Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html

Overview

General Information

Sample URL:https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html
Analysis ID:1585321
Infos:

Detection

CAPTCHA Scam ClickFix
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detect drive by download via clipboard copy & paste
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
AI detected suspicious Javascript
Phishing site or detected (based on various text indicators)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2024,i,9731734305602464829,782712393607184548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 1644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_71JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
      1.1.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-07T14:15:01.076389+010028594861A Network Trojan was detected194.182.160.205443192.168.2.549716TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.htmlAvira URL Cloud: detection malicious, Label: malware

        Phishing

        barindex
        Yara detected CAPTCHA Scam ClickFix
        Source: Yara matchFile source: 1.0.pages.csv, type: HTML
        Source: Yara matchFile source: 1.1.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_71, type: DROPPED
        AI detected suspicious Javascript
        Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://sos-ch-gva-2.exo.io/ready/seah/continue/co... This script demonstrates several high-risk behaviors, including dynamic code execution (using `mshta` to run a remote script), data exfiltration (copying sensitive text to the clipboard), and redirecting to a suspicious domain (`simplerwebs.website`). The script also manipulates the DOM to display a reCAPTCHA popup, which could be part of a phishing attempt. Overall, this script exhibits a high level of malicious intent and poses a significant security risk.
        Phishing site or detected (based on various text indicators)
        Source: Chrome DOM: 1.0OCR Text: Verify You Are Human Please verify that you are a human to continue. I'm not a robot
        Source: Chrome DOM: 1.1OCR Text: Verify You Are Human Please verify that you are a human to continue. I'm nat a robat Verification Steps 1. Press Windows Button 2. Press CTRL + V 3. Press Enter
        Source: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.htmlHTTP Parser: No favicon
        Source: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.htmlHTTP Parser: No favicon

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2859486 - Severity 1 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound : 194.182.160.205:443 -> 192.168.2.5:49716
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /ready/seah/continue/complete-this-to-continue.html HTTP/1.1Host: sos-ch-gva-2.exo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://sos-ch-gva-2.exo.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sos-ch-gva-2.exo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2 HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://sos-ch-gva-2.exo.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: sos-ch-gva-2.exo.io
        Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundx-amz-request-id: b7849d06-df13-42b2-8211-fe1be842b149x-amzn-request-id: b7849d06-df13-42b2-8211-fe1be842b149x-amz-id-2: b7849d06-df13-42b2-8211-fe1be842b149content-length: 169content-type: application/xmlserver: Aleph/0.6.0date: Tue, 07 Jan 2025 13:15:02 GMThost: sos-ch-gva-2.exo.ioconnection: close
        Source: chromecache_71.2.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
        Source: chromecache_69.2.drString found in binary or memory: https://fontawesome.com
        Source: chromecache_69.2.drString found in binary or memory: https://fontawesome.com/license/free
        Source: chromecache_71.2.drString found in binary or memory: https://simplerwebs.website/anrek.mp4
        Source: chromecache_71.2.drString found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: classification engineClassification label: mal80.phis.win@16/17@6/5
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2024,i,9731734305602464829,782712393607184548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2024,i,9731734305602464829,782712393607184548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Window RecorderWindow detected: More than 3 window changes detected

        Persistence and Installation Behavior

        barindex
        Detect drive by download via clipboard copy & paste
        Source: screenshotOCR Text: x e about:blank X Verify You Are Human C sas-ch-gva-2.exo.io/ready/seah/cantinue/complete-this-to-continue.html Verify You Are Human Please verify that you are a human to continue. I'm not a rabat Verification Steps 1. Press Windows Button 2. Press CTRL + V 3. Press Enter 0815 ENG p Type here to search 07/01/2025
        Source: Chrome DOM: 1.1OCR Text: Verify You Are Human Please verify that you are a human to continue. I'm nat a robat Verification Steps 1. Press Windows Button 2. Press CTRL + V 3. Press Enter
        Source: screenshotOCR Text: x e about:blank X Verify You Are Human C sas-ch-gva-2.exo.io/ready/seah/cantinue/complete-this-to-continue.html Verify You Are Human Please verify that you ar a human to continue. I'm not a rabat Verification Steps 1. Press Windows Button 2. Press CTRL + V 3. Press Enter 0815 ENG p Type here to search 07/01/2025
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
        Browser Extensions        		1
        Process Injection        		1
        Masquerading        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Registry Run Keys / Startup Folder        		1
        Registry Run Keys / Startup Folder        		1
        Process Injection        		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html100%Avira URL Cloudmalware

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://simplerwebs.website/anrek.mp40%Avira URL Cloudsafe
        https://sos-ch-gva-2.exo.io/favicon.ico0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        lb-ch-gva-2.exo.io
        		194.182.160.205
        		truetrue
          		unknown
          cdnjs.cloudflare.com
          		104.17.25.14
          		truefalse
            		high
            www.google.com
            		172.217.16.196
            		truefalse
              		high
              sos-ch-gva-2.exo.io
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.cssfalse
                  		high
                  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2false
                    		high
                    https://sos-ch-gva-2.exo.io/favicon.icotrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.htmltrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://fontawesome.comchromecache_69.2.drfalse
                        		high
                        https://simplerwebs.website/anrek.mp4chromecache_71.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://fontawesome.com/license/freechromecache_69.2.drfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          194.182.160.205
                          		lb-ch-gva-2.exo.ioSwitzerland
                          		61098EXOSCALECHtrue
                          172.217.16.196
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          104.17.25.14
                          		cdnjs.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse

                          Private

                          IP
                          192.168.2.5

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1585321
                          Start date and time:2025-01-07 14:14:02 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 2m 56s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:browseurl.jbs
                          Sample URL:https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:7
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal80.phis.win@16/17@6/5
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.185.142, 64.233.166.84, 142.250.74.206, 142.250.185.78, 142.250.186.35, 142.250.185.195, 2.22.50.131, 192.229.221.95, 142.250.185.238, 142.250.181.238, 142.250.186.78, 172.217.18.14, 142.250.186.163, 216.58.212.174, 172.217.16.206, 184.28.90.27, 4.245.163.56, 13.107.246.45
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 12:14:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9735889639785706
                          Encrypted:false
                          SSDEEP:48:8S2ddOT9K+RvHMidAKZdA19ehwiZUklqehKy+3:8U/SFy
                          MD5:0E4ABD0EED6E85B07398ED60754924A8
                          SHA1:A18D50DFA3696172939F8DDCF7694E0EB36EAE78
                          SHA-256:BA22B6D16973139B35D7D49F7E65926D3D45384992FE6B53D7563B3CC0D319D3
                          SHA-512:C9F3A274909B77A4DBC53ED42E2E0D052A71838E59E67C9AEA11373FDF71A83B0B306D2650B6E013B1B776249C3FA2D8193A2FB01AA88BCE69CDD04B9088FA89
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....7.%.a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 12:14:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.9893820495286434
                          Encrypted:false
                          SSDEEP:48:8g2ddOT9K+RvHMidAKZdA1weh/iZUkAQkqeh1y+2:8K/I9Qoy
                          MD5:966C9A97A80CE8D47F9AC396F131F14F
                          SHA1:DF705F020C79D5AD13C43B23ABD05A18340E8B29
                          SHA-256:F9D6A8A5C0ABAAEB8C65C0E3E64D01E4D7D125EB7DD7273C75C88CDCA4DCFB04
                          SHA-512:791051FBABF73F8F45F5CF9B73946504DD5E648C086020F4D5C95B302FAAF207338A289448FA0A7BF07695A389364B50C8C45F85B4DB4845FB4204408C2D6EAA
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.......%.a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2693
                          Entropy (8bit):4.001705983534536
                          Encrypted:false
                          SSDEEP:48:8xK2ddOT9K+RsHMidAKZdA14tseh7sFiZUkmgqeh7sby+BX:8xM/tn5y
                          MD5:A7B03F0A71E9626067F8624D0FDB9136
                          SHA1:1BDB377635613807360B4B6D0F847FF07D0E511E
                          SHA-256:DC3379624DCF75E066F5B66844727555373E7B2456A86746211ED95AA4CF941E
                          SHA-512:749789F9EB07702C8F4A8CB2FAE92A7A0EBBF5F09D2F51F78C3D3446FBFADDEB33941DD635CC952DC11CBFF7A2627BC4306D970E9E781FC0377C268B4451DBBA
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 12:14:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2681
                          Entropy (8bit):3.988456569783845
                          Encrypted:false
                          SSDEEP:48:8L2ddOT9K+RvHMidAKZdA1vehDiZUkwqehxy+R:8h/Tzy
                          MD5:7F197A6C085B4F4A60C6E3E8CD553921
                          SHA1:3481747709E309287CE798A5536FE8148F0BD0D9
                          SHA-256:04ADDA221E78521313296C83C2C224B793954DFDE5C8039E60C2E039DFDA30CF
                          SHA-512:6E265AFC51A95CFB294FEED4F4C3FEC9703ADB648A77AA822E7FF9A92934E1AF2264F016EE916945AEA7C4A971E6D706F3293ECB751AD2CEFEA11583AAC10F12
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.......%.a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 12:14:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2681
                          Entropy (8bit):3.974222014261025
                          Encrypted:false
                          SSDEEP:48:8n2ddOT9K+RvHMidAKZdA1hehBiZUk1W1qehPy+C:81/D9vy
                          MD5:8468782EC9AF3A389F5A6368CF481E6D
                          SHA1:79E541B37721D49C5C8369A9F7193DCC2EE8DEF9
                          SHA-256:45289293D5F37F276D5267499B9545C27903B822FFE88803B4CBF04E7DC9BCE1
                          SHA-512:65C7B07D53F028371DCF271E56339C96AF29E83D0CA93C862F5D7A31C02848808A2972B96F0A64850C743978B68B5D422635A394D8DD28842B297641049AB8CA
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....r.%.a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 7 12:14:55 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2683
                          Entropy (8bit):3.9867888559532165
                          Encrypted:false
                          SSDEEP:48:8k2ddOT9K+RvHMidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8W/zT/TbxWOvTb5y7T
                          MD5:49039880942BB044D1465D7E73B7F447
                          SHA1:8036569DD9E2EEC764AA5EBE594C9ED96688A090
                          SHA-256:5744E5C9CF8F1366657986EF0132A44D6F4190744B0C9328BDD5C0180622F40E
                          SHA-512:BE2193FE02D50C85788D8BE5F266E8602A8008761FCBC5DFF46E105829E23A65982FD2E2BF01FA30E2F0266B94EC7305531F89E5DE5416DF57F4B71C2519895C
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,....+`.%.a..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I'Z.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V'Z.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V'Z.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V'Z.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V'Z.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............ g.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Chrome Cache Entry: 68

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:XML 1.0 document, ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):169
                          Entropy (8bit):4.933248824592941
                          Encrypted:false
                          SSDEEP:3:vFWWMNHU8LdgCfIqZj++anCA/cAbWWUAVMABJRvWQBWRaWWU9nQkXTMJLMunQko2:TMVBd/IqZj7rAIWt5dTgRdW6sLMoiKvn
                          MD5:3D6AA58C4F15BF83C29ACA18AAD95AB2
                          SHA1:74540612914CDA9957CD2ECF9C6DB82E01F4CA70
                          SHA-256:2686FB6EDE2A99746AA46E78B6704F20389EF6CE285819365F3D150A3252C140
                          SHA-512:DD67B30E6B8A361F21F6D6476CF8E721BC390A16C4EA3156430E809238C68C40E5D8FCC267612807F914D7873155AE5C591E333D54C2AC9304EB48AAAE955AC3
                          Malicious:false
                          Reputation:low
                          URL:https://sos-ch-gva-2.exo.io/favicon.ico
                          Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><BucketName>favicon.ico</BucketName></Error>

                          Chrome Cache Entry: 69

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65311)
                          Category:downloaded
                          Size (bytes):83981
                          Entropy (8bit):4.7735566283508355
                          Encrypted:false
                          SSDEEP:1536:YlMVM6MVM9MVMKMVMRsVMNdhwJHQ9Kll3ITRUHrt+z:sdhgw9kITRULt+z
                          MD5:3D5EF2BF867C4054A2F336CDBAD9E1DC
                          SHA1:07228D1FA3245EE156A27A353F45758A3207849F
                          SHA-256:A361E7885C36BACB3FD9CB068DA207C3B9329962CAC022D06E28923939F575E8
                          SHA-512:168DEB96B663FE4EEE8D39C78380864760FB912B34BF82CB6A7C36AA4B18B91944CCEFAD71A10F428810D0A6A818DDBAFF3AE7DB42264750DFB8B5A73A8EDA04
                          Malicious:false
                          Reputation:low
                          URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
                          Preview:/*!. * Font Awesome Free 6.0.0-beta3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2021 Fonticons, Inc.. */..fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-duotone,.fa-light,.fa-regular,.fa-solid,.fa-thin,.fab,.fad,.fal,.far,.fas,.fat{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;line-height:.08333em;vertical-align:.125em}.fa-sm{font-size:.875em;line-height:.07143em;vertical-align:.0

                          Chrome Cache Entry: 70

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                          Category:dropped
                          Size (bytes):2228
                          Entropy (8bit):7.82817506159911
                          Encrypted:false
                          SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                          MD5:EF9941290C50CD3866E2BA6B793F010D
                          SHA1:4736508C795667DCEA21F8D864233031223B7832
                          SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                          SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                          Malicious:false
                          Reputation:low
                          Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                          Chrome Cache Entry: 71

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                          Category:downloaded
                          Size (bytes):4707
                          Entropy (8bit):4.472498788693309
                          Encrypted:false
                          SSDEEP:96:SWHqSNEk6h39WgrQDBcTI5FkLofmIqMOSs:SWl2h39gD2lLofbFs
                          MD5:A3CEDEC1CE6B608EB41B7B3A3C46A120
                          SHA1:54B72BDFE9F33F020D69A9247A9B1D63CD9BAB94
                          SHA-256:CE7E1CA1626F396C9C8CD595B159DFE46A4935D9D5E642D07FE2C3E6C6D1EE1A
                          SHA-512:49A3D2699E2ECA078816AD9EC7ABF9A9AE28D8EAD9B7E2561458678064FF81C35992FD0245C5ADFB46476FDE22A23E09C83FE08824EA561255E4F29BAA9A105A
                          Malicious:false
                          Reputation:low
                          URL:https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html
                          Preview:...<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Verify You Are Human</title>.. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">.. <style>.. body, html {.. margin: 0;.. padding: 0;.. width: 100%;.. height: 100%;.. display: flex;.. justify-content: center;.. align-items: center;.. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;.. background: #f2f2f2;.. color: #333;.. }.. .container {.. text-align: center;.. max-width: 500px;.. margin: 20px;.. position: relative;.. }.. .recaptcha-box {.. padding: 20px;.. background: #fff;.. box-shadow: 0 5px 20px rgba(0, 0, 0, 0.3);..

                          Chrome Cache Entry: 72

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Web Open Font Format (Version 2), TrueType, length 105204, version 768.67
                          Category:downloaded
                          Size (bytes):105204
                          Entropy (8bit):7.989899350029445
                          Encrypted:false
                          SSDEEP:3072:iCoiIfDOunK2Bl6QvzIF5yXX8VLDNmketBSxyr:8i4KAl6Q7uZVPNrezSxyr
                          MD5:EE91E640B5449FB98D9320C877A9866E
                          SHA1:7FDC6B3926B1DD023F9F2AD7D53BC22694694281
                          SHA-256:33A252D6393CBD6DEBE0AC517229C7AA258A0EE68FC0253F8BE6A7CEE8B65EE9
                          SHA-512:B787D1E727C77E85DE52FDEDEA16A719BE00CFABF739F44451A2A35DB443900E8B3178DB1DDD5EAE9018850888B94994343E9B1E15873CD0211DAE83C405BD3D
                          Malicious:false
                          Reputation:low
                          URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2
                          Preview:wOF2...............h.......C.....................8.$. .`..D..8..`.H..H. ..VQf......Z?.....=..j..o......._......; ..o.....9..........'P.....U.....P.[.+7.\4....Y.B.d....[.h.!.....Z...2.....]5..]]]3..f.......E......9`.2.A'N.X..v....N....C#.yZ.Z............4.....I.Y...;..(q@..8H..m~v.KN....{.F..:..%..u...)U!JP...$v......(.n./.S:.(T..Mh.(.t../...N+.|..o.......9Zr!P.........T\...c!#.||*.....O4G(.........p.{?..#...Y..2".`DV.....U..jNT.3[.9}.$g.(.....H.Y5"......GD.#.`.Er.......(..Z.>...D...%.].[.......p..!..qU.&'Q .$.j2......B..........^.`4..L.[....R......Q.+.[.q..%...........A..$..N.A.aK.d.'. ..7~..t.a.oj...8....u._h%.+.%.K...GC....R.|..u.W.......L..{W.....d.u:..L.Q...<.YBt....X.s.z"#....R$Tg.9......@A.;.?.w}.u.z...".'..w..i....w..&...i...3....,.n.hC<..8.3(...L..4....3....'x.M.J}...v.......S.4._[......>a.@I.8i[.S....A...%..Y2.ezM...M..%>.af.P.?...8..G...x:.......Hi.:..S.\.g....6.IY...i..aN~..F...c....al;1.R.3.._.l#...3..s?M.5..|...4h

                          Chrome Cache Entry: 73

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                          Category:downloaded
                          Size (bytes):2228
                          Entropy (8bit):7.82817506159911
                          Encrypted:false
                          SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                          MD5:EF9941290C50CD3866E2BA6B793F010D
                          SHA1:4736508C795667DCEA21F8D864233031223B7832
                          SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                          SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                          Malicious:false
                          Reputation:low
                          URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                          Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                          Static File Info

                          No static file info

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2025-01-07T14:15:01.076389+01002859486ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound1194.182.160.205443192.168.2.549716TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 7, 2025 14:14:47.607597113 CET49675443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:47.607687950 CET49674443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:47.701344013 CET49673443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:57.222589970 CET49674443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:57.222790003 CET49675443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:57.316340923 CET49673443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:58.637655973 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:58.637685061 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:58.637773037 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:58.638015985 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:58.638031006 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:58.953023911 CET4434970323.1.237.91192.168.2.5
                          Jan 7, 2025 14:14:58.953118086 CET49703443192.168.2.523.1.237.91
                          Jan 7, 2025 14:14:59.296803951 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:59.297142029 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:59.297158957 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:59.298196077 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:59.298250914 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:59.299822092 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:59.299889088 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:59.347417116 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:14:59.347424984 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:14:59.394293070 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:00.152614117 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.152631998 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.152817011 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.152972937 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.153000116 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.153094053 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.153397083 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.153412104 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.153570890 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.153584957 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.793077946 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.793374062 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.793390989 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.794440031 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.794506073 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.798115015 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.798358917 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.798378944 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.799700975 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.799762011 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.800488949 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.800565004 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.800638914 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.800779104 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.801129103 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.801141024 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.849237919 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.849281073 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:00.849291086 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:00.896631002 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.075876951 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:01.075920105 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:01.075989962 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.076004982 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:01.076280117 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:01.076332092 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.077234983 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.077244043 CET44349716194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:01.077265978 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.077299118 CET49716443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:01.102456093 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.102473021 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.102583885 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.103457928 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.103471041 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.586764097 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.587263107 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.587280035 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.588306904 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.588375092 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.589602947 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.589670897 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.589801073 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.589809895 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.631664038 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.730509043 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730562925 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730596066 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730635881 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730644941 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.730664968 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730695963 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.730734110 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730773926 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.730781078 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730876923 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730905056 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730942965 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.730950117 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.730992079 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.735116959 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.735168934 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.735375881 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.735383034 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.787034988 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.820818901 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.820872068 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.820934057 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.820952892 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821053982 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821082115 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821122885 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.821131945 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821170092 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.821532011 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821577072 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821608067 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821635008 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821647882 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.821655989 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.821670055 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.822099924 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822127104 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822140932 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.822148085 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822182894 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822192907 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.822199106 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822237968 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822242022 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.822251081 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.822288990 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.823034048 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823086023 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823129892 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823132038 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.823138952 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823195934 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823236942 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.823245049 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.823379040 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.911375999 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.911451101 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.911482096 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.911505938 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.911575079 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.911689997 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.911689997 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.911720991 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.912417889 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.912513018 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.912520885 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.912648916 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.912756920 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.912934065 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.912940979 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913589001 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913650990 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.913656950 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913667917 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913698912 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.913705111 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913714886 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913743019 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913750887 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.913779020 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.913779020 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.913789988 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.913866997 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:01.915838003 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.928119898 CET49717443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:01.928138971 CET44349717104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:02.109342098 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:02.155342102 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:02.299806118 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:02.299882889 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:02.300077915 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:02.305335045 CET49715443192.168.2.5194.182.160.205
                          Jan 7, 2025 14:15:02.305351973 CET44349715194.182.160.205192.168.2.5
                          Jan 7, 2025 14:15:09.202579975 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:09.202647924 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:09.202704906 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:10.475229025 CET49712443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:10.475263119 CET44349712172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:14.641329050 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:14.641387939 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:14.641510963 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:14.641797066 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:14.641813040 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.152038097 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.152415991 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.152445078 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.153496027 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.153570890 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.154005051 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.154074907 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.154170990 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.154184103 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.208158016 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.304250002 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304297924 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304330111 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304358959 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304389000 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304419994 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304424047 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.304450989 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304490089 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304500103 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.304523945 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304541111 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.304544926 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.304584026 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.305404902 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.308887005 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.308971882 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.308998108 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.348716021 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.394520998 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.394614935 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.394665003 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.394689083 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.394718885 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.394747019 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.394767046 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.395102978 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395127058 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395148039 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395168066 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.395170927 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395179987 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395200014 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.395221949 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.395931959 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395965099 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.395996094 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396006107 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.396025896 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396061897 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.396066904 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396856070 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396882057 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396900892 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396900892 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.396919966 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396939039 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.396960974 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.396997929 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.397005081 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.399210930 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.399256945 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.399275064 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.399297953 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.399336100 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.484894037 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.484951973 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.484978914 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485004902 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485085011 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485110998 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485131979 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485176086 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485203028 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485207081 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485218048 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485249043 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485254049 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485258102 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485282898 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485312939 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485523939 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485578060 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485675097 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485721111 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.485789061 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.485847950 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486287117 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486326933 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486341953 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486342907 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486351013 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486372948 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486397028 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486789942 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486835003 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486856937 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486865044 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486886024 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486907005 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486920118 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486948013 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.486967087 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.486970901 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.487001896 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.487015963 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:15.487020969 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.487056971 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.506711960 CET49737443192.168.2.5104.17.25.14
                          Jan 7, 2025 14:15:15.506752014 CET44349737104.17.25.14192.168.2.5
                          Jan 7, 2025 14:15:58.692471027 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:58.692511082 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:58.692673922 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:58.692904949 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:58.692918062 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:59.349436045 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:59.349757910 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:59.349773884 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:59.350100994 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:59.350493908 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:15:59.350567102 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:15:59.394563913 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:16:09.268681049 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:16:09.268747091 CET44349994172.217.16.196192.168.2.5
                          Jan 7, 2025 14:16:09.268963099 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:16:10.474615097 CET49994443192.168.2.5172.217.16.196
                          Jan 7, 2025 14:16:10.474637032 CET44349994172.217.16.196192.168.2.5

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 7, 2025 14:14:54.332113028 CET53555491.1.1.1192.168.2.5
                          Jan 7, 2025 14:14:54.342335939 CET53514111.1.1.1192.168.2.5
                          Jan 7, 2025 14:14:55.466419935 CET53608341.1.1.1192.168.2.5
                          Jan 7, 2025 14:14:58.629813910 CET5807453192.168.2.51.1.1.1
                          Jan 7, 2025 14:14:58.629970074 CET5306953192.168.2.51.1.1.1
                          Jan 7, 2025 14:14:58.636537075 CET53580741.1.1.1192.168.2.5
                          Jan 7, 2025 14:14:58.636723042 CET53530691.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:00.137780905 CET5217353192.168.2.51.1.1.1
                          Jan 7, 2025 14:15:00.137981892 CET5153553192.168.2.51.1.1.1
                          Jan 7, 2025 14:15:00.145185947 CET53521731.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:00.152031898 CET53515351.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:01.094594955 CET5743153192.168.2.51.1.1.1
                          Jan 7, 2025 14:15:01.094795942 CET5482853192.168.2.51.1.1.1
                          Jan 7, 2025 14:15:01.101699114 CET53548281.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:01.101708889 CET53574311.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:01.102648973 CET53582271.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:02.122137070 CET53640621.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:12.496293068 CET53652431.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:31.512916088 CET53574461.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:53.904966116 CET53584431.1.1.1192.168.2.5
                          Jan 7, 2025 14:15:53.981153011 CET53566511.1.1.1192.168.2.5

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jan 7, 2025 14:14:58.629813910 CET192.168.2.51.1.1.10x3548Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Jan 7, 2025 14:14:58.629970074 CET192.168.2.51.1.1.10x4126Standard query (0)www.google.com65IN (0x0001)false
                          Jan 7, 2025 14:15:00.137780905 CET192.168.2.51.1.1.10x7eaeStandard query (0)sos-ch-gva-2.exo.ioA (IP address)IN (0x0001)false
                          Jan 7, 2025 14:15:00.137981892 CET192.168.2.51.1.1.10x39f1Standard query (0)sos-ch-gva-2.exo.io65IN (0x0001)false
                          Jan 7, 2025 14:15:01.094594955 CET192.168.2.51.1.1.10xfe31Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                          Jan 7, 2025 14:15:01.094795942 CET192.168.2.51.1.1.10x2d7dStandard query (0)cdnjs.cloudflare.com65IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jan 7, 2025 14:14:58.636537075 CET1.1.1.1192.168.2.50x3548No error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                          Jan 7, 2025 14:14:58.636723042 CET1.1.1.1192.168.2.50x4126No error (0)www.google.com65IN (0x0001)false
                          Jan 7, 2025 14:15:00.145185947 CET1.1.1.1192.168.2.50x7eaeNo error (0)sos-ch-gva-2.exo.iolb-ch-gva-2.exo.ioCNAME (Canonical name)IN (0x0001)false
                          Jan 7, 2025 14:15:00.145185947 CET1.1.1.1192.168.2.50x7eaeNo error (0)lb-ch-gva-2.exo.io194.182.160.205A (IP address)IN (0x0001)false
                          Jan 7, 2025 14:15:00.152031898 CET1.1.1.1192.168.2.50x39f1No error (0)sos-ch-gva-2.exo.iolb-ch-gva-2.exo.ioCNAME (Canonical name)IN (0x0001)false
                          Jan 7, 2025 14:15:01.101699114 CET1.1.1.1192.168.2.50x2d7dNo error (0)cdnjs.cloudflare.com65IN (0x0001)false
                          Jan 7, 2025 14:15:01.101708889 CET1.1.1.1192.168.2.50xfe31No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                          Jan 7, 2025 14:15:01.101708889 CET1.1.1.1192.168.2.50xfe31No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • sos-ch-gva-2.exo.io
                          • https:
                            • cdnjs.cloudflare.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.549716194.182.160.2054434408C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-01-07 13:15:00 UTC712OUTGET /ready/seah/continue/complete-this-to-continue.html HTTP/1.1
                          Host: sos-ch-gva-2.exo.io
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2025-01-07 13:15:01 UTC489INHTTP/1.1 200 OK
                          content-type: text/html; charset=UTF-8
                          x-amzn-request-id: b43209f5-05e9-4816-bce4-797da82de042
                          content-length: 4707
                          x-amz-bucket-region: ch-gva-2
                          accept-ranges: bytes
                          etag: "a3cedec1ce6b608eb41b7b3a3c46a120"
                          x-amz-request-id: b43209f5-05e9-4816-bce4-797da82de042
                          last-modified: Tue, 07 Jan 2025 10:29:11 GMT
                          x-amz-id-2: b43209f5-05e9-4816-bce4-797da82de042
                          server: Aleph/0.6.0
                          date: Tue, 07 Jan 2025 13:15:00 GMT
                          host: sos-ch-gva-2.exo.io
                          connection: close
                          2025-01-07 13:15:01 UTC4707INData Raw: ef bb bf 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 56 65 72 69 66 79 20 59 6f 75 20 41 72 65 20 48 75 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f
                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Verify You Are Human</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.549717104.17.25.144434408C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-01-07 13:15:01 UTC587OUTGET /ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css HTTP/1.1
                          Host: cdnjs.cloudflare.com
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: text/css,*/*;q=0.1
                          Sec-Fetch-Site: cross-site
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: style
                          Referer: https://sos-ch-gva-2.exo.io/
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2025-01-07 13:15:01 UTC942INHTTP/1.1 200 OK
                          Date: Tue, 07 Jan 2025 13:15:01 GMT
                          Content-Type: text/css; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: close
                          Access-Control-Allow-Origin: *
                          Cache-Control: public, max-age=30672000
                          ETag: W/"619c057b-44be"
                          Last-Modified: Mon, 22 Nov 2021 21:02:51 GMT
                          cf-cdnjs-via: cfworker/kv
                          Cross-Origin-Resource-Policy: cross-origin
                          Timing-Allow-Origin: *
                          X-Content-Type-Options: nosniff
                          CF-Cache-Status: HIT
                          Age: 860313
                          Expires: Sun, 28 Dec 2025 13:15:01 GMT
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouSSzNyaRbKeNLZqc1KMrKkeVrHcs7s21AOtkPilwI8CRHE9khiIaGrYZpKpWptlmV0ZFN0PqFtksVts%2BC1HGDC%2BIyDO6kagPZleAGjHR7qfP8HS60xaRpISsoOGn3uHVSc8MmY2"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                          Strict-Transport-Security: max-age=15780000
                          Server: cloudflare
                          CF-RAY: 8fe436d77d4241b4-EWR
                          alt-svc: h3=":443"; ma=86400
                          2025-01-07 13:15:01 UTC427INData Raw: 33 39 38 34 0d 0a 2f 2a 21 0a 20 2a 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 46 72 65 65 20 36 2e 30 2e 30 2d 62 65 74 61 33 20 62 79 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 0a 20 2a 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 63 6f 6d 2f 6c 69 63 65 6e 73 65 2f 66 72 65 65 20 28 49 63 6f 6e 73 3a 20 43 43 20 42 59 20 34 2e 30 2c 20 46 6f 6e 74 73 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 6f 64 65 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 31 20 46 6f 6e 74 69 63 6f 6e 73 2c 20 49 6e 63 2e 0a 20 2a 2f 0a 2e 66 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 66 61
                          Data Ascii: 3984/*! * Font Awesome Free 6.0.0-beta3 by @fontawesome - https://fontawesome.com * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) * Copyright 2021 Fonticons, Inc. */.fa{font-family:var(--fa
                          2025-01-07 13:15:01 UTC1369INData Raw: 6f 73 78 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 67 72 61 79 73 63 61 6c 65 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 3b 64 69 73 70 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 64 69 73 70 6c 61 79 2c 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 29 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 61 75 74 6f 7d 2e 66 61 2d 31 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 66 61 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 33 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 65 6d 7d 2e 66 61 2d 34 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a
                          Data Ascii: osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:
                          2025-01-07 13:15:01 UTC1369INData Raw: 66 61 2d 70 75 6c 6c 2d 6d 61 72 67 69 6e 2c 2e 33 65 6d 29 7d 2e 66 61 2d 62 65 61 74 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 2c 30 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d
                          Data Ascii: fa-pull-margin,.3em)}.fa-beat{-webkit-animation-name:fa-beat;animation-name:fa-beat;-webkit-animation-delay:var(--fa-animation-delay,0);animation-delay:var(--fa-animation-delay,0);-webkit-animation-direction:var(--fa-animation-direction,normal);animation-
                          2025-01-07 13:15:01 UTC1369INData Raw: 6e 2c 31 73 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 31 73 29 7d 2e 66 61 2d 62 65 61 74 2d 66 61 64 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 2d 66 61 64 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 66 61 2d 62 65 61 74 2d 66 61 64 65 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74
                          Data Ascii: n,1s);animation-duration:var(--fa-animation-duration,1s)}.fa-beat-fade{-webkit-animation-name:fa-beat-fade;animation-name:fa-beat-fade;-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:var(--fa-animat
                          2025-01-07 13:15:01 UTC1369INData Raw: 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 2c 6e 6f 72 6d 61 6c 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 32 73 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 2c 32 73 29 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61 72 28 2d 2d 66 61 2d 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 2c 69 6e 66 69 6e 69 74 65 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 69 74 65 72 61 74 69 6f 6e 2d 63 6f 75 6e 74 3a 76 61
                          Data Ascii: :var(--fa-animation-direction,normal);-webkit-animation-duration:var(--fa-animation-duration,2s);animation-duration:var(--fa-animation-duration,2s);-webkit-animation-iteration-count:var(--fa-animation-iteration-count,infinite);animation-iteration-count:va
                          2025-01-07 13:15:01 UTC1369INData Raw: 2d 64 65 6c 61 79 3a 30 73 3b 74 72 61 6e 73 69 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 73 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 30 73 3b 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 30 73 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 62 65 61 74 7b 30 25 2c 39 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 34 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65 2c 31 2e 32 35 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 76 61 72 28 2d 2d 66 61 2d 62 65 61 74 2d 73 63 61 6c 65
                          Data Ascii: -delay:0s;transition-delay:0s;-webkit-transition-duration:0s;transition-duration:0s}}@-webkit-keyframes fa-beat{0%,90%{-webkit-transform:scale(1);transform:scale(1)}45%{-webkit-transform:scale(var(--fa-beat-scale,1.25));transform:scale(var(--fa-beat-scale
                          2025-01-07 13:15:01 UTC1369INData Raw: 66 6c 69 70 2d 79 2c 31 29 2c 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 7a 2c 30 29 2c 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 61 6e 67 6c 65 2c 2d 31 38 30 64 65 67 29 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 33 64 28 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 78 2c 30 29 2c 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 79 2c 31 29 2c 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 7a 2c 30 29 2c 76 61 72 28 2d 2d 66 61 2d 66 6c 69 70 2d 61 6e 67 6c 65 2c 2d 31 38 30 64 65 67 29 29 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 73 70 69 6e 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 74 6f 7b 2d 77
                          Data Ascii: flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg));transform:rotate3d(var(--fa-flip-x,0),var(--fa-flip-y,1),var(--fa-flip-z,0),var(--fa-flip-angle,-180deg))}}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-w
                          2025-01-07 13:15:01 UTC1369INData Raw: 66 61 2d 31 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 31 22 7d 2e 66 61 2d 32 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 32 22 7d 2e 66 61 2d 33 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 33 22 7d 2e 66 61 2d 34 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 34 22 7d 2e 66 61 2d 35 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 35 22 7d 2e 66 61 2d 36 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 36 22 7d 2e 66 61 2d 37 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 37 22 7d 2e 66 61 2d 38 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 38 22 7d 2e 66 61 2d 39 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 33 39 22 7d 2e 66 61 2d 61 3a 62 65 66 6f 72 65 7b
                          Data Ascii: fa-1:before{content:"\31"}.fa-2:before{content:"\32"}.fa-3:before{content:"\33"}.fa-4:before{content:"\34"}.fa-5:before{content:"\35"}.fa-6:before{content:"\36"}.fa-7:before{content:"\37"}.fa-8:before{content:"\38"}.fa-9:before{content:"\39"}.fa-a:before{
                          2025-01-07 13:15:01 UTC1369INData Raw: 6c 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 38 38 36 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 64 6f 77 6e 2d 61 2d 7a 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 73 6f 72 74 2d 61 6c 70 68 61 2d 61 73 63 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 73 6f 72 74 2d 61 6c 70 68 61 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 35 64 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 64 6f 77 6e 2d 6c 6f 6e 67 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 6c 6f 6e 67 2d 61 72 72 6f 77 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 37 35 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 64 6f 77 6e 2d 73 68 6f 72 74 2d 77 69 64 65 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 73 6f 72 74 2d 61 6d 6f 75 6e 74 2d 64 65 73 63 3a 62 65 66 6f 72 65 2c 2e 66 61
                          Data Ascii: lt:before{content:"\f886"}.fa-arrow-down-a-z:before,.fa-sort-alpha-asc:before,.fa-sort-alpha-down:before{content:"\f15d"}.fa-arrow-down-long:before,.fa-long-arrow-down:before{content:"\f175"}.fa-arrow-down-short-wide:before,.fa-sort-amount-desc:before,.fa
                          2025-01-07 13:15:01 UTC1369INData Raw: 6f 77 2d 74 75 72 6e 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 6c 65 76 65 6c 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 34 39 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 74 75 72 6e 2d 75 70 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 6c 65 76 65 6c 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 34 38 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 36 32 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 75 70 2d 31 2d 39 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 73 6f 72 74 2d 6e 75 6d 65 72 69 63 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 33 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 75 70 2d 39 2d 31 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 73 6f 72 74 2d
                          Data Ascii: ow-turn-down:before,.fa-level-down:before{content:"\f149"}.fa-arrow-turn-up:before,.fa-level-up:before{content:"\f148"}.fa-arrow-up:before{content:"\f062"}.fa-arrow-up-1-9:before,.fa-sort-numeric-up:before{content:"\f163"}.fa-arrow-up-9-1:before,.fa-sort-


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.549715194.182.160.2054434408C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-01-07 13:15:02 UTC644OUTGET /favicon.ico HTTP/1.1
                          Host: sos-ch-gva-2.exo.io
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: image
                          Referer: https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2025-01-07 13:15:02 UTC345INHTTP/1.1 404 Not Found
                          x-amz-request-id: b7849d06-df13-42b2-8211-fe1be842b149
                          x-amzn-request-id: b7849d06-df13-42b2-8211-fe1be842b149
                          x-amz-id-2: b7849d06-df13-42b2-8211-fe1be842b149
                          content-length: 169
                          content-type: application/xml
                          server: Aleph/0.6.0
                          date: Tue, 07 Jan 2025 13:15:02 GMT
                          host: sos-ch-gva-2.exo.io
                          connection: close
                          2025-01-07 13:15:02 UTC169INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 42 75 63 6b 65 74 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 62 75 63 6b 65 74 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 2f 45 72 72 6f 72 3e
                          Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist.</Message><BucketName>favicon.ico</BucketName></Error>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.549737104.17.25.144434408C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-01-07 13:15:15 UTC669OUTGET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2 HTTP/1.1
                          Host: cdnjs.cloudflare.com
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          Origin: https://sos-ch-gva-2.exo.io
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          sec-ch-ua-platform: "Windows"
                          Accept: */*
                          Sec-Fetch-Site: cross-site
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: font
                          Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2025-01-07 13:15:15 UTC986INHTTP/1.1 200 OK
                          Date: Tue, 07 Jan 2025 13:15:15 GMT
                          Content-Type: application/octet-stream; charset=utf-8
                          Content-Length: 105204
                          Connection: close
                          Access-Control-Allow-Origin: *
                          Cache-Control: public, max-age=30672000
                          ETag: "619c057b-19af4"
                          Last-Modified: Mon, 22 Nov 2021 21:02:51 GMT
                          cf-cdnjs-via: cfworker/kv
                          Cross-Origin-Resource-Policy: cross-origin
                          Timing-Allow-Origin: *
                          X-Content-Type-Options: nosniff
                          CF-Cache-Status: HIT
                          Age: 1198892
                          Expires: Sun, 28 Dec 2025 13:15:15 GMT
                          Accept-Ranges: bytes
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2Bey98OcR%2Bihgoj5BqYgDoVyZ%2F%2BHau1F1wWOD3psFLsQNRILJL%2F8wsrzi7zpC417IvBXubH%2B1mah5kuRuG0r8MVtspRu2%2B2951PzHQ2O4Yks9WuFoMgz9e0storc4YncyGaWQNCL"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                          Strict-Transport-Security: max-age=15780000
                          Server: cloudflare
                          CF-RAY: 8fe4372c4c3b4386-EWR
                          alt-svc: h3=":443"; ma=86400
                          2025-01-07 13:15:15 UTC383INData Raw: 77 4f 46 32 00 01 00 00 00 01 9a f4 00 0a 00 00 00 02 ad 68 00 01 9a aa 03 00 00 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 38 02 24 04 20 06 60 03 8f 44 00 8d 38 ca 8a a3 60 cb 8f 48 05 88 48 07 20 a5 b3 56 51 66 c0 81 f3 00 00 b0 5a 3f 0f ca 88 ae 93 da 3d 00 aa 6a 99 10 6f af 1a 10 bf fc f6 c7 5f ff fc f7 97 81 b1 3b 20 96 ed b8 9e 6f a8 ef f7 fb ec 39 0f 17 88 d5 aa 10 dd 10 80 8c 90 27 50 1e c8 02 ca c8 55 a9 1b 9f f2 88 12 50 e5 5b a8 2b 37 80 5c 34 c8 df 05 98 59 17 42 cf ac 64 f9 83 be f4 5b f6 68 cf 98 21 a1 e6 ec a9 d9 97 b8 5a d8 8a fa f0 b4 32 ed bf 8f 85 d0 c0 d5 5d 35 c3 dd 5d 5d 5d 33 1a 8d 66 84 bb da 95 16 b4 08 86 45 13 c4 f6 da 0a 18 39 60 c7 32 c4 41 27 4e 1c 58 07 15 76 2e e4 90 03 b4 4e ee c2 97 cb e5 92 8b 43
                          Data Ascii: wOF2hC8$ `D8`HH VQfZ?=jo_; o9'PUP[+7\4YBd[h!Z2]5]]]3fE9`2A'NXv.NC
                          2025-01-07 13:15:15 UTC1369INData Raw: 39 5a 72 21 50 08 0b bd cb d3 93 e9 0e 10 c9 54 5c ea ca 9f 8c 63 21 23 b1 7c 7c 2a fe ff 9b a5 95 4f 34 47 28 8d 95 d2 1d a1 ad 15 ca 94 c2 70 ee 7b 3f 8c ff 23 c2 f8 91 59 c6 8f ac 32 22 b3 60 44 56 c1 88 ac 82 11 55 e8 c8 aa 6a 4e 54 01 33 5b 00 39 7d 0a 24 67 0f 28 0c b0 d9 b3 07 c4 48 11 59 35 22 12 18 11 09 f0 9c 8d 02 47 44 02 23 12 60 1b 45 72 05 c8 1d a0 b9 82 e4 28 92 a3 5a 9d 3e c0 90 a3 44 8b 95 86 25 ac 5d c3 5b cb 07 ba d7 00 d9 a3 d7 70 d6 b0 1c 21 94 0d 71 55 bb 26 27 51 20 83 24 f7 6a 32 b6 7f fd 95 ea c3 42 1c cb 9b 89 b8 ac f6 ee 09 d2 8d c3 5e 83 60 34 aa 8a 4c a9 5b fb cb 0a d0 52 08 8e 87 ac bc 0d 51 ab 2b fd 5b d6 71 e4 92 c4 96 25 04 c3 c0 ab 88 13 ea 88 bf db ba 12 a4 89 41 96 df 24 e6 a2 af e5 4e 11 41 01 61 4b ca 64 b2 27 82 20
                          Data Ascii: 9Zr!PT\c!#||*O4G(p{?#Y2"`DVUjNT3[9}$g(HY5"GD#`Er(Z>D%][p!qU&'Q $j2B^`4L[RQ+[q%A$NAaKd'
                          2025-01-07 13:15:15 UTC1369INData Raw: 74 47 1f f4 43 7f 0c c5 18 4c c0 d4 ed 2f c3 65 58 85 35 38 80 13 b8 86 3b f8 88 ef 08 98 90 c9 99 86 e9 59 98 45 58 8a 65 59 9d ad d8 86 ed d9 93 7d 38 82 63 38 81 f3 38 9f 8b b8 9c 1b b9 95 3b b8 93 7b 78 84 17 f8 90 78 78 f5 ff ad b4 93 ae 32 54 c6 c8 04 99 2a 33 64 9e 2c 93 55 b2 4e 36 cb 41 39 2b 17 e4 b2 6c eb 5d 97 bb 72 5f de c8 3b f9 bc 3d 52 af a4 ba 3e 6e 46 d7 df 0d 77 b3 ba d9 b7 3f 3d 3e ba 9f dd 2f 5e 75 ed b5 ed 85 e2 da c7 0d ff 8d e7 c6 2d 89 db 13 77 20 ee c4 1f cf 9b b8 0f f1 c5 e2 2b 7e ea 4e 7b 9d 76 3f ed 06 be fc 3f 12 f3 38 9e 20 0f 7b b4 f3 ce 79 e6 3c 71 8e 3a 87 a3 fb 44 23 ea 5d 54 b7 a8 62 51 2a 32 c9 be 64 9f b4 8f d8 fb ec 11 76 5f bb a2 1d 6d 87 73 32 c0 7f 01 fe c3 bf 01 fe c5 df f8 2b 7f e6 f7 fc 92 9f f1 53 7e cc 8f f8
                          Data Ascii: tGCL/eX58;YEXeY}8c88;{xxx2T*3d,UN6A9+l]r_;=R>nFw?=>/^u-w +~N{v??8 {y<q:D#]TbQ*2dv_ms2+S~
                          2025-01-07 13:15:15 UTC1369INData Raw: ae ad 9f d4 3c 4a a4 8f 8d fe 05 d3 b6 74 cd 2c 7a 75 96 b5 5a 7d 0f 0c 4f 6d 6c f2 6b ad b7 b5 0e 5d 59 e9 b4 81 e1 8c 06 21 60 f2 e6 84 26 36 48 39 4c d2 44 e1 f8 73 46 a0 69 16 63 f2 17 be e4 76 c7 01 12 18 9a 86 97 1e 5d f6 b8 b2 2d 0b b7 18 8b ef 7a de 4f 25 4c 7b 5e 8f cc c8 19 42 26 8a 08 a4 92 6a 6c 6e 6c d8 c1 a2 c8 b7 0d 04 43 f6 b3 bc c0 c0 0d 73 56 fd d7 19 ac 0c 98 8c 97 83 e5 78 02 64 0d c7 c1 64 bc 3c 5c 8e 27 70 9c c6 1b 06 ed 20 00 82 a0 fd a8 4f 0f 8b ad dd fc f2 b8 a2 b0 fb 64 bc ac c6 41 bb 35 28 d9 7d d0 6a 07 df 82 20 68 77 3b c2 76 10 e0 e8 6a 69 97 4e c7 7b 64 1a 33 5b 49 9a a4 b3 82 3f af 97 5f 11 3e 57 f6 95 ea 5c 51 60 52 b9 6f 39 6b 2f ac 53 e7 ca 61 31 dd d6 af 11 65 da 78 8a 98 5e e0 39 5c c6 15 d2 24 5d 42 26 2c 2f a4 62 f2
                          Data Ascii: <Jt,zuZ}Omlk]Y!`&6H9LDsFicv]-zO%L{^B&jlnlCsVxdd<\'p OdA5(}j hw;vjiN{d3[I?_>W\Q`Ro9k/Sa1ex^9\$]B&,/b
                          2025-01-07 13:15:15 UTC1369INData Raw: 52 b3 2d eb 35 5f 41 92 8e 46 49 82 4f 10 02 d2 bf f6 1c 1e c6 15 72 e2 67 0c fc 30 da d5 83 6d 66 d7 06 63 57 b9 54 db 3a 4a 8a e8 e9 8c 12 7f 50 2a 3c 68 6c e7 5b db eb 6b 4d 4b 08 2e 2d d3 de 9b cf db 31 97 69 e3 60 9c 4f d2 54 d3 d7 ce be c3 96 8a 33 d3 b2 4f 4f 26 4e b8 fe 1b e7 ec 4e 2b 02 2c d3 94 a6 65 5b 42 88 54 0a d7 6c f5 7c df 37 3c b7 df 5b cc 3a 1b 63 6e 9a 8e 2d 25 f3 19 33 ad a4 ef 0d 07 7b bd de 42 7e b8 3d 79 9b e8 91 cb 33 3e 0e a9 21 84 35 77 bb da a1 23 65 9d 23 f9 ea 3e cc b5 17 e8 f3 2f e4 98 10 c4 fc fa 8d ab df e4 32 5d d6 b7 de 5a 2f 1b 93 f1 52 bd 43 cf ef f1 17 b7 2c 97 94 2e 97 b7 fc c5 b0 c1 5f 54 e3 31 30 1e 57 7f 31 24 ce 4b f6 cb a4 ca 0b 66 33 d7 db b8 1f a4 e4 be a3 7e 85 67 7f c3 37 0a cb b2 6c c1 39 5e 79 a4 df be 31
                          Data Ascii: R-5_AFIOrg0mfcWT:JP*<hl[kMK.-1i`OT3OO&NN+,e[BTl|7<[:cn-%3{B~=y3>!5w#e#>/2]Z/RC,._T10W1$Kf3~g7l9^y1
                          2025-01-07 13:15:15 UTC1369INData Raw: b0 f5 7f 5e 73 3f 21 7e 94 8d af e2 0a 09 48 42 b6 08 99 e4 41 07 11 52 88 17 13 7f e8 b3 ac ca 38 2e 19 5d 24 5d ef b7 69 55 63 dd b4 23 c7 b6 ed 28 b6 1d 29 cd a3 df c3 d5 f3 15 bc 95 76 12 5b a6 69 c5 49 cb 73 6c 6b e7 47 a4 6d 47 89 ed 38 4e 6c 99 a6 fc fb a3 43 5c 3d 7a 67 a3 ed d8 49 da e9 24 a9 6d 0b 61 dd 64 11 49 c8 b5 e7 ee df 79 5f 4f ee 26 2f 24 af 27 9f 21 a4 ee ad c1 a2 c8 33 d5 6c 76 ae 46 d9 28 cb ef 62 3b 8d e2 28 b6 9c 63 49 9a d4 f3 72 5e 6a 49 e0 74 d3 8b 6a 51 2d dd 9c 6c d2 1c 22 95 54 75 99 9f 4a 45 28 0b 05 82 b6 0c 8b 94 cc 64 36 ca 46 c5 a8 c8 ab bc 5a 54 8b 7a 51 2f cb 65 39 2f e7 e9 3c 4d e2 24 8e e2 48 3d 37 70 5c d7 ef 76 7d e5 ba e9 33 7a e2 34 9a 91 14 42 c6 8d 86 93 e8 82 95 de 20 88 75 5f c5 67 66 49 92 b4 37 36 da 26 d2
                          Data Ascii: ^s?!~HBAR8.]$]iUc#()v[iIslkGmG8NlC\=zgI$madIy_O&/$'!3lvF(b;(cIr^jItjQ-l"TuJE(d6FZTzQ/e9/<M$H=7p\v}3z4B u_gfI76&
                          2025-01-07 13:15:15 UTC1369INData Raw: 99 26 07 98 97 cb 32 4d 0e b0 28 97 75 9a d4 c5 b2 4e e7 55 b1 ac d3 79 bd dc c6 b2 5e 94 f5 72 1b cb ea da c2 03 2c 0b 55 6d aa 7e 3c 2f ca f9 3e 16 2a 0b 67 5a 53 53 4a d7 91 ce 04 b3 73 96 a4 99 2c ea bf 87 24 2d ea e5 36 ca 38 cb eb 62 59 33 43 48 d4 b1 b4 d6 94 65 4a b1 6b 8a 69 e1 33 8b e5 eb 58 d6 69 72 60 c5 f7 53 b2 8f 44 65 a3 2e 22 25 55 11 9e 13 87 52 23 51 fe f7 10 b3 79 9a 28 99 e1 bf 13 84 42 6b c0 e5 7a 13 80 c1 f4 16 a5 52 6f 52 0a aa a7 8c 0a a6 c5 8c e9 5c f3 19 73 a4 74 18 f3 35 ae 03 94 c6 1a 13 94 a5 3a 05 a5 4d 5d 52 da 14 94 52 03 40 53 e7 2e 1a 9a 08 91 48 99 9c e3 50 4a a9 68 be bf 19 65 b7 8b 52 e0 fd 20 50 9a be 7e f4 2d fe 3a 30 56 ea 23 36 d7 26 ab 2b b9 c6 ec 81 a6 7d 0b 63 9b 98 72 c3 90 a0 8c 51 4d 19 37 6b ba 52 4a 57 8a
                          Data Ascii: &2M(uNUy^r,Um~</>*gZSSJs,$-68bY3CHeJki3Xir`SDe."%UR#Qy(BkzRoR\st5:M]RR@S.HPJheR P~-:0V#6&+}crQM7kRJW
                          2025-01-07 13:15:15 UTC1369INData Raw: 75 fd c0 7b 5a 1d 65 23 cc 8e 1d 6b 3a b6 e3 34 3e f6 60 e3 3f 3a fa 8b 51 9a 02 69 3a 42 ef f5 04 0e 82 a0 7d f4 17 ed 20 08 82 36 7a ed 20 78 66 df 27 e7 a7 1f b5 9d 34 76 ec 8f 3d 6a 3b 49 e2 d8 8f 20 4d 47 87 59 7d f4 fe ff 56 10 b4 bd 1d 86 41 88 41 ac 6b cf e1 87 71 85 8c c8 49 72 33 79 80 3c 45 be 8e bc 95 7c 98 7c 9a fc 20 21 f5 fc 76 7b db 58 8a e7 2e 64 17 51 1f 4e c6 ac 7d a4 49 99 8e 5c 54 79 90 a6 33 2e f2 4c aa 78 13 7d 00 bc 63 9b 2d eb d9 12 a1 75 40 9c a4 7e 8f 03 f3 22 5d ff 41 8b 0f aa 16 28 d9 a7 1e 1d 69 79 7c dc ad f2 7d 8c 32 0b f4 55 37 0a 91 08 f1 7c 21 12 46 39 63 af 04 3e 4a d9 0d 10 ae 23 71 03 65 3a c4 0b 28 65 f4 05 1c 54 9f 38 52 4a cd b2 34 46 e3 43 47 2a a5 ec c7 ea 60 9d 67 ab d1 1a d3 87 fb a4 4f 6c b7 fd a7 1c 29 65 f2
                          Data Ascii: u{Ze#k:4>`?:Qi:B} 6z xf'4v=j;I MGY}VAAkqIr3y<E|| !v{X.dQN}I\Ty3.Lx}c-u@~"]A(iy|}2U7|!F9c>J#qe:(eT8RJ4FCG*`gOl)e
                          2025-01-07 13:15:15 UTC1369INData Raw: 70 3c 88 a3 2f 43 ac 0e 87 5b 15 c0 02 fc d5 e3 1f 7e 6b 01 4c e8 ea 05 fe 89 12 5c 25 eb e4 90 dc 4e 1e 27 04 89 b2 ec dc 61 4a 83 5d 22 20 5a f3 3e 4a 91 20 25 ac 7e e3 99 ca 8b 3c 1b 8e 94 ec 22 d2 96 4c 25 92 1e 4a b1 6f 82 9f ed 33 2b cb 9f b3 2c 86 bf 6d 52 b4 9a 2b 47 cf ae 34 5b 40 ab b9 d2 6d ea 20 c5 e6 f9 bb 6f d4 43 ec d5 69 cd ee 4a b3 80 a1 3b 47 57 1d 43 d7 0d 07 87 8e a1 e3 e8 6b 3a a0 eb ae a3 1b 86 ee 38 c6 cf 14 f5 73 5c dd 80 6e 38 8e 8e bb db c5 ff 38 74 05 ad f5 5f 2a da 4d b4 34 c7 d6 74 fd ec 59 5d d7 6c 47 6b a1 79 ce d5 75 5d 77 7f ce c9 4d e8 34 9c 9f 5b d7 9d e1 41 17 5b 44 5e ce 31 c9 ad f4 32 0e c9 ed e4 11 f2 62 f2 7a f2 41 bc 24 20 36 30 85 29 19 06 9c 69 de 2e 96 f5 b4 ca 46 1a b7 5b 7e 6e a8 a4 92 d9 74 26 b3 e9 6c 84 3f
                          Data Ascii: p</C[~kL\%N'aJ]" Z>J %~<"L%Jo3+,mR+G4[@m oCiJ;GWCk:8s\n88t_*M4tY]lGkyu]wM4[A[D^12bzA$ 60)i.F[~nt&l?
                          2025-01-07 13:15:15 UTC1369INData Raw: 75 96 7d e3 ce b8 d5 32 74 c3 b5 27 69 8a b8 b5 c1 e0 14 3b f5 29 8a 6e 6f 63 bb 37 ee db c3 7e 37 e9 63 45 c9 eb 90 b5 d5 6d 01 1b 88 a2 3e 98 d6 e9 14 d4 a2 fd dd 6e 63 da ed 72 cb da e8 f5 80 81 0a 26 31 b7 07 29 4e 30 53 bb f6 ab f8 1a 9e 25 53 42 26 e0 de d5 b3 1c fd bb 44 b6 80 54 97 6f 9e af 61 38 dc d9 39 7b 76 67 67 38 04 3d 76 ec be af f6 7d c7 8e d1 ab 1b d1 0e 2f e0 a1 d3 a7 bd cf 3d 55 f3 39 ef f4 e9 87 88 46 c8 b5 df c3 3f e1 59 a2 11 9f b4 c8 1b c9 5b c9 fb c8 b7 90 4f 11 52 cb 6c 64 a8 c8 c2 5b d7 b3 c8 55 2d e3 a4 5c 56 79 96 6a 0a 8b 05 88 11 39 72 bf 33 a0 8e 72 21 91 61 d5 ce 8b bc 58 a4 f6 21 43 32 32 9d 2d cb 79 9a d0 03 0d c4 4e ac 78 5f aa 04 95 d2 e5 1f 10 67 ae 15 d1 03 37 2d 15 e3 33 c3 cf 82 4b 70 81 3e 84 00 84 c0 86 80 10 10
                          Data Ascii: u}2t'i;)noc7~7cEm>ncr&1)N0S%SB&DToa89{vgg8=v}/=U9F?Y[ORld[U-\Vyj9r3r!aX!C22-yNx_g7-3Kp>


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:08:14:50
                          Start date:07/01/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Imagebase:0x7ff715980000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:2
                          Start time:08:14:53
                          Start date:07/01/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2024,i,9731734305602464829,782712393607184548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Imagebase:0x7ff715980000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:3
                          Start time:08:14:59
                          Start date:07/01/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sos-ch-gva-2.exo.io/ready/seah/continue/complete-this-to-continue.html"
                          Imagebase:0x7ff715980000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          Disassembly

                          No disassembly