
                    Connection: close
                    vary: Accept-Encoding
                    Cache-Control: max-age=14400
                    CF-Cache-Status: EXPIRED
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e2ae39a9f90f53-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 22:51:33 UTC724INData Raw: 32 38 62 35 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f
                    Data Ascii: 28b5<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" co
                    2024-07-04 22:51:33 UTC1369INData Raw: 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64
                    Data Ascii: padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .status-cod
                    2024-07-04 22:51:33 UTC1369INData Raw: 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74
                    Data Ascii: ul li { float: left; text-align: center; } .additional-info-items ul li { width: 100%; } .info-image { padding: 10px; } .info-heading { font-weight
                    2024-07-04 22:51:33 UTC1369INData Raw: 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 64 64 72 65 73 73 20 7b 0a 20
                    Data Ascii: .contact-info { font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server address {
                    2024-07-04 22:51:33 UTC1369INData Raw: 6c 76 58 4b 44 64 55 35 70 44 48 33 54 52 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f 56 6b 67 4b 58 47 6b 77 59 55 51 48 41 61 4d 2b 79 51 75 6e 42 6d 4e 53 77 62 52 56 59 68 2b 6b 4f 63 67 4d 68 76 52 44 42 31 4d 64 32 30 59 66 69 52 2b 55 46 66 76 64 49 69 7a 70 32 76 31 76 56
                    Data Ascii: lvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfvdIizp2v1vV
                    2024-07-04 22:51:33 UTC1369INData Raw: 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 59 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f 6e 5a 7a 78 44 71 6d 71 46 52 46 43 37 39 39 2b 64 62 45 69 72 4d 6f 56 45 58 68 56 41 30 37 59 2b 47 57 4e 4d 4f 42 43 78 49 49 70 43 67 43 70 41 58 35 4b 67 48 42 36 49 51 49 4c 48 77 45 33 48 58 6b 32 58 51 56 73 7a 64 53 6b 47 45 43 6a 55 41 42 68 50 4c 4d 64 54 2f 75 4b 4c 30 52 49 51 38 44 7a 59 4f 4b 4a 75 39 38 56 30 30 36 4c 62 53 49 6b 76 42 73 52 6c 7a 42 50 59 6b 49 52 49 48 31 37 34 33 69 45 69 65 6c 42 54 34 69 51 52
                    Data Ascii: RzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743iEielBT4iQR
                    2024-07-04 22:51:33 UTC1369INData Raw: 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54 42 65 76 42 61 56 34 69 77 59 4a 47 47 63 74 52 44 43 31 46 73 47 61 51 33 52 74 47 46 66 4c 34 6f 73 33 34 67 36 54 2b 41 6b 41 54 38 34 62 73 30 66 58 32 77 65 53 38 38 58 37 58 36 68 58 52 44 44 52 7a 64 77 48 5a 2f 35 44 32 68 6a 6a 67 68 74 33 4d 62 35 79 31 4e 49 4e 71 2b 62 65 5a 42 75 38 64 38 34 36 35 37 77 50 59 66 4e 38 70 5a 42 63 30 67 2b 4a 4b 69 4b 59 69 4e 72 39 72 34 76 31 5a 72 76 64 62 74 61 7a 70 31 36 54 53 43 4f 66 5a 70 70 4d 69 47 44 36 69 56 71 72 32 37 31 6f 56 6f 6b 55 36 41 4a 39 55 35 46 47 6e 58 49 77 77 35 6d 48 2b 6b 4c 45 68 78 49 31 63 6c 32 30 51 43 47 43 54 67 52 4d 41 2f 33 2b 46 32 6c 52 58 58 74 7a 58 68 55 52 50 54 54 74 39 47
                    Data Ascii: O00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr271oVokU6AJ9U5FGnXIww5mH+kLEhxI1cl20QCGCTgRMA/3+F2lRXXtzXhURPTTt9G
                    2024-07-04 22:51:33 UTC1369INData Raw: 61 66 35 63 66 64 38 64 38 63 35 64 38 63 65 63 35 63 39 64 66 63 37 63 66 63 34 64 65 38 34 64 39 63 32 64 65 63 37 63 36 38 61 64 61 63 35 64 38 64 65 38 61 39 65 39 65 39 39 38 61 63 35 63 34 38 61 65 63 64 38 63 33 63 65 63 62 64 33 38 36 38 61 39 61 39 66 38 37 65 30 64 66 63 36 38 37 39 38 39 61 39 38 39 65 38 61 39 61 39 66 39 30 39 66 39 62 39 30 39 39 39 39 38 61 66 64 65 33 65 38 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 72 65 61 73 6f 6e 2d 74 65 78 74 22 3e 54 68 65 20 73 65 72 76 65 72 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 70 61 67 65 3a 3c 2f 70 3e 0a
                    Data Ascii: af5cfd8d8c5d8cec5c9dfc7cfc4de84d9c2dec7c68adac5d8de8a9e9e998ac5c48aecd8c3cecbd3868a9a9f87e0dfc687989a989e8a9a9f909f9b9099998afde3e8"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p>
                    2024-07-04 22:51:33 UTC122INData Raw: 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                    Data Ascii: ipt data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>
                    2024-07-04 22:51:33 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.549717172.67.138.1174431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:32 UTC399OUTGET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
                    Host: services.business-manange.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:32 UTC409INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 22:51:32 GMT
                    Content-Type: image/png
                    Content-Length: 452
                    Connection: close
                    Last-Modified: Fri, 28 Jun 2024 11:25:31 GMT
                    ETag: "667e9dab-1c4"
                    Server: cloudflare
                    CF-RAY: 89e2ae39bf408cc5-EWR
                    X-Frame-Options: DENY
                    X-Content-Type-Options: nosniff
                    Expires: Fri, 05 Jul 2024 00:51:32 GMT
                    Cache-Control: max-age=7200
                    Cache-Control: public
                    Accept-Ranges: bytes
                    2024-07-04 22:51:32 UTC452INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65
                    Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~|:t5mfpi/e%%nPe


