Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDl

Overview

General Information

Sample URL:https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9
Analysis ID:1574075
Infos:

Detection

KnowBe4
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected KnowBe4 simulated phishing
AI detected suspicious URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 3364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,15074720881907596878,5303227173293143602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 1412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.0.pages.csvJoeSecurity_KnowBe4Yara detected KnowBe4 simulated phishingJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected KnowBe4 simulated phishing
    Source: Yara matchFile source: 1.0.pages.csv, type: HTML
    AI detected suspicious URL
    Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://welsfargo.com-onlinebanking.com
    Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://welsfargo.com-onlinebanking.com
    Source: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==HTTP Parser: No favicon
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
    Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 40.81.94.65
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114 HTTP/1.1Host: welsfargo.com-onlinebanking.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ== HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: welsfargo.com-onlinebanking.com
    Source: global trafficDNS traffic detected: DNS query: secured-login.net
    Source: chromecache_48.2.drString found in binary or memory: http://code.jquery.com/jquery-1.10.2.js
    Source: chromecache_48.2.drString found in binary or memory: http://code.jquery.com/ui/1.11.4/jquery-ui.js
    Source: chromecache_47.2.drString found in binary or memory: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: classification engineClassification label: mal52.phis.win@17/9@8/5
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,15074720881907596878,5303227173293143602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,15074720881907596878,5303227173293143602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		1
    Process Injection    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=23249241140%Avira URL Cloudsafe

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    www.google.com
    		142.250.181.132
    		truefalse
      		high
      secured-login.net
      		34.196.207.207
      		truefalse
        		high
        landing.training.knowbe4.com
        		3.82.118.141
        		truefalse
          		high
          welsfargo.com-onlinebanking.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://secured-login.net/favicon.icofalse
              		high
              https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114false
                		high
                https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.cssfalse
                  		high
                  https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.jsfalse
                    		high
                    https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://code.jquery.com/jquery-1.10.2.jschromecache_48.2.drfalse
                        		high
                        https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViLchromecache_47.2.drfalse
                          		high
                          http://code.jquery.com/ui/1.11.4/jquery-ui.jschromecache_48.2.drfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            3.82.118.141
                            		landing.training.knowbe4.comUnited States
                            		14618AMAZON-AESUSfalse
                            34.196.207.207
                            		secured-login.netUnited States
                            		14618AMAZON-AESUSfalse
                            142.250.181.132
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.7

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1574075
                            Start date and time:2024-12-12 21:35:05 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 3s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:browseurl.jbs
                            Sample URL:https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:14
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal52.phis.win@17/9@8/5
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.206, 64.233.163.84, 172.217.17.46, 2.20.68.201, 172.217.17.35, 23.218.208.109, 13.107.246.63, 52.149.20.212
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            Chrome Cache Entry: 46

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65447)
                            Category:downloaded
                            Size (bytes):380848
                            Entropy (8bit):5.202109831427653
                            Encrypted:false
                            SSDEEP:3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
                            MD5:67A0C4DBD69561F3226243034423F1ED
                            SHA1:88C1B5C7EBBFA24D8196290206BF544F28EEB406
                            SHA-256:74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
                            SHA-512:D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
                            Malicious:false
                            Reputation:low
                            URL:https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
                            Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

                            Chrome Cache Entry: 47

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text, with very long lines (408)
                            Category:downloaded
                            Size (bytes):462
                            Entropy (8bit):5.830229840290198
                            Encrypted:false
                            SSDEEP:6:qF/sGq3+mmnk07zG/HNUE2W8rphbYciSUnXrR7wOKjyaKWGvPcLX+XLtgHVq+YlG:3R+xncIZtKnWOKjydQX+Xs1h4AEdeIQL
                            MD5:60F6FC67109509B24924ED88DC1443AE
                            SHA1:0D14DC22261339B18C8E3F9F8B7147BB40122912
                            SHA-256:9004AF93BDDEC05FB458B2AB447FF4E6B20D159556D0265F167CB353B9C2509A
                            SHA-512:96EE29C7E99B613F1942A3AEA3167221D8A92C307AD86C7F5F05CC2CD04320287091851EFD60FD55CAD724BAD78616D073873853950DF19417C5999AF3158D74
                            Malicious:false
                            Reputation:low
                            URL:https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114
                            Preview:<html>. <head>. <script>window.location.href = 'https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==';</script>. </head>. <body>. </body>.</html>.

                            Chrome Cache Entry: 48

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):6139
                            Entropy (8bit):5.362126547261761
                            Encrypted:false
                            SSDEEP:96:O4/OntrROKYqP9V9VSZ2iesU8/Mlo1jJUhMjZOlSf8Zn5mGT24CNugRsiKvz:ObtrROKYqlpSZDesU8Em19UwZOlc8ZUI
                            MD5:E62B8316A6CB0C481FAA88344EBE8CB4
                            SHA1:04443E162BCD67F488AE4B285457E31B10093BA4
                            SHA-256:4C215C6B2F983B4B8B9966C5F5D7F0F8F4E36B5D8204C701AFD64F37924C7CA6
                            SHA-512:60220398C837A0C48953B19C8C279685E7717969C1CDFD3B4F91C95076962042F0F6935DE976242673B5780AD6CACA249AAA23DEEC60186AD3E7E53D93A24D7D
                            Malicious:false
                            Reputation:low
                            URL:https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==
                            Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. ...<script src="http://code.jquery.com/jquery-1.10.2.js"></script>.<script src="http://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>..<style>..body, html {.height: 100%;.margin: 0;.font

                            Chrome Cache Entry: 49

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text, with very long lines (65447)
                            Category:dropped
                            Size (bytes):380848
                            Entropy (8bit):5.202109831427653
                            Encrypted:false
                            SSDEEP:3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
                            MD5:67A0C4DBD69561F3226243034423F1ED
                            SHA1:88C1B5C7EBBFA24D8196290206BF544F28EEB406
                            SHA-256:74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
                            SHA-512:D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
                            Malicious:false
                            Reputation:low
                            Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

                            Chrome Cache Entry: 50

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:downloaded
                            Size (bytes):1471
                            Entropy (8bit):4.754611179426391
                            Encrypted:false
                            SSDEEP:24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
                            MD5:15E89F9684B18EC43EE51F8D62A787C3
                            SHA1:9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
                            SHA-256:16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
                            SHA-512:79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
                            Malicious:false
                            Reputation:low
                            URL:https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
                            Preview:/* line 1, app/assets/stylesheets/landing-watermark.scss */..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../* line 4, app/assets/stylesheets/landing-watermark.scss */..watermark.left {. left: 0;.}../* line 7, app/assets/stylesheets/landing-watermark.scss */..watermark.right {. right: 0;.}../* line 10, app/assets/stylesheets/landing-watermark.scss */..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../* line 15, app/assets/stylesheets/landing-watermark.scss */..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../* line 24, app/assets/stylesheets/landing-watermark.scss */.#template_sei .watermark.left {. margin-left: -10px;.}../* li

                            Static File Info

                            No static file info

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 12, 2024 21:35:52.435666084 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:35:52.747769117 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:35:53.357135057 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:35:54.560297966 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:35:54.638410091 CET49674443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:35:54.638472080 CET49675443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:35:54.685311079 CET49672443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:35:56.966577053 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:36:01.066169977 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:01.435250998 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:01.856885910 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:36:02.341074944 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:03.841156960 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:04.298470974 CET49672443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:04.326226950 CET49674443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:04.326245070 CET49675443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:05.688555002 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:05.688604116 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:05.688698053 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:05.688971043 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:05.688987970 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:06.824403048 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:07.363831043 CET44349698104.98.116.138192.168.2.7
                            Dec 12, 2024 21:36:07.364983082 CET49698443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:07.397975922 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:07.446856976 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:07.459496021 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:07.459511042 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:07.460777044 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:07.460846901 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:07.499367952 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:07.499665022 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:07.548949003 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:07.548964024 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:07.585088968 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.585192919 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:07.585377932 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.588011980 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.588057995 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:07.588119984 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.588359118 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.588401079 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:07.588548899 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:07.588566065 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:07.591612101 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:09.333353043 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.334479094 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.334500074 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.335069895 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.335283041 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.335294962 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.335635900 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.336282969 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.336308002 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.336349964 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.337412119 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.337464094 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.337573051 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.339854002 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.339921951 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.383322954 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.391602993 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.391611099 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.391721964 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.391733885 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.438180923 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.438554049 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:09.911555052 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.911633015 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:09.911703110 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:10.033482075 CET49708443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:10.033514977 CET443497083.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:10.479176044 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.479232073 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:10.479300976 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.479779005 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.479840040 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:10.479896069 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.480074883 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.480093002 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:10.480334044 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:10.480350018 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:11.467334032 CET49671443192.168.2.7204.79.197.203
                            Dec 12, 2024 21:36:12.220590115 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.224524021 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.224601030 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.225676060 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.225760937 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.227158070 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.227248907 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.227550030 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.227576017 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.227843046 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.228413105 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.228477955 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.229917049 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.229993105 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.230401993 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.230477095 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.280721903 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.280756950 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.280781984 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:12.326869011 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:12.782092094 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:14.297202110 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.297233105 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.297243118 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.297310114 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.297307968 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.297358990 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.298851013 CET49713443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.298871994 CET4434971334.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.348479033 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.348543882 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.348615885 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.349709988 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.350246906 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.350258112 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.391345024 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.801892996 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.801942110 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.802020073 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.802022934 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:14.802062035 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.808480024 CET49712443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:14.808510065 CET4434971234.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.239834070 CET49698443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:15.240223885 CET49726443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:15.240271091 CET44349726104.98.116.138192.168.2.7
                            Dec 12, 2024 21:36:15.240359068 CET49726443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:15.242830992 CET49726443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:36:15.242841959 CET44349726104.98.116.138192.168.2.7
                            Dec 12, 2024 21:36:15.359730959 CET44349698104.98.116.138192.168.2.7
                            Dec 12, 2024 21:36:15.591842890 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.592135906 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:15.592168093 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.593283892 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.593714952 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:15.593879938 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:15.593892097 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.635348082 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:15.641170025 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.228034019 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228111982 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228136063 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228178978 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.228183031 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228215933 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228219032 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.228235960 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.228245974 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.228265047 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.228283882 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.283442020 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.283474922 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.283552885 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.283576012 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.283618927 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.432352066 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.432389975 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.432454109 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.432481050 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.432509899 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.432526112 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.464778900 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.464852095 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.464878082 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.464894056 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.464935064 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.464956045 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.495393038 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.495420933 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.495481014 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.495496988 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.495543003 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.546487093 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.546520948 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.546576023 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.546588898 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.546638012 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.627461910 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.627495050 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.627536058 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.627551079 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.627582073 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.627597094 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.647977114 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.648014069 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.648056030 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.648070097 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.648101091 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.648113966 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.667695045 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.667733908 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.667767048 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.667825937 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.667834997 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.667877913 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.682416916 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.682502031 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.682508945 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.682534933 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.682568073 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.682585001 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.700170994 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.700208902 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.700252056 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.700265884 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.700306892 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.806510925 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.806552887 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.806608915 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.806624889 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.806668043 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.821899891 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.821930885 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.821978092 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.821991920 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.822042942 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.838726997 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.838758945 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.838812113 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.838828087 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.838880062 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.858573914 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.858607054 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.858666897 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.858685017 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.858726025 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.858741999 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.872731924 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.872771025 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.872809887 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.872823954 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.872869015 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.892581940 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.892611980 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.892667055 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.892682076 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.892735958 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.909617901 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.909651041 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.909728050 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.909744978 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.909785986 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.923842907 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.923871994 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.923960924 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.923980951 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:16.924031973 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:16.924031973 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.001708031 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.001739979 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.001800060 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.001815081 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.001859903 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.020319939 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.020354033 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.020407915 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.020423889 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.020466089 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.020481110 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.037307978 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.037338972 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.037410021 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.037425995 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.037465096 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.037478924 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.054352999 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.054404020 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.054439068 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.054455042 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.054500103 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.054519892 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.057277918 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.057358027 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.057367086 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.057430029 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.057718039 CET49724443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.057730913 CET4434972434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.085278988 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:17.085350037 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:17.085407972 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:17.111704111 CET49706443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:36:17.111726046 CET44349706142.250.181.132192.168.2.7
                            Dec 12, 2024 21:36:17.203998089 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:17.204037905 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:17.204108953 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:17.204310894 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:17.204324007 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:17.236112118 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.236172915 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:17.236236095 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.236788034 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:17.236803055 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.457252026 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.460928917 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:18.460956097 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.461965084 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.462479115 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:18.462615013 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.462739944 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:18.503339052 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.906524897 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.906603098 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.906668901 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:18.907466888 CET49734443192.168.2.734.196.207.207
                            Dec 12, 2024 21:36:18.907493114 CET4434973434.196.207.207192.168.2.7
                            Dec 12, 2024 21:36:18.911717892 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.911762953 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.911834002 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.912086010 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.912102938 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.938446999 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.938744068 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.938760996 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.939768076 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.939834118 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.940320015 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.940367937 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.940489054 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:18.940495968 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:18.982040882 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.056552887 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056629896 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056653023 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056701899 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056742907 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056744099 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.056782961 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.056798935 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.056816101 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.056870937 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.243614912 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.243689060 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.243868113 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.243868113 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.243904114 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.245719910 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.289490938 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.289550066 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.289665937 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.289665937 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.289714098 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.290364981 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.409535885 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.409598112 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.409708977 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.409709930 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.409739017 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.409830093 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.448293924 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.448323965 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.448483944 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.448497057 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.448628902 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.472332954 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.472382069 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.472455025 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.472476959 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.472520113 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.472698927 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.489679098 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.489727974 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.489777088 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.489799976 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.489831924 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.490324020 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.603769064 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.603840113 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.603884935 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.603925943 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.603955030 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.604032040 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.621310949 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.621378899 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.621417046 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.621447086 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.621468067 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.621494055 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.635636091 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.635701895 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.635719061 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.635744095 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.635766983 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.635788918 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.651128054 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.651189089 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.651226044 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.651251078 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.651268959 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.651294947 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.657983065 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.658271074 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.658298969 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.659373045 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.659439087 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.659812927 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.659864902 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.659982920 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.659990072 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.666491985 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.666516066 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.666587114 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.666611910 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.666662931 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.682301044 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.682368994 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.682410955 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.682435989 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.682463884 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.682492971 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.698301077 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.698362112 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.698404074 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.698431015 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.698450089 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.698474884 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.703064919 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.790208101 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.790263891 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.790303946 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.790334940 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.790364027 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.790384054 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.803261995 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.803309917 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.803369999 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.803392887 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.803419113 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.803441048 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.817097902 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.817146063 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.817195892 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.817218065 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.817241907 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.817260027 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.828823090 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.828870058 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.828918934 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.828948975 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.828969002 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.828999996 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.841415882 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.841460943 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.841522932 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.841551065 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.841584921 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.841618061 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.854176998 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.854227066 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.854274035 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.854294062 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.854315996 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.854340076 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.868829012 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.868877888 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.868938923 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.868956089 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.869009972 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.879158974 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.879211903 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.879251957 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.879259109 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.879292011 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.879311085 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.980648041 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.980722904 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.980768919 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.980806112 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.980820894 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.980855942 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984366894 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.984431982 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984436989 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.984500885 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984563112 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.984628916 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984668970 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984688044 CET443497333.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:20.984697104 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:20.984734058 CET49733443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:21.144213915 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:21.144372940 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:21.144471884 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:21.145004034 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:21.145025015 CET443497423.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:21.145054102 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:21.145078897 CET49742443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:24.685714960 CET49677443192.168.2.720.50.201.200
                            Dec 12, 2024 21:36:54.403978109 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:36:54.404004097 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:36:59.302551031 CET44349726104.98.116.138192.168.2.7
                            Dec 12, 2024 21:36:59.302669048 CET49726443192.168.2.7104.98.116.138
                            Dec 12, 2024 21:37:03.622591972 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:37:03.622698069 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:37:03.622812986 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:37:03.842803955 CET49709443192.168.2.73.82.118.141
                            Dec 12, 2024 21:37:03.842829943 CET443497093.82.118.141192.168.2.7
                            Dec 12, 2024 21:37:05.625013113 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:05.625066042 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:05.625118017 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:05.625478983 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:05.625498056 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:07.320811987 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:07.324243069 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:07.324263096 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:07.324623108 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:07.336406946 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:07.336491108 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:07.384872913 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:17.027331114 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:17.027415991 CET44349850142.250.181.132192.168.2.7
                            Dec 12, 2024 21:37:17.027471066 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:17.844608068 CET49850443192.168.2.7142.250.181.132
                            Dec 12, 2024 21:37:17.844646931 CET44349850142.250.181.132192.168.2.7

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 12, 2024 21:36:01.837007999 CET53609971.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:01.905307055 CET53620161.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:04.670728922 CET53591641.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:05.548343897 CET5811353192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:05.548538923 CET5753553192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:05.685729027 CET53581131.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:05.687388897 CET53575351.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:06.851499081 CET5404753192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:06.851644039 CET5395153192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:07.460494995 CET123123192.168.2.740.81.94.65
                            Dec 12, 2024 21:36:07.577305079 CET53539511.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:07.578233004 CET53540471.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:08.059849977 CET12312340.81.94.65192.168.2.7
                            Dec 12, 2024 21:36:10.079324007 CET5263953192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:10.080010891 CET6113753192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:10.477721930 CET53611371.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:10.478406906 CET53526391.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:17.065005064 CET6266153192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:17.065361977 CET6414653192.168.2.71.1.1.1
                            Dec 12, 2024 21:36:17.202805042 CET53626611.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:17.203525066 CET53641461.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:21.832782030 CET53588931.1.1.1192.168.2.7
                            Dec 12, 2024 21:36:40.559700012 CET53560761.1.1.1192.168.2.7
                            Dec 12, 2024 21:37:01.359899044 CET53578811.1.1.1192.168.2.7
                            Dec 12, 2024 21:37:01.473478079 CET138138192.168.2.7192.168.2.255
                            Dec 12, 2024 21:37:03.357163906 CET53521251.1.1.1192.168.2.7

                            ICMP Packets

                            TimestampSource IPDest IPChecksumCodeType
                            Dec 12, 2024 21:36:01.988778114 CET192.168.2.71.1.1.1c236(Port unreachable)Destination Unreachable

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Dec 12, 2024 21:36:05.548343897 CET192.168.2.71.1.1.10x1c94Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:05.548538923 CET192.168.2.71.1.1.10x58feStandard query (0)www.google.com65IN (0x0001)false
                            Dec 12, 2024 21:36:06.851499081 CET192.168.2.71.1.1.10x8624Standard query (0)welsfargo.com-onlinebanking.comA (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:06.851644039 CET192.168.2.71.1.1.10xe4a5Standard query (0)welsfargo.com-onlinebanking.com65IN (0x0001)false
                            Dec 12, 2024 21:36:10.079324007 CET192.168.2.71.1.1.10x6405Standard query (0)secured-login.netA (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.080010891 CET192.168.2.71.1.1.10x668bStandard query (0)secured-login.net65IN (0x0001)false
                            Dec 12, 2024 21:36:17.065005064 CET192.168.2.71.1.1.10x9b62Standard query (0)secured-login.netA (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.065361977 CET192.168.2.71.1.1.10x9f0eStandard query (0)secured-login.net65IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Dec 12, 2024 21:36:05.685729027 CET1.1.1.1192.168.2.70x1c94No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:05.687388897 CET1.1.1.1192.168.2.70x58feNo error (0)www.google.com65IN (0x0001)false
                            Dec 12, 2024 21:36:07.577305079 CET1.1.1.1192.168.2.70xe4a5No error (0)welsfargo.com-onlinebanking.comlanding.training.knowbe4.comCNAME (Canonical name)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)welsfargo.com-onlinebanking.comlanding.training.knowbe4.comCNAME (Canonical name)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com3.82.118.141A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com3.92.248.204A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com34.196.207.207A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com34.234.54.251A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com44.193.158.35A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:07.578233004 CET1.1.1.1192.168.2.70x8624No error (0)landing.training.knowbe4.com54.210.185.151A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net34.196.207.207A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net54.210.185.151A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net44.193.158.35A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net3.92.248.204A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net34.234.54.251A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:10.478406906 CET1.1.1.1192.168.2.70x6405No error (0)secured-login.net3.82.118.141A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net3.82.118.141A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net54.210.185.151A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net44.193.158.35A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net3.92.248.204A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net34.196.207.207A (IP address)IN (0x0001)false
                            Dec 12, 2024 21:36:17.202805042 CET1.1.1.1192.168.2.70x9b62No error (0)secured-login.net34.234.54.251A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • welsfargo.com-onlinebanking.com
                            • https:
                              • secured-login.net

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.7497083.82.118.1414433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:09 UTC1002OUTGET /XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114 HTTP/1.1
                            Host: welsfargo.com-onlinebanking.com
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:09 UTC574INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:09 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 462
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            X-XSS-Protection: 0
                            X-Content-Type-Options: nosniff
                            X-Permitted-Cross-Domain-Policies: none
                            Referrer-Policy: no-referrer-when-downgrade
                            ETag: W/"9004af93bddec05fb458b2ab447ff4e6"
                            Cache-Control: max-age=0, private, must-revalidate
                            Content-Security-Policy:
                            X-Request-Id: b54d9776-dcbe-4f6e-b456-8ce47dc2715b
                            X-Runtime: 0.115156
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
                            2024-12-12 20:36:09 UTC462INData Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 64 2d 6c 6f 67 69 6e 2e 6e 65 74 2f 70 61 67 65 73 2f 35 32 65 31 31 36 62 34 36 33 34 33 36 2f 58 54 46 6c 79 53 6e 6c 7a 59 7a 51 31 55 58 68 71 61 6a 46 54 56 6d 74 73 59 57 35 30 57 6b 4a 42 65 6d 52 54 61 6d 52 34 4d 45 39 6d 4d 47 74 6e 56 57 56 69 4c 33 64 45 55 33 67 35 63 46 52 49 55 6b 46 48 4f 57 64 4a 51 6b 78 79 62 7a 68 4a 4c 31 5a 55 53 6d 4a 34 63 45 78 56 5a 6e 6b 30 55 6a 56 52 63 6e 46 45 63 32 31 77 4b 32 74 58 65 47 59 79 65 47 34 32 54 7a 4a 6a 52 45 5a 6d 4e 30 35 4a 51 6b 68 79 5a 48 56 69 4d 6c 64 55 61 6b 52 52 4d 33 52 45 4b 7a
                            Data Ascii: <html> <head> <script>window.location.href = 'https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKz


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.74971334.196.207.2074433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:12 UTC1358OUTGET /pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ== HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-Dest: document
                            Referer: https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:14 UTC832INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:14 GMT
                            Content-Type: text/html; charset=utf-8
                            Content-Length: 6139
                            Connection: close
                            X-Frame-Options: SAMEORIGIN
                            X-XSS-Protection: 0
                            X-Content-Type-Options: nosniff
                            X-Permitted-Cross-Domain-Policies: none
                            Referrer-Policy: no-referrer-when-downgrade
                            Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush
                            ETag: W/"4c215c6b2f983b4b8b9966c5f5d7f0f8"
                            Cache-Control: max-age=0, private, must-revalidate
                            Content-Security-Policy:
                            X-Request-Id: ade384cd-2b25-400e-8f6e-922adeb4cf12
                            X-Runtime: 1.606556
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
                            2024-12-12 20:36:14 UTC6139INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63
                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.74971234.196.207.2074433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:14 UTC959OUTGET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: text/css,*/*;q=0.1
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: style
                            Referer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:14 UTC263INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:14 GMT
                            Content-Type: text/css
                            Content-Length: 1471
                            Connection: close
                            Last-Modified: Thu, 12 Dec 2024 20:14:20 GMT
                            Vary: accept-encoding
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
                            2024-12-12 20:36:14 UTC1471INData Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61
                            Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss */.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/* line 4, app/assets/stylesheets/landing-wa


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.74972434.196.207.2074433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:15 UTC938OUTGET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: */*
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: script
                            Referer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:16 UTC279INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:15 GMT
                            Content-Type: application/javascript
                            Content-Length: 380848
                            Connection: close
                            Last-Modified: Thu, 12 Dec 2024 20:14:20 GMT
                            Vary: accept-encoding
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
                            2024-12-12 20:36:16 UTC16105INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                            Data Ascii: /*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                            2024-12-12 20:36:16 UTC16384INData Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72
                            Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type||fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},fir
                            2024-12-12 20:36:16 UTC56INData Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61
                            Data Ascii: (e,n)||_.access(e,n,{empty:ce.Callbacks("once memory").a
                            2024-12-12 20:36:16 UTC16384INData Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29
                            Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
                            2024-12-12 20:36:16 UTC16384INData Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74
                            Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
                            2024-12-12 20:36:16 UTC16384INData Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22
                            Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)||wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
                            2024-12-12 20:36:16 UTC16384INData Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c
                            Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCal
                            2024-12-12 20:36:16 UTC16384INData Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a
                            Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
                            2024-12-12 20:36:16 UTC16384INData Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72
                            Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
                            2024-12-12 20:36:16 UTC16384INData Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68
                            Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]||[]).slice(),function(){this.options&&(!this.options.disabled&&th


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.74973434.196.207.2074433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:18 UTC923OUTGET /favicon.ico HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://secured-login.net/pages/52e116b463436/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:18 UTC253INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:18 GMT
                            Content-Type: image/vnd.microsoft.icon
                            Content-Length: 0
                            Connection: close
                            Last-Modified: Thu, 12 Dec 2024 20:15:03 GMT
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.7497333.82.118.1414433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:18 UTC427OUTGET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:20 UTC279INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:19 GMT
                            Content-Type: application/javascript
                            Content-Length: 380848
                            Connection: close
                            Last-Modified: Thu, 12 Dec 2024 20:14:20 GMT
                            Vary: accept-encoding
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
                            2024-12-12 20:36:20 UTC16105INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                            Data Ascii: /*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                            2024-12-12 20:36:20 UTC16384INData Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72
                            Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type||fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},fir
                            2024-12-12 20:36:20 UTC56INData Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61
                            Data Ascii: (e,n)||_.access(e,n,{empty:ce.Callbacks("once memory").a
                            2024-12-12 20:36:20 UTC16384INData Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29
                            Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
                            2024-12-12 20:36:20 UTC16384INData Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74
                            Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
                            2024-12-12 20:36:20 UTC16384INData Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22
                            Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)||wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
                            2024-12-12 20:36:20 UTC16384INData Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c
                            Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCal
                            2024-12-12 20:36:20 UTC16384INData Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a
                            Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
                            2024-12-12 20:36:20 UTC16384INData Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72
                            Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
                            2024-12-12 20:36:20 UTC16384INData Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68
                            Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]||[]).slice(),function(){this.options&&(!this.options.disabled&&th


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.7497423.82.118.1414433364C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-12-12 20:36:20 UTC352OUTGET /favicon.ico HTTP/1.1
                            Host: secured-login.net
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-12-12 20:36:21 UTC253INHTTP/1.1 200 OK
                            Date: Thu, 12 Dec 2024 20:36:20 GMT
                            Content-Type: image/vnd.microsoft.icon
                            Content-Length: 0
                            Connection: close
                            Last-Modified: Thu, 12 Dec 2024 20:15:03 GMT
                            Strict-Transport-Security: max-age=63113904; includeSubDomains; preload


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:15:35:56
                            Start date:12/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                            Imagebase:0x7ff6c4390000
                            File size:3'242'272 bytes
                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:2
                            Start time:15:35:59
                            Start date:12/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2172,i,15074720881907596878,5303227173293143602,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                            Imagebase:0x7ff6c4390000
                            File size:3'242'272 bytes
                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:9
                            Start time:15:36:05
                            Start date:12/12/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114"
                            Imagebase:0x7ff6c4390000
                            File size:3'242'272 bytes
                            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            Disassembly

                            No disassembly