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.549714184.28.90.27443
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:32 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-07-04 22:51:33 UTC466INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (chd/0758)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-eus-z1
                    Cache-Control: public, max-age=29549
                    Date: Thu, 04 Jul 2024 22:51:33 GMT
                    Connection: close
                    X-CID: 2


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.549718184.28.90.27443
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:34 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-07-04 22:51:34 UTC514INHTTP/1.1 200 OK
                    ApiVersion: Distribute 1.1
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (lpl/EF06)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-weu-z1
                    Cache-Control: public, max-age=29569
                    Date: Thu, 04 Jul 2024 22:51:34 GMT
                    Content-Length: 55
                    Connection: close
                    X-CID: 2
                    2024-07-04 22:51:34 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.54972135.190.80.14431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:34 UTC576OUTOPTIONS /report/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D HTTP/1.1
                    Host: a.nel.cloudflare.com
                    Connection: keep-alive
                    Origin: https://services.business-manange.com
                    Access-Control-Request-Method: POST
                    Access-Control-Request-Headers: content-type
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:34 UTC336INHTTP/1.1 200 OK
                    Content-Length: 0
                    access-control-max-age: 86400
                    access-control-allow-methods: OPTIONS, POST
                    access-control-allow-origin: *
                    access-control-allow-headers: content-length, content-type
                    date: Thu, 04 Jul 2024 22:51:34 GMT
                    Via: 1.1 google
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.54972235.190.80.14431496C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-07-04 22:51:34 UTC504OUTPOST /report/v4?s=0IV7KN9lZ%2BmEXUr0wozxMyJD7PFgq1yCxA9ywoiD44kK6Ma4eQxTCXjhDy1A3SQ8PuGk2Qy0gv3Er2TSwfwXu9ZW9QqJ2RsOFyLgaG1p5uzWm08GK%2FHMPycQUrCWVuTD%2BGEDmx%2BgKytF9Kwe7YM%2FtQ%3D%3D HTTP/1.1
                    Host: a.nel.cloudflare.com
                    Connection: keep-alive
                    Content-Length: 451
                    Content-Type: application/reports+json
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-07-04 22:51:34 UTC451OUTData Raw: 5b 7b 22 61 67 65 22 3a 33 38 34 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 32 38 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 69 63 65 73 2e 62 75 73 69 6e 65 73 73 2d 6d 61 6e 61 6e 67 65 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 35 34 2e 31 31 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f
                    Data Ascii: [{"age":384,"body":{"elapsed_time":1289,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://services.business-manange.com/","sampling_fraction":1.0,"server_ip":"104.21.54.113","status_code":404,"type":"http.error"},"type":"netwo
                    2024-07-04 22:51:35 UTC168INHTTP/1.1 200 OK
                    Content-Length: 0
                    date: Thu, 04 Jul 2024 22:51:34 GMT
                    Via: 1.1 google
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Connection: close


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:18:51:22
                    Start date:04/07/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:18:51:25
                    Start date:04/07/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1984,i,9630008480097638356,11724368922385271652,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:18:51:28
                    Start date:04/07/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://services.business-manange.com/"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly