Edit tour

Windows Analysis Report
PaymentAdvice.html

Overview

General Information

Sample name:	PaymentAdvice.html
Analysis ID:	1586936
MD5:	90ce7315cc822147623ea89b5a14a2bf
SHA1:	2c3553c3132441a0dd6252cf8a0122aa68c79db0
SHA256:	648740727bb4ba312c96fc2e91d2a0b1770afd3659b29d1cd669f1aa47372318
Infos:

Detection

KnowBe4

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected KnowBe4 simulated phishing

HTML document with suspicious name

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PaymentAdvice.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2032,i,10110141688215829052,9866546582253879018,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.1.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match

File source: 2.1.pages.csv, type: HTML

Source: PaymentAdvice.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/PaymentAdvice.html	HTTP Parser: No favicon
Source: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49787 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50037 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:49805 -> 1.1.1.1:53

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49787 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1EQ05zS2RuNTExK28vd1pzYXZsUXZVS2R1WWpVdGRVS0lPcmtVMy9NbjRjY3VCc0pyc0Z0UTYySDFURC9EUHlrZjdZY0VtcVNQOXhnOTM4YlVKdTZmU3Jmd09nPT0tLUNuUmFsd2J0WUhhTG5Pdy8tLXJBTzRhc3psZjhRU1VVVFJzQ0kzT1E9PQ==?cid=2358546053 HTTP/1.1Host: do.not.click.on.this.link.instantrevert.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1EQ05zS2RuNTExK28vd1pzYXZsUXZVS2R1WWpVdGRVS0lPcmtVMy9NbjRjY3VCc0pyc0Z0UTYySDFURC9EUHlrZjdZY0VtcVNQOXhnOTM4YlVKdTZmU3Jmd09nPT0tLUNuUmFsd2J0WUhhTG5Pdy8tLXJBTzRhc3psZjhRU1VVVFJzQ0kzT1E9PQ==?cid=2358546053 HTTP/1.1Host: do.not.click.on.this.link.instantrevert.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==?cid=2358546053 HTTP/1.1Host: do.not.click.on.this.link.instantrevert.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://do.not.click.on.this.link.instantrevert.net/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==?cid=2358546053Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=196608-214545If-Range: "6b207845061b2bf9205c8418d478cc0b"
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"74133370e122c9bb68f488aaad71134d"
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Language: en-US,en;q=0.9Range: bytes=115712-196607If-Range: "6b207845061b2bf9205c8418d478cc0b"
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=32768-
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Language: en-US,en;q=0.9Range: bytes=214016-214545If-Range: "6b207845061b2bf9205c8418d478cc0b"
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Language: en-US,en;q=0.9Range: bytes=196608-214545If-Range: "6b207845061b2bf9205c8418d478cc0b"
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Language: en-US,en;q=0.9Range: bytes=50176-196607If-Range: "6b207845061b2bf9205c8418d478cc0b"
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: do.not.click.on.this.link.instantrevert.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: secured-login.net
Source: global traffic	DNS traffic detected: DNS query: helpimg.s3.amazonaws.com

Source: chromecache_82.3.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: PaymentAdvice.html	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk9
Source: PaymentAdvice.html	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1
Source: chromecache_83.3.dr, chromecache_87.3.dr	String found in binary or memory: https://helpimg.s3.amazonaws.com/LP_videos/You
Source: chromecache_83.3.dr, chromecache_87.3.dr	String found in binary or memory: https://helpimg.s3.amazonaws.com/LP_videos/hook.wav
Source: chromecache_84.3.dr	String found in binary or memory: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50037 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: PaymentAdvice.html

Initial sample: payment

Source: classification engine

Classification label: mal52.phis.winHTML@32/15@14/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PaymentAdvice.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2032,i,10110141688215829052,9866546582253879018,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2032,i,10110141688215829052,9866546582253879018,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/PaymentAdvice.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	54.231.227.161	true	false	high
www.google.com	142.250.185.228	true	false	high
secured-login.net	34.195.197.181	true	false	high
landing.training.knowbe4.com	3.213.222.32	true	false	high
helpimg.s3.amazonaws.com	unknown	unknown	false	high
do.not.click.on.this.link.instantrevert.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3	false		high
https://helpimg.s3.amazonaws.com/LP_videos/You've_Been_Phished.mp4	false		high
https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false		high
file:///C:/Users/user/Desktop/PaymentAdvice.html	false	Avira URL Cloud: safe	unknown
https://secured-login.net/favicon.ico	false		high
https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false		high
https://do.not.click.on.this.link.instantrevert.net/XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1EQ05zS2RuNTExK28vd1pzYXZsUXZVS2R1WWpVdGRVS0lPcmtVMy9NbjRjY3VCc0pyc0Z0UTYySDFURC9EUHlrZjdZY0VtcVNQOXhnOTM4YlVKdTZmU3Jmd09nPT0tLUNuUmFsd2J0WUhhTG5Pdy8tLXJBTzRhc3psZjhRU1VVVFJzQ0kzT1E9PQ==?cid=2358546053	false		high
https://helpimg.s3.amazonaws.com/LP_videos/hook.wav	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://do.not.click.on.this.link.instantrevert.net/XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1	PaymentAdvice.html	false	high
http://www.videolan.org/x264.html	chromecache_82.3.dr	false	high
https://helpimg.s3.amazonaws.com/LP_videos/You	chromecache_83.3.dr, chromecache_87.3.dr	false	high
https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2	chromecache_84.3.dr	false	high
https://do.not.click.on.this.link.instantrevert.net/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk9	PaymentAdvice.html	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.213.222.32	landing.training.knowbe4.com	United States	14618	AMAZON-AESUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.195.197.181	secured-login.net	United States	14618	AMAZON-AESUS	false
54.231.227.161	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586936
Start date and time:	2025-01-09 19:14:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PaymentAdvice.html
Detection:	MAL
Classification:	mal52.phis.winHTML@32/15@14/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.174, 64.233.166.84, 142.250.186.174, 142.250.184.206, 142.250.186.78, 142.250.185.170, 216.58.206.74, 142.250.185.202, 172.217.18.10, 142.250.186.138, 216.58.212.170, 142.250.74.202, 142.250.186.74, 142.250.185.234, 142.250.185.138, 172.217.16.202, 142.250.186.170, 142.250.186.42, 142.250.185.74, 142.250.185.106, 142.250.184.234, 192.229.221.95, 199.232.214.172, 172.217.16.206, 142.250.185.142, 142.250.186.46, 142.250.186.67, 172.217.18.14, 216.58.206.78, 142.250.185.238, 142.250.181.238, 142.250.186.110, 13.107.253.45, 184.28.90.27, 4.245.163.56, 20.190.159.0, 2.23.227.208
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: PaymentAdvice.html

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: file:///C:/Users/user/Desktop/PaymentAdvice.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Go Now", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/PaymentAdvice.html Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Go Now", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/PaymentAdvice.html Model: Joe Sandbox AI	{ "brands": "unknown" }

URL: file:///C:/Users/user/Desktop/PaymentAdvice.html Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://usps-ny.com	Get hash	malicious	Unknown	Browse
	https://boutiquedumonde.instawp.xyz/wp-content/themes/twentytwentyfive/envoidoclosa_toutdomaine/wetransfer/index.html	Get hash	malicious	Unknown	Browse
	https://customers.jam-software.de/downloadTrialProcess.php?article_no=671&	Get hash	malicious	Unknown	Browse
	https://sora-ai-download.com/	Get hash	malicious	Unknown	Browse
	ReIayMSG__polarisrx.com_#7107380109.htm	Get hash	malicious	HTMLPhisher	Browse
	ReIayMSG__polarisrx.com_#6577807268.htm	Get hash	malicious	HTMLPhisher	Browse
	Appraisal-nation-Review_and_Signature_Request46074.pdf	Get hash	malicious	Unknown	Browse
	https://clinicasanclemente.com/ap/	Get hash	malicious	HTMLPhisher	Browse
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Xmrig	Browse
	https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2	Get hash	malicious	Unknown	Browse
34.195.197.181	https://gmail.net-login.com/XcXRYNDdyQ3ZtSld4UE4wVUJrekFCdThLQ2ZDbXJubWlkcy85YXZZRFpSOGRHZ0lqc1lEVlJhUFJ4T1JpVkZYRHlPM2luOWZsUlg0akRFL0JzN3BQNEMzS2I3QUtSaG9zWXhKL1R0cG5TcEV6YUpSMkZRT1BkNGd1eVg1eHFjTW5CbVFQV0l5RXdmVG9qV2tod3dRS0ZpbkcvY3EwZk91cnM4R003RE1ESDZkNUoxOTZyTTZQcEExKy0tVmRVQklXeHltU1Jqc0VOaS0tMDhlR1IwQTdzanVybEhTdHNlbmhsZz09?cid=2354608568	Get hash	malicious	KnowBe4	Browse
34.195.197.181	https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580	Get hash	malicious	HTMLPhisher, KnowBe4	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s3-w.us-east-1.amazonaws.com	https://combatironapparel.com/collections/ranger-panty-shorts	Get hash	malicious	Unknown	Browse	52.216.200.219
	https://mail.voipmessage.uk/XZmNVMGRWSjAyR3hxcDF0LzhSdGt1ZFZjdG0vUU9uWWRDQXI2eXJwbnNYd0FnNE9TWjhBNncyakhQSlRKa0poSEVkY09KRzlaVG9SSGM4NSt2bHh3M0h4eHpwKzZNZlpMUU9rWklrRlg2R0R3ak9qbVA4T21TZXpzYUxJazlsaVo0ODNubmNtS1ZuQTdWL1dLa3kvZVpKeU5WOUJWUVRFMHcxRWhsODJKQTdVV2NSUmloaFBtRWdiL1lGQ0VCOTNUUjVmSE1nPT0tLVpvYUVQQVVmdkNSZmR3ZUItLWhoMjNyU1ZFSWhzclZVc0cwdTEwS0E9PQ==?cid=305193241	Get hash	malicious	KnowBe4	Browse	52.217.129.57
	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	52.217.170.145
	https://hallmark.greetingsweb.com/2865d1125997389a?l=22	Get hash	malicious	Unknown	Browse	3.5.25.233
	https://temp.farenheit.net/XZ1ZEKzFsR0pndUdHTEgydlg4dElJdnYwT0hjRkpzdVVSUm1ub0VGNFQ3Y0ZmKzFxM3I2dUJxaTkwbXEvV1dSWUM0MG5LUitrcGV2THJ0Q2o4cWUvRGxkd1l4MmcySE41YUtFUHo4RzZXM014SWRPampra2ZwMVVWNGhFTGh4WW9NU3BQaCtFRUFTMXdkc2ZiNUdhS284ek8xMTVuaS9UdExEa3lOT2hoa3R4SGg1bFIra241ZE02M1pDRVdDWVN2U3QraDRvZEVVOUMyM1J1Y1pHbGJiZ2Y1b1c4TGIxakFzVWhuc0E9PS0td2twbkU5Q0xKY3VWbzc3Ny0tQW5QTkZPazI2ajU5aTJUSjlRQkZtZz09?cid=2308276481	Get hash	malicious	KnowBe4	Browse	3.5.27.246
	https://gmail.net-login.com/XcXRYNDdyQ3ZtSld4UE4wVUJrekFCdThLQ2ZDbXJubWlkcy85YXZZRFpSOGRHZ0lqc1lEVlJhUFJ4T1JpVkZYRHlPM2luOWZsUlg0akRFL0JzN3BQNEMzS2I3QUtSaG9zWXhKL1R0cG5TcEV6YUpSMkZRT1BkNGd1eVg1eHFjTW5CbVFQV0l5RXdmVG9qV2tod3dRS0ZpbkcvY3EwZk91cnM4R003RE1ESDZkNUoxOTZyTTZQcEExKy0tVmRVQklXeHltU1Jqc0VOaS0tMDhlR1IwQTdzanVybEhTdHNlbmhsZz09?cid=2354608568	Get hash	malicious	KnowBe4	Browse	3.5.25.32
	https://d3sdeiz39xdvhy.cloudfront.net	Get hash	malicious	Unknown	Browse	52.217.121.121
	https://g248jqtc.r.ap-south-1.awstrack.me/L0/https:%2F%2Ffub.direct%2F1%2Fwpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE%2Fhttps%2Fwestcommerce.com.br%2Fe63a%2F3274607708%2FSmartadvocate%2F%23%3Fnl=ZGF5aGFuYXJhQHNtYXJ0YWR2b2NhdGUuY29t/1/010901943144e678-be97f397-fbf4-4935-81cc-f9ffe0e007ba-000000/Ra9zEF9F5Gh7LdH-GSmxaBW3ylU=188	Get hash	malicious	ScreenConnect Tool	Browse	16.15.179.102
	https://g248jqtc.r.ap-south-1.awstrack.me/L0/https:%2F%2Ffub.direct%2F1%2Fwpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4WwWGYEcIFo0NTTfcu_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE%2Fhttps%2Fwestcommerce.com.br%2Fe63i%2F7286520054%2FMackietransportation%2F%23%3Fnl=ZGVhbi5tYWNraWVAbWFja2lldHJhbnNwb3J0YXRpb24uY29t/1/010901943411f671-14b57a2c-4586-496c-a061-2f25bd5eed26-000000/5tAc1I97hb2OTOUlpCX6bWWJ9hY=188	Get hash	malicious	ScreenConnect Tool	Browse	3.5.28.39
	3lhrJ4X.exe	Get hash	malicious	LiteHTTP Bot	Browse	52.216.138.83
secured-login.net	https://gmail.net-login.com/XcXRYNDdyQ3ZtSld4UE4wVUJrekFCdThLQ2ZDbXJubWlkcy85YXZZRFpSOGRHZ0lqc1lEVlJhUFJ4T1JpVkZYRHlPM2luOWZsUlg0akRFL0JzN3BQNEMzS2I3QUtSaG9zWXhKL1R0cG5TcEV6YUpSMkZRT1BkNGd1eVg1eHFjTW5CbVFQV0l5RXdmVG9qV2tod3dRS0ZpbkcvY3EwZk91cnM4R003RE1ESDZkNUoxOTZyTTZQcEExKy0tVmRVQklXeHltU1Jqc0VOaS0tMDhlR1IwQTdzanVybEhTdHNlbmhsZz09?cid=2354608568	Get hash	malicious	KnowBe4	Browse	34.193.120.146
	https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253	Get hash	malicious	KnowBe4	Browse	34.193.6.123
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse	3.82.68.124
	https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324	Get hash	malicious	HTMLPhisher, KnowBe4	Browse	52.203.6.0
	https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310	Get hash	malicious	KnowBe4	Browse	54.209.230.227
	https://gmail.net-login.com/Xb1Rnb3pKRC9CUEdpbldIVTREbHhIK1Vza1NvaWlrblBIbkN4aUdCZUt0Y2NlSGJiWmZ2d0M1dTB5dEpRbnRoVDdBVkFTcEJqWGowNVZycWJNWHlIUHlLOG1qS0FvemVPSXpFRFhGcUhmaVU1ekQwMklrVmM0QjVpNmhLaDdoY1I4UlhMcFo1TTJaSFhtaWpiWWFqWGZ5WEg4TnBiOUl4MDI1RFMyWStQRFoyNFo5UFZNUUpmWXBtaUg0Y0FjUG1jejdSVnFVOXJQL2VzdmNLM1lEaWtmRkZnZEk2Vi0tVHFIeU0vOWxTN01YVEtXbS0tTTh5Skh1eEtsc0xTT0J5Rzg2Q2ZJQT09?cid=2330416057%3EOpen	Get hash	malicious	KnowBe4	Browse	52.5.153.217
	https://i.donotreply.biz/XWTZMVjBsbS9FS1Z2NzBoRzFZMy83RkoxVmlXaWlxaHo3VWFucmtuUGw1enh1ZWNEWVVSRmU5SURkU2psUnlGWUVLSzJtc3hJMVRZeXdZQTdKTVMwOTIySXc0dXRmSmkrKzVTSFFkRTlsZ0sycWdFdnhVY3BJNGx5ZnRmWTFhc0tuTTN1bVNUeUdFYkgrRW9rVllXdnIvNEE4aUgwNlR0R291UUxXUmY2L1JsVnZyNmMvbVpoUGJac04xckVKQlBXLS1PZFpzV3ByWmxpaEJybUhrLS1uMXVPRk5IWXlyNFBPNklpRkk0NTB3PT0=?cid=2330206445	Get hash	malicious	KnowBe4	Browse	3.209.102.171
	https://mail.donotreply.biz/XWW04VVZpU2JyWTFmVy96T2RUOUEvcEhyMWhFSm5uZElnVUlmb2dTZEdMRFdGSU1UV2V3S3RUNGdrNmNQRFJ4WTFPRHdYYlkraDV3S1YyVVpuU3E3K2p1bWowcEt3M24ySVBLanRDUkwyYitYWExuYTB5YlhVTUhySWZKbGJCTE9oRHl2RCtjR29BbEk3ZEwxZFJaNmNoK29ESk0vTGcxSmtyK0FWTExLWTdxYlQ1Yys1bjNiTUczY0RnPT0tLTU2R0pFM1VwZFRnVndZSWktLXptU2lWOHlQdjR0eGI1K09OQVZtRnc9PQ==?cid=2315575162	Get hash	malicious	KnowBe4	Browse	52.1.199.240
landing.training.knowbe4.com	https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt	Get hash	malicious	Unknown	Browse	3.220.156.219
	https://temp.farenheit.net/XZ1ZEKzFsR0pndUdHTEgydlg4dElJdnYwT0hjRkpzdVVSUm1ub0VGNFQ3Y0ZmKzFxM3I2dUJxaTkwbXEvV1dSWUM0MG5LUitrcGV2THJ0Q2o4cWUvRGxkd1l4MmcySE41YUtFUHo4RzZXM014SWRPampra2ZwMVVWNGhFTGh4WW9NU3BQaCtFRUFTMXdkc2ZiNUdhS284ek8xMTVuaS9UdExEa3lOT2hoa3R4SGg1bFIra241ZE02M1pDRVdDWVN2U3QraDRvZEVVOUMyM1J1Y1pHbGJiZ2Y1b1c4TGIxakFzVWhuc0E9PS0td2twbkU5Q0xKY3VWbzc3Ny0tQW5QTkZPazI2ajU5aTJUSjlRQkZtZz09?cid=2308276481	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse	3.82.68.124
	https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324	Get hash	malicious	HTMLPhisher, KnowBe4	Browse	3.88.121.169
	https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310	Get hash	malicious	KnowBe4	Browse	3.212.32.86
	https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580	Get hash	malicious	HTMLPhisher, KnowBe4	Browse	3.224.166.12
	https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114	Get hash	malicious	KnowBe4	Browse	3.82.118.141

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	Fantazy.x86.elf	Get hash	malicious	Unknown	Browse	13.253.251.170
	4.elf	Get hash	malicious	Unknown	Browse	13.224.234.221
	Fantazy.i486.elf	Get hash	malicious	Unknown	Browse	205.251.216.97
	Fantazy.mpsl.elf	Get hash	malicious	Unknown	Browse	108.149.236.126
	Fantazy.m68k.elf	Get hash	malicious	Unknown	Browse	108.130.144.42
	https://download.mythicsoft.com/flp/3502/agentransack_3502.exe	Get hash	malicious	Unknown	Browse	13.32.121.3
	sora.m68k.elf	Get hash	malicious	Unknown	Browse	13.218.183.45
	sora.ppc.elf	Get hash	malicious	Unknown	Browse	184.72.41.220
	sora.sh4.elf	Get hash	malicious	Unknown	Browse	108.152.61.230
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
AMAZON-AESUS	Fantazy.arm7.elf	Get hash	malicious	Mirai	Browse	44.214.166.227
	4.elf	Get hash	malicious	Unknown	Browse	54.83.86.212
	Fantazy.spc.elf	Get hash	malicious	Unknown	Browse	18.205.97.124
	sora.mpsl.elf	Get hash	malicious	Unknown	Browse	54.54.116.237
	sora.mips.elf	Get hash	malicious	Unknown	Browse	18.232.167.130
	sora.sh4.elf	Get hash	malicious	Unknown	Browse	18.235.27.118
	sora.x86.elf	Get hash	malicious	Unknown	Browse	44.221.119.221
	https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2	Get hash	malicious	Unknown	Browse	3.209.199.10
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	54.224.241.105
	https://combatironapparel.com/collections/ranger-panty-shorts	Get hash	malicious	Unknown	Browse	34.234.153.100
AMAZON-AESUS	Fantazy.arm7.elf	Get hash	malicious	Mirai	Browse	44.214.166.227
	4.elf	Get hash	malicious	Unknown	Browse	54.83.86.212
	Fantazy.spc.elf	Get hash	malicious	Unknown	Browse	18.205.97.124
	sora.mpsl.elf	Get hash	malicious	Unknown	Browse	54.54.116.237
	sora.mips.elf	Get hash	malicious	Unknown	Browse	18.232.167.130
	sora.sh4.elf	Get hash	malicious	Unknown	Browse	18.235.27.118
	sora.x86.elf	Get hash	malicious	Unknown	Browse	44.221.119.221
	https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2	Get hash	malicious	Unknown	Browse	3.209.199.10
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	54.224.241.105
	https://combatironapparel.com/collections/ranger-panty-shorts	Get hash	malicious	Unknown	Browse	34.234.153.100

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	ReIayMSG__polarisrx.com_#6577807268.htm	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	24EPV9vjc5.exe	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://identity.thoughtspotlogin.cloud/	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	https://identity.login-authenticate.cloud/	Get hash	malicious	HTMLPhisher	Browse	173.222.162.64
	https://www.nwocipuk.com/	Get hash	malicious	Unknown	Browse	173.222.162.64
	http://hl.softbc.net/	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://qr.me-qr.com/PVhBu5SR	Get hash	malicious	Unknown	Browse	173.222.162.64
	Condenast eCHECK- Payment Advice.html	Get hash	malicious	Unknown	Browse	173.222.162.64
	http://ns8.lutheranph.com/	Get hash	malicious	Unknown	Browse	173.222.162.64
	https://email.analystratings.net/ls/click?upn=u001.WeKo-2BCuHku2kJmVIsYmGxsYmJ5tlN1JIFNOQtoSEGkLgECYxMchW4UXMllXUALJmesTsjgTR1H-2FvUTVSSAEe4R1GQy-2Bvbd8Zmmy4leDYmh9UNV6oDPX-2BT4wzcyKrfAdXvv6hKSBoru3q77depPs43qOB1DgUqmMdQP-2BNz7H62jYGp-2BH9nmpPKVjXmtKn9w5STVYGL4aqMBL65ruXSYeXZw-3D-3Didct_tUVFAbhJxF44ufbifaYzyYApcQooCC4WsuZoiwe419OCcA-2Bhorh4noX10R0htjc0oQD2shNvY2qd7sBvACS4ZxcOvRGqgf-2FzJzWjtjVb7R-2Fc1EPJdReLV-2BtujCvON-2Bc7V1MBDoLDS-2FjF655eEyLK512HQYbp-2FAbQ3P7q3sD01OmQtuWrJdDi7i9EqNYnB7vGsmi9YvC3tf2fi-2F59j5CgE2Yo8KxAbs4pwwxMvCRmFfOK49lsAVAfn3guJ7HTuaWX	Get hash	malicious	Unknown	Browse	173.222.162.64
3b5074b1b5d032e5620f69f9f700ff0e	dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67
	#U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67
	PO-12202432_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67
	RFQ-12202430_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67
	PO-12202432_ACD_Group.pif.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.113.110.67
	Copy shipping docs PO EV1786 LY ECO PAK EV1.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	40.113.110.67

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
Category:	downloaded
Size (bytes):	214546
Entropy (8bit):	6.041142962874876
Encrypted:	false
SSDEEP:	3072:NfMuP57ZiybKvXCgXM2VfZqssVACEt2lPsHr5tIBXlRYfifHkWf5EeQSJ:xMuB7ZiWYCgXM2Vhq3ZsDaRZ9f5EeQA
MD5:	6B207845061B2BF9205C8418D478CC0B
SHA1:	1CD7CA95B77F834D0139B3544960BB0894D8986A
SHA-256:	73A4E89F6A4A2D463FC841F6888E4A1C2C004C04FD6917E26B8EF4A3EB95B1B9
SHA-512:	70EE305E4FB57DF81865350EA1C095A5C82D37E95B2EAED7451EC109D753E51E052A27FBEEDB9599F20E482B5104A10C11ABCE4A96D3CB7AA6521F5577B7079F
Malicious:	false
Reputation:	low
URL:	https://helpimg.s3.amazonaws.com/LP_videos/hook.wav:2f89e03edce6e2:0
Preview:	RIFF.F..WAVEfmt .........>............data....A.A.L.L.....A.A.....8.8.....%.%.....!.!........... . ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, MP4 v2 [ISO 14496-14]
Category:	downloaded
Size (bytes):	330771
Entropy (8bit):	7.984133459416677
Encrypted:	false
SSDEEP:	6144:IU5AAJzcrnpsBKbzqKknn3jExWnVDUuc1GsMBtfKp+CAOuB:IU5AAdIpsg2Rn35V451GjK+B
MD5:	117B3EDC22858D8B022E75C64001CEAD
SHA1:	AE472CEAFDFF63269CBFB9CBA32CBF86F4DF87DA
SHA-256:	3C4B320C59285D50965C670933599F802D74E50EBC8014BB1841723F53835F29
SHA-512:	E7B72DC60F0FC39A16BE220063FD18E593961D55FB63272A1CA8C60589D328A09C93121B732E0F2E1D7DA82403D53036AB9D86BABE504406F1E267B72D509B22
Malicious:	false
Reputation:	low
URL:	https://helpimg.s3.amazonaws.com/LP_videos/You've_Been_Phished.mp4:2f89e03ebce8dc:0
Preview:	... ftypmp42....isomiso2avc1mp41...)moov...lmvhd.....b]$.b]$........................................................@...................................iods..........O.........trak...\tkhd.....b]$.b]$............................................................@........8.....$edts....elst...............L........mdia... mdhd.....b]$.b]$.._...5.U......-hdlr........vide............VideoHandler....Qminf....vmhd...............$dinf....dref............url ........stbl....stsd............avc1...........................8.H...H...............................................5avcC.M@(....gM@(.<....-@@@P......+....`...h..2.....stts...........~........stss................sdtp.... .................................................................................................................................ctts.......o.......L......I>.......L......................I>.......L......................I>.......L......................I>.......L......................I>.......L......................I>......

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1873
Entropy (8bit):	5.373025747899122
Encrypted:	false
SSDEEP:	24:hMK6mVWGWKHKFFiZdWbVpd58kETAh2grGnf8+3gpN6aga0aSBanOE3O6IhXxSwE9:Amw5K/OnsAcgHBnLSoOkfCXQB9
MD5:	13C9494962C16BB09F2921E60CDC11A3
SHA1:	8E66D9D1B4B04B5FC8A7B8D72FBBEFB12BA2150B
SHA-256:	74133370E122C9BB68F488AAAD71134DBFB2456BD9B462C244E562E44CB57B83
SHA-512:	FC6DA99ACF5E397DE125E7D9FA3B804AF46BB534DD6706ED6748746EEF4CA1998B83007BA65EED5E915601666D451EBD463EA68F0653518C08BE520E5DBA7122
Malicious:	false
Reputation:	low
URL:	https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. .<style type="text/css">body {..background-color: #306075;.}.audio { . display:none;.}..audio::-internal-media-controls-download-button {. display:none;.}.audio::-webkit-media-controls

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (407)
Category:	downloaded
Size (bytes):	461
Entropy (8bit):	5.817211558120496
Encrypted:	false
SSDEEP:	12:3R+xnePUeR00JBzTzQzHWnmsvBYpYQj2BHQ8DZK4AEdeIQL:3EdeBTrms5lQjkJDZKNEkj
MD5:	F0C7285A0492B4C1FCBA54CD3AFBD6E0
SHA1:	471EF22294645CFC58FAFB1CAC61A7913F4E30B6
SHA-256:	43DF9329C0AA4FE3521AC6D0BF6F1A959B3314F12B65CA0648FB563374D11DAF
SHA-512:	70C7A4B8C26063B67E231C1EEDFBA57BF9B4DAEFDBF09A03F724DE6EB0F9CF8F3ADAF8AFC2F8C099B73522A36F7BA0C3F0FA6F8A9F47551131E29239CE19F2B5
Malicious:	false
URL:	https://do.not.click.on.this.link.instantrevert.net/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==?cid=2358546053
Preview:	<html>. <head>. <script>window.location.href = 'https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==';</script>. </head>. <body>. </body>.</html>.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1471
Entropy (8bit):	4.754611179426391
Encrypted:	false
SSDEEP:	24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
MD5:	15E89F9684B18EC43EE51F8D62A787C3
SHA1:	9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256:	16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512:	79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious:	false
URL:	https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Preview:	/* line 1, app/assets/stylesheets/landing-watermark.scss /..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../ line 4, app/assets/stylesheets/landing-watermark.scss /..watermark.left {. left: 0;.}../ line 7, app/assets/stylesheets/landing-watermark.scss /..watermark.right {. right: 0;.}../ line 10, app/assets/stylesheets/landing-watermark.scss /..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../ line 15, app/assets/stylesheets/landing-watermark.scss /..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../ line 24, app/assets/stylesheets/landing-watermark.scss /.#template_sei .watermark.left {. margin-left: -10px;.}../ li

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1873
Entropy (8bit):	5.373025747899122
Encrypted:	false
SSDEEP:	24:hMK6mVWGWKHKFFiZdWbVpd58kETAh2grGnf8+3gpN6aga0aSBanOE3O6IhXxSwE9:Amw5K/OnsAcgHBnLSoOkfCXQB9
MD5:	13C9494962C16BB09F2921E60CDC11A3
SHA1:	8E66D9D1B4B04B5FC8A7B8D72FBBEFB12BA2150B
SHA-256:	74133370E122C9BB68F488AAAD71134DBFB2456BD9B462C244E562E44CB57B83
SHA-512:	FC6DA99ACF5E397DE125E7D9FA3B804AF46BB534DD6706ED6748746EEF4CA1998B83007BA65EED5E915601666D451EBD463EA68F0653518C08BE520E5DBA7122
Malicious:	false
URL:	https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. .<style type="text/css">body {..background-color: #306075;.}.audio { . display:none;.}..audio::-internal-media-controls-download-button {. display:none;.}.audio::-webkit-media-controls

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (405), with CRLF line terminators
Entropy (8bit):	5.237502318334434
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	PaymentAdvice.html
File size:	2'171 bytes
MD5:	90ce7315cc822147623ea89b5a14a2bf
SHA1:	2c3553c3132441a0dd6252cf8a0122aa68c79db0
SHA256:	648740727bb4ba312c96fc2e91d2a0b1770afd3659b29d1cd669f1aa47372318
SHA512:	7f8b1d5da21ca7a32e095c020eb2fe4b94ac7af9005f6a566f79a713777cefbaab64cb2ae7f1b4f6bbba1086cd6134e707d3917929ad81f319b6f96443cddba6
SSDEEP:	24:0WMq8508nCkEPbniGxMD4TcQq7athO+dDlgbO8dZbFT2mRnTrms5lQjkJDZJeVcB:0WMqozTGbTW2tbdDl0TxnffmkJrJcPw
TLSH:	9D41627985C42A29C437833C4BD2E264EB63485B239790A97C8D798BAFB55306077FCD
File Content Preview:	<!doctype html>..<html lang="en">..<head>.. This html attachment is a part of a KnowBe4 Simulated Phishing Test -->.. <meta charset="utf-8">.. <title>Page Has Been Moved</title>.. <meta name="viewport" content="width=device-width, initial

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:14:59.727484941 CET	49673	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:14:59.727483034 CET	49674	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:00.055568933 CET	49672	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:04.038649082 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:04.038713932 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:04.038773060 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:04.039797068 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:04.039812088 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:04.834171057 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:04.834450006 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:04.852118969 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:04.852158070 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:04.852499962 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:04.930588961 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.592983007 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.593066931 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.593075037 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:06.593317032 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.635339022 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:06.763370991 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:06.763469934 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:06.763526917 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.764344931 CET	49708	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:06.764359951 CET	443	49708	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:08.737821102 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:08.737864971 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:08.737941980 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:08.738183975 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:08.738198996 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:08.812417030 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:08.812452078 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:08.812514067 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:08.813271046 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:08.813282967 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.162981987 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.163075924 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.163161993 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.163434982 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.163466930 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.340909958 CET	49673	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:09.356358051 CET	49674	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:09.445836067 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.446240902 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.446252108 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.446755886 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.446836948 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.447453022 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.447499990 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.448611975 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.448683023 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.448784113 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.448795080 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.556637049 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.626738071 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.626900911 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.629940033 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.629959106 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.630176067 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.632102013 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.632102013 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.632123947 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.632278919 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.657237053 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.657412052 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.658802032 CET	49672	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:09.658873081 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.662166119 CET	49712	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.662194967 CET	443	49712	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.675343037 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.729108095 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.729156971 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.729538918 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.729538918 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.729576111 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.806268930 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.806435108 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.806972027 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.808377981 CET	49713	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:09.808397055 CET	443	49713	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:09.851356030 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.851789951 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.851855040 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.852288008 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.852379084 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.852897882 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.853468895 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.853737116 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.853801966 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:09.934046984 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:09.934072971 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.038674116 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.215847015 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.216403008 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.216423035 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.216805935 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.217746019 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.217753887 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.218868971 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.218868971 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.218952894 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.219331980 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.263379097 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.272586107 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.272604942 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.319386959 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.415981054 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.416070938 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.417465925 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.417495012 CET	443	49719	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:10.417525053 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:10.417654037 CET	49719	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:11.405875921 CET	443	49704	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:11.405973911 CET	49704	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:12.504327059 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:12.504390001 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:12.504466057 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:12.504682064 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:12.504704952 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.245985031 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.246557951 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:13.246588945 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.247595072 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.247659922 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:13.248878956 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:13.248934031 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.304203987 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:13.304245949 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:13.351083994 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:17.726669073 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.726715088 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:17.726839066 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.727427006 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.727447033 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:17.727891922 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.727951050 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:17.728018999 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.728219032 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:17.728238106 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.533828974 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.534040928 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.534065962 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.534406900 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.534455061 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.535100937 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.535156012 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.535286903 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.535341024 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.535423994 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.535429955 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.541132927 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.541671991 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.541678905 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.542155981 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.542217970 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.543147087 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.543196917 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.543349981 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.543411016 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.589746952 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.589754105 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.589844942 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.635466099 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.764611959 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.764684916 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.764825106 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.765625000 CET	49762	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:18.765665054 CET	443	49762	3.213.222.32	192.168.2.6
Jan 9, 2025 19:15:18.835747957 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.835797071 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:18.836154938 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.836191893 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.836203098 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:18.836375952 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.836389065 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:18.836405993 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.836525917 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:18.836539030 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.694904089 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.695234060 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.695292950 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.696407080 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.696480989 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.697685003 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.697772026 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.697829008 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.697866917 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.703275919 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.703473091 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.703490973 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.708327055 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.708412886 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.709387064 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.709481001 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.742839098 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.761162043 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:19.761177063 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:19.806602955 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:21.254386902 CET	49704	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:21.255336046 CET	49704	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:21.258332968 CET	49787	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:21.258378983 CET	443	49787	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:21.258537054 CET	49787	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:21.259188890 CET	443	49704	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:21.260127068 CET	443	49704	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:21.262244940 CET	49787	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:21.262259007 CET	443	49787	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:21.963546991 CET	443	49787	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:21.963639975 CET	49787	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:22.011230946 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.011250973 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.011307001 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.011374950 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.011374950 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.106252909 CET	49771	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.106326103 CET	443	49771	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.127680063 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.127720118 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.127821922 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.127979040 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.127979040 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.128012896 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.171351910 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.381326914 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.381350040 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.381402016 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.381423950 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.382028103 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.382083893 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.386286020 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.386301994 CET	443	49770	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.386327982 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.386365891 CET	49770	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.655409098 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.655766010 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.655797005 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.656960964 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.657479048 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.657479048 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.657516003 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.657675028 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.710230112 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.953993082 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954020023 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954029083 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954070091 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954088926 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.954096079 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954106092 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954123974 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.954154015 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.954154015 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.954169989 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.955487967 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.955509901 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.955591917 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.955591917 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:22.955600977 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:22.999336958 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.050868034 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.050880909 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.050924063 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.050954103 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.050980091 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.051012039 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.051275969 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.051942110 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.051960945 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.052042961 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.052051067 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.052175999 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.052947044 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.052963018 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.053061962 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.053061962 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.053071022 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.053122044 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.054971933 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.055008888 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.055046082 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.055340052 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.055346012 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.055614948 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.119330883 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:23.119395971 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:23.119478941 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:23.140758991 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.140785933 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.140921116 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.140940905 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.141097069 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.141813040 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.141835928 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.141885996 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.141892910 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.141936064 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.141936064 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.142596960 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.142620087 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.142699957 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.142699957 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.142707109 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.142822981 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.143779039 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.143801928 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.143923998 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.143929958 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.144124985 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.144829035 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.144859076 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.144953012 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.144953012 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.144959927 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.145049095 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.145798922 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.145831108 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.145901918 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.145901918 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.145910978 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.145956993 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.226917028 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.226948023 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.227006912 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.227015972 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.227065086 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.227065086 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.227627039 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.227648973 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.227698088 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.227705002 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.227752924 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.227752924 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.228003979 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.228023052 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.228092909 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.228092909 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.228099108 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.228610039 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.228636980 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.228697062 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.228697062 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.228703022 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.229239941 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.229430914 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.229451895 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.229520082 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.229526043 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.229754925 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.229832888 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.229851961 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.230542898 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.230542898 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.230557919 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.230576992 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.230635881 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.230635881 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.230643034 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.230822086 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.313816071 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.313843012 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.313930035 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.313930035 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.313945055 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314348936 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314368963 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314416885 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.314416885 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.314424038 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314594984 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314609051 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314970970 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.314991951 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.315018892 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315018892 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315027952 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.315037966 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.315068960 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315068960 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315078974 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.315107107 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.315598011 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315618992 CET	49792	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.315632105 CET	443	49792	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.321643114 CET	49723	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:15:23.321666002 CET	443	49723	142.250.185.228	192.168.2.6
Jan 9, 2025 19:15:23.330122948 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.335558891 CET	53	49805	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.335659981 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.335793972 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.335803986 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.341295004 CET	53	49805	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.341308117 CET	53	49805	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.348138094 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.348174095 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.348238945 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.349018097 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.349033117 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.404073954 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404110909 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:23.404202938 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404237032 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404242039 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:23.404294968 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404500961 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404512882 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:23.404639006 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:23.404654980 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:23.523655891 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.524111032 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.524142027 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.524307013 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.524544954 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.524553061 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.570302963 CET	53	49805	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.806133032 CET	53	49805	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.806197882 CET	49805	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.936609983 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.937031031 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.937060118 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.937393904 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.937731981 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.937786102 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:23.937884092 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:23.979321957 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.033837080 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.034274101 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.034311056 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.035372019 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.035427094 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.036725044 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.036791086 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.037158012 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.037166119 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.052181959 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.052458048 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.052484989 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.053487062 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.053536892 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.053972006 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.054018974 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.055732012 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.055746078 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.056932926 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.057132959 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.057143927 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.058170080 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.058226109 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.058815002 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.058866024 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.059014082 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.059019089 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.085030079 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.103341103 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.103341103 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.185866117 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.201478958 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.201491117 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.201505899 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.201554060 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.201597929 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.201626062 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.201659918 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.206290960 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.220391989 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.220401049 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.220416069 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.220448017 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.220474958 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.220489025 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.220829010 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485119104 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485152960 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485200882 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485203981 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485249996 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485286951 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485320091 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485343933 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485358953 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485487938 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485538960 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485558033 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485574961 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.485596895 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.485619068 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.485688925 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.485709906 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.485749006 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.485784054 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.485810041 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.485862970 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.485927105 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.485939980 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.486102104 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.486160994 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.486181974 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.486203909 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.486222029 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.486234903 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.486251116 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.486277103 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.486290932 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.486306906 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.486336946 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.486371040 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.486937046 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.486962080 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.487015963 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.487029076 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.487056971 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.490020037 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.490077019 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.490103960 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.490119934 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.490148067 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.490174055 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.490776062 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.490844011 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.490860939 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.490885019 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.490932941 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.492005110 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492058039 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492069006 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492088079 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492117882 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492139101 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492494106 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492541075 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492563009 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492578983 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492610931 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492628098 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.492640018 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.492902994 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.492965937 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.492980957 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.493002892 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.493041039 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.493665934 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.493727922 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.493740082 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.493784904 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.493961096 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494009018 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494030952 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.494045973 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494080067 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.494611025 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494633913 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494664907 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494702101 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.494714975 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.494745970 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.496987104 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.497054100 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.497076988 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.497111082 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.497122049 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.497168064 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497169018 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.497183084 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497194052 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497220039 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497239113 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.497245073 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.497256041 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497271061 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.497303963 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.497304916 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.497351885 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.499237061 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.499295950 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.499325037 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499340057 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.499346972 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499351025 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.499375105 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.499396086 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.499408960 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499437094 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.499453068 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.499629974 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499653101 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499680996 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499705076 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.499720097 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.499747992 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.500494957 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.500516891 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.500555992 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.500570059 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.500602961 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.501121998 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.501182079 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.501197100 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.501216888 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.501256943 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.501260996 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.501287937 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.501313925 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.501324892 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.501352072 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.502242088 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.502262115 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.502294064 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.502302885 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.502319098 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.502778053 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.502794027 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.502835989 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.502840042 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.502871990 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.502937078 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.502973080 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.502986908 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.502993107 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503021955 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503047943 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503236055 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503257036 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503287077 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503288984 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503298998 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503320932 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503329992 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503494024 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503516912 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503547907 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503556967 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.503571033 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.503782034 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.503798962 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.503830910 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.503834963 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.503851891 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.503868103 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.505235910 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505254030 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505291939 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505306959 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505311966 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505321980 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505354881 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505625010 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505641937 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505673885 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505682945 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505700111 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505863905 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505888939 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505911112 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505919933 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505930901 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505950928 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.505954981 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.505987883 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.544524908 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.544610023 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.544663906 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.544697046 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.544730902 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.544905901 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.544970036 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545018911 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545031071 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545068026 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545188904 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545241117 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545325041 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545325041 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545342922 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545406103 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545705080 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545763016 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545810938 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.545821905 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.545855045 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.546433926 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546499014 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546546936 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.546557903 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546591043 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.546746016 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546799898 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546852112 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.546863079 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.546896935 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.547228098 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.547292948 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.547348976 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.547359943 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.547445059 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.548753977 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.548783064 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.548814058 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.548830032 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.548856020 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.548856974 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.548872948 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.548908949 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.549209118 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.549257994 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549268961 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.549279928 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549293995 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.549309015 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.549336910 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.549336910 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.549350977 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549376965 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.549376965 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.549685955 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549727917 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549760103 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549777031 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.549798012 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.549820900 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.549994946 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550014973 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550061941 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550076008 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550112009 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550344944 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550395966 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550424099 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550434113 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550460100 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550479889 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550767899 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550805092 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550815105 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550827980 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.550856113 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550875902 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.550940037 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.551147938 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.551163912 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.551192999 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.551227093 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.551238060 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.551280022 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.552256107 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.595108032 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.595140934 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.595180988 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.595221996 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.595233917 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.595267057 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.595293045 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.596668005 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.636974096 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637001038 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637083054 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.637083054 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.637093067 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637631893 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637660027 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637670994 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.637676954 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.637696981 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638191938 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638206005 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638231039 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638235092 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638271093 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638376951 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638397932 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638413906 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638417959 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638447046 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638744116 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638758898 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638782978 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638786077 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638812065 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638854027 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638866901 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638880014 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638890982 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638912916 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.638972998 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.638998032 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.640572071 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.655236959 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.657915115 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.667974949 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.667974949 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.667999029 CET	443	49808	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.668236971 CET	49808	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.698542118 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.700480938 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.700515032 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.700923920 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.700923920 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.700957060 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.710248947 CET	49807	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:24.710268974 CET	443	49807	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:24.733745098 CET	49810	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.733767033 CET	443	49810	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.867685080 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.867697001 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.867768049 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.868273973 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.868304968 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.876390934 CET	49806	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.876410961 CET	443	49806	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.905364990 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.905412912 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:24.905472994 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.905755997 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:24.905771017 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.271815062 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.272063971 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.272073030 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.272412062 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.272979975 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.272979975 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.272995949 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.273040056 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.320748091 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.395190954 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.395445108 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.395473003 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.395847082 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.396195889 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.396267891 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.396358013 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.418839931 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.419862032 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.419886112 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.419995070 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.419995070 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.420042992 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.423579931 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.423648119 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.423702002 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.423722029 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.423835039 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.424041033 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.426255941 CET	49816	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.426326990 CET	443	49816	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.426841021 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.426877022 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.427151918 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.427234888 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.427243948 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.443331003 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.457714081 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.457752943 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.458250046 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.458302975 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.458312035 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.544761896 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.544842005 CET	443	49821	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:25.545190096 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.545190096 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.545243025 CET	49821	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:25.587306023 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.587407112 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:25.587501049 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.587805033 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:25.587836981 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.001004934 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.001296043 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.001311064 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.002439976 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.002736092 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.002876043 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.002883911 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.002908945 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.026312113 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.026783943 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.026801109 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.027142048 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.027493954 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.027553082 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.027637959 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.055107117 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.071357965 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.132189035 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134445906 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134453058 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134468079 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134474039 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134480000 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134495974 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.134510040 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.134545088 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.134576082 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.136363029 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.136409998 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.151422024 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.151957035 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.152010918 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.152955055 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.153038979 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.153337002 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.153404951 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.153479099 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.153503895 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.173865080 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.174451113 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.174514055 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.174529076 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.196696043 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.224438906 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.224498987 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.224529982 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.224543095 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.224574089 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.224587917 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.224602938 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.226135015 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.226175070 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.226177931 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.226202011 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.226211071 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.226243019 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.274030924 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.274051905 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314282894 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314301014 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314369917 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.314393997 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314439058 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314448118 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.314483881 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.314508915 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.314567089 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.315704107 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.316364050 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.316397905 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.316436052 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.316442966 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.316478968 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.316505909 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.317626953 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317650080 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317689896 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317704916 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.317753077 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317780972 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317823887 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.317850113 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.317862988 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.317913055 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.320270061 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.324455976 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324465036 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324496031 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324520111 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324523926 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.324528933 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324543953 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324556112 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.324590921 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.324604034 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.324609041 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.325356007 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.325393915 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.325419903 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.325427055 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.325469017 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.325541973 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.325594902 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.326730013 CET	49822	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.326745033 CET	443	49822	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.327939987 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.328037024 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.328123093 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.328361988 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.328398943 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.403491020 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.403527021 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.403575897 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.403584003 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.403615952 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.403645992 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.404094934 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404156923 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404186964 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.404263973 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404299974 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.404306889 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404325962 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.404345036 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404361963 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404370070 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.404401064 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.404433012 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.405359030 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.405421972 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.405422926 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.405453920 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.405482054 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.406713963 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.406764984 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.406781912 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.406800985 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.406845093 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.407252073 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.407304049 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.407324076 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.407349110 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.407373905 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.438935995 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.438985109 CET	443	49825	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.439052105 CET	49825	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.445343018 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.445377111 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.445432901 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.445835114 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.445848942 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.461553097 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.461580038 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.492980957 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493005991 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493071079 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.493103027 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493791103 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493810892 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493875027 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.493932962 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.493932962 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.493953943 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.494949102 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.494965076 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.495013952 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.495034933 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.495331049 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.495349884 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.495368958 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.495443106 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.495443106 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.495448112 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.495573044 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.496371984 CET	49823	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.496393919 CET	443	49823	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.899774075 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.910778999 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.910813093 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.912193060 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.912300110 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.922848940 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.922848940 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.922899961 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.923006058 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:26.968310118 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:26.968346119 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.002940893 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.012865067 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.047597885 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.047852039 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.052066088 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.062355995 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.317337990 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.317421913 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.318814039 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.319515944 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.319725990 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.320138931 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.324801922 CET	49830	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.324872971 CET	443	49830	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.367341995 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.437592983 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.438698053 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.438707113 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.439143896 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.439165115 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.439986944 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.440032959 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.440061092 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.440083981 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.440191031 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.449214935 CET	49832	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.449225903 CET	443	49832	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.453238010 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.453277111 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:27.453370094 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.453727007 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:27.453739882 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.039741039 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.040014982 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.040045977 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.040407896 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.040693998 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.040759087 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.040832996 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.083333015 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.235266924 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.236783028 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.236804008 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.236865044 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.236941099 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.236975908 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.237004995 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.326950073 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.327013016 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.327039957 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.327107906 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.327142954 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.327167034 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.327182055 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.328433990 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.328485012 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.328515053 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.328531027 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.328562021 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.382191896 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.382215023 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.416846037 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.416872025 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.416923046 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.416941881 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.416985035 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.417507887 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.417548895 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.417572975 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.417579889 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.417640924 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.418251038 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.418267012 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.418329954 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.418338060 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.418344021 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.418371916 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.420193911 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.420216084 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.420248032 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.420365095 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.420393944 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.420439959 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.518161058 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518183947 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518215895 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518251896 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.518321991 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518376112 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.518699884 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518723011 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518769979 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.518802881 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518826962 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.518836975 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.518868923 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.520353079 CET	49840	443	192.168.2.6	54.231.227.161
Jan 9, 2025 19:15:28.520390034 CET	443	49840	54.231.227.161	192.168.2.6
Jan 9, 2025 19:15:28.535382986 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:28.535490990 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:28.535576105 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:28.535841942 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:28.535875082 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.017765045 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.018321991 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.018328905 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.019506931 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.020246983 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.020426035 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.020901918 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.063328981 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.130585909 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.130680084 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.130736113 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.172588110 CET	49848	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.172599077 CET	443	49848	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.176317930 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.176352978 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.176402092 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.176987886 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.177006960 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.642946005 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.684190989 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.766268015 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.766289949 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.766952991 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.778023005 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.778146029 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.782033920 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.823337078 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.898104906 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.898375988 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:29.900939941 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.901688099 CET	49854	443	192.168.2.6	34.195.197.181
Jan 9, 2025 19:15:29.901704073 CET	443	49854	34.195.197.181	192.168.2.6
Jan 9, 2025 19:15:33.893311977 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:33.893368006 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:33.893549919 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:33.894195080 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:33.894213915 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.001574039 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.002192974 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.056129932 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.056152105 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.056590080 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.099098921 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.128833055 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.128950119 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.128957033 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.129117966 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.175327063 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.305371046 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.305496931 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:35.305547953 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.305661917 CET	49877	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:15:35.305669069 CET	443	49877	40.113.110.67	192.168.2.6
Jan 9, 2025 19:15:41.120548964 CET	443	49787	173.222.162.64	192.168.2.6
Jan 9, 2025 19:15:41.120610952 CET	49787	443	192.168.2.6	173.222.162.64
Jan 9, 2025 19:15:54.948086023 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:15:54.948101997 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:01.355915070 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:01.355950117 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:01.356024981 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:01.356633902 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:01.356647968 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.339773893 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.339843988 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.343096018 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.343106031 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.343374968 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.346381903 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.346436977 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.346441984 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.346627951 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.387320995 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.549313068 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.549518108 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:02.549673080 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.549755096 CET	50028	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:02.549771070 CET	443	50028	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:03.603065014 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:16:03.603096008 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:04.552495956 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:04.552593946 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:04.552634954 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:16:05.119790077 CET	49718	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:16:05.119812012 CET	443	49718	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:12.544064999 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:12.544107914 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:12.544159889 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:12.544558048 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:12.544568062 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:13.242078066 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:13.244517088 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:13.244558096 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:13.244874954 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:13.245135069 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:13.245196104 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:13.292890072 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:13.452333927 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:13.452438116 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:13.452580929 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:16:15.120019913 CET	49761	443	192.168.2.6	3.213.222.32
Jan 9, 2025 19:16:15.120057106 CET	443	49761	3.213.222.32	192.168.2.6
Jan 9, 2025 19:16:23.135593891 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:23.135674000 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:23.135735035 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:23.146085978 CET	50032	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:16:23.146132946 CET	443	50032	142.250.185.228	192.168.2.6
Jan 9, 2025 19:16:37.790453911 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:37.790492058 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:37.794085979 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:37.794085979 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:37.794117928 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.592021942 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.592128992 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.595673084 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.595690012 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.595940113 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.597583055 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.597737074 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.597737074 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.597743034 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.643325090 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.922390938 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.922477007 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:38.922535896 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.922797918 CET	50035	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:16:38.922816992 CET	443	50035	40.113.110.67	192.168.2.6
Jan 9, 2025 19:16:39.708237886 CET	49703	80	192.168.2.6	2.16.164.97
Jan 9, 2025 19:16:39.713634014 CET	80	49703	2.16.164.97	192.168.2.6
Jan 9, 2025 19:16:39.713752031 CET	49703	80	192.168.2.6	2.16.164.97
Jan 9, 2025 19:17:12.604687929 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:12.604733944 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:12.604814053 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:12.605169058 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:12.605180979 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:13.278409958 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:13.278816938 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:13.278846025 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:13.279966116 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:13.280318022 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:13.280495882 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:13.321290016 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:19.741605997 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:19.741651058 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:19.741821051 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:19.742482901 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:19.742505074 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.718070984 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.718194962 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.720002890 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.720011950 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.720248938 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.722202063 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.722266912 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.722270012 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.722430944 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.763335943 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.936707973 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.936861038 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:20.936924934 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.937172890 CET	50037	443	192.168.2.6	40.113.110.67
Jan 9, 2025 19:17:20.937192917 CET	443	50037	40.113.110.67	192.168.2.6
Jan 9, 2025 19:17:23.194319010 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:23.194483042 CET	443	50036	142.250.185.228	192.168.2.6
Jan 9, 2025 19:17:23.194555998 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:25.122729063 CET	50036	443	192.168.2.6	142.250.185.228
Jan 9, 2025 19:17:25.122760057 CET	443	50036	142.250.185.228	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 19:15:08.679383993 CET	53	55559	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:08.692001104 CET	50467	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:08.692182064 CET	60229	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:08.698273897 CET	53	56119	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:08.728606939 CET	53	50467	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:08.733974934 CET	53	60229	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:09.670093060 CET	51393	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:09.670613050 CET	61673	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:09.714282036 CET	53	51393	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:09.740200043 CET	53	61673	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:10.075598001 CET	53	56818	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:12.492574930 CET	62013	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:12.492713928 CET	56660	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:12.501435995 CET	53	56660	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:12.503469944 CET	53	62013	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:13.345366955 CET	53	55694	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:17.681041956 CET	62336	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:17.681374073 CET	54041	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:17.714346886 CET	53	62336	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:17.725792885 CET	53	54041	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:18.822154045 CET	56534	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:18.822437048 CET	51265	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:18.831404924 CET	53	51265	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:18.835118055 CET	53	56534	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.322010040 CET	54682	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.322129011 CET	62096	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.329771996 CET	53	62096	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.372874975 CET	61548	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.373035908 CET	57217	53	192.168.2.6	1.1.1.1
Jan 9, 2025 19:15:23.397401094 CET	53	61548	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.403486013 CET	53	57217	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:23.479914904 CET	53	54682	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:27.330522060 CET	53	51631	1.1.1.1	192.168.2.6
Jan 9, 2025 19:15:46.157716990 CET	53	49592	1.1.1.1	192.168.2.6
Jan 9, 2025 19:16:08.142755032 CET	53	52975	1.1.1.1	192.168.2.6
Jan 9, 2025 19:16:09.030652046 CET	53	62697	1.1.1.1	192.168.2.6
Jan 9, 2025 19:16:38.926597118 CET	53	56768	1.1.1.1	192.168.2.6
Jan 9, 2025 19:17:26.016551971 CET	53	61360	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 9, 2025 19:15:09.740289927 CET	192.168.2.6	1.1.1.1	c27f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 19:15:08.692001104 CET	192.168.2.6	1.1.1.1	0x3dde	Standard query (0)	do.not.click.on.this.link.instantrevert.net	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.692182064 CET	192.168.2.6	1.1.1.1	0xe6a	Standard query (0)	do.not.click.on.this.link.instantrevert.net	65	IN (0x0001)	false
Jan 9, 2025 19:15:09.670093060 CET	192.168.2.6	1.1.1.1	0x4c46	Standard query (0)	do.not.click.on.this.link.instantrevert.net	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.670613050 CET	192.168.2.6	1.1.1.1	0xd427	Standard query (0)	do.not.click.on.this.link.instantrevert.net	65	IN (0x0001)	false
Jan 9, 2025 19:15:12.492574930 CET	192.168.2.6	1.1.1.1	0xcab3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:12.492713928 CET	192.168.2.6	1.1.1.1	0x282	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 19:15:17.681041956 CET	192.168.2.6	1.1.1.1	0x52e2	Standard query (0)	do.not.click.on.this.link.instantrevert.net	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.681374073 CET	192.168.2.6	1.1.1.1	0xbbac	Standard query (0)	do.not.click.on.this.link.instantrevert.net	65	IN (0x0001)	false
Jan 9, 2025 19:15:18.822154045 CET	192.168.2.6	1.1.1.1	0xc314	Standard query (0)	secured-login.net	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.822437048 CET	192.168.2.6	1.1.1.1	0xa39e	Standard query (0)	secured-login.net	65	IN (0x0001)	false
Jan 9, 2025 19:15:23.322010040 CET	192.168.2.6	1.1.1.1	0xb78d	Standard query (0)	secured-login.net	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.322129011 CET	192.168.2.6	1.1.1.1	0x296f	Standard query (0)	secured-login.net	65	IN (0x0001)	false
Jan 9, 2025 19:15:23.372874975 CET	192.168.2.6	1.1.1.1	0x1780	Standard query (0)	helpimg.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.373035908 CET	192.168.2.6	1.1.1.1	0x4862	Standard query (0)	helpimg.s3.amazonaws.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		3.213.222.32	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		18.215.17.233	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		23.21.224.251	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.728606939 CET	1.1.1.1	192.168.2.6	0x3dde	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:08.733974934 CET	1.1.1.1	192.168.2.6	0xe6a	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		3.213.222.32	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		18.215.17.233	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		23.21.224.251	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.714282036 CET	1.1.1.1	192.168.2.6	0x4c46	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:09.740200043 CET	1.1.1.1	192.168.2.6	0xd427	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:12.501435995 CET	1.1.1.1	192.168.2.6	0x282	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 9, 2025 19:15:12.503469944 CET	1.1.1.1	192.168.2.6	0xcab3	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		3.213.222.32	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		18.215.17.233	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		23.21.224.251	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.714346886 CET	1.1.1.1	192.168.2.6	0x52e2	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:17.725792885 CET	1.1.1.1	192.168.2.6	0xbbac	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		3.213.222.32	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		18.215.17.233	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		23.21.224.251	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:18.835118055 CET	1.1.1.1	192.168.2.6	0xc314	No error (0)	secured-login.net		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	helpimg.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.227.161	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.71.121	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.130.137	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.234.57	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.132.17	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.45.12	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.49.161	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.397401094 CET	1.1.1.1	192.168.2.6	0x1780	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.139.241	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.403486013 CET	1.1.1.1	192.168.2.6	0x4862	No error (0)	helpimg.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:23.403486013 CET	1.1.1.1	192.168.2.6	0x4862	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		18.215.17.233	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		23.21.224.251	A (IP address)	IN (0x0001)	false
Jan 9, 2025 19:15:23.479914904 CET	1.1.1.1	192.168.2.6	0xb78d	No error (0)	secured-login.net		3.213.222.32	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

do.not.click.on.this.link.instantrevert.net

https:

secured-login.net

helpimg.s3.amazonaws.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 7a 4b 4c 6b 5a 56 48 51 6b 61 41 4b 44 56 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 30 34 64 35 63 34 38 36 30 66 64 38 30 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +zKLkZVHQkaAKDVz.1Context: 7904d5c4860fd80e
2025-01-09 18:15:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:15:06 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 2b 7a 4b 4c 6b 5a 56 48 51 6b 61 41 4b 44 56 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 30 34 64 35 63 34 38 36 30 66 64 38 30 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: +zKLkZVHQkaAKDVz.2Context: 7904d5c4860fd80e<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2025-01-09 18:15:06 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 7a 4b 4c 6b 5a 56 48 51 6b 61 41 4b 44 56 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 30 34 64 35 63 34 38 36 30 66 64 38 30 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +zKLkZVHQkaAKDVz.3Context: 7904d5c4860fd80e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:15:06 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:15:06 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 56 76 47 5a 5a 53 55 75 73 30 71 72 7a 78 63 6e 68 4b 4f 2b 59 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: VvGZZSUus0qrzxcnhKO+Yw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49712	3.213.222.32	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:09 UTC	815	OUT	GET /XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1EQ05zS2RuNTExK28vd1pzYXZsUXZVS2R1WWpVdGRVS0lPcmtVMy9NbjRjY3VCc0pyc0Z0UTYySDFURC9EUHlrZjdZY0VtcVNQOXhnOTM4YlVKdTZmU3Jmd09nPT0tLUNuUmFsd2J0WUhhTG5Pdy8tLXJBTzRhc3psZjhRU1VVVFJzQ0kzT1E9PQ==?cid=2358546053 HTTP/1.1 Host: do.not.click.on.this.link.instantrevert.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:09 UTC	486	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:09 GMT Content-Type: text/html Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Cache-Control: no-cache Content-Security-Policy: X-Request-Id: 2b8b9dcf-05e6-4f64-9bd2-901496a79e32 X-Runtime: 0.095838 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49713	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 48 50 6c 77 59 66 71 35 30 6d 6e 39 39 65 58 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 32 30 62 39 39 32 36 65 34 35 39 36 35 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: yHPlwYfq50mn99eX.1Context: dd20b9926e459658
2025-01-09 18:15:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:15:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 79 48 50 6c 77 59 66 71 35 30 6d 6e 39 39 65 58 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 32 30 62 39 39 32 36 65 34 35 39 36 35 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4f 70 37 59 56 35 33 6a 38 51 34 58 4b 45 37 69 76 69 58 79 69 62 51 7a 51 42 4d 73 4d 4b 50 76 51 34 35 50 30 37 30 77 72 57 47 73 51 6e 43 52 38 31 78 6e 4b 74 69 75 44 53 68 66 55 32 36 30 5a 31 64 76 62 57 57 74 77 4a 30 58 6c 62 59 51 51 4c 79 72 39 6d 41 34 41 34 44 51 78 51 42 2b 74 64 76 67 53 6a 68 4f 73 4d 74 70 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: yHPlwYfq50mn99eX.2Context: dd20b9926e459658<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWOp7YV53j8Q4XKE7iviXyibQzQBMsMKPvQ45P070wrWGsQnCR81xnKtiuDShfU260Z1dvbWWtwJ0XlbYQQLyr9mA4A4DQxQB+tdvgSjhOsMtp
2025-01-09 18:15:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 79 48 50 6c 77 59 66 71 35 30 6d 6e 39 39 65 58 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 32 30 62 39 39 32 36 65 34 35 39 36 35 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: yHPlwYfq50mn99eX.3Context: dd20b9926e459658<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:15:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:15:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 30 52 48 6c 31 74 62 62 30 57 41 47 4c 35 33 68 5a 49 32 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: X0RHl1tbb0WAGL53hZI2Vw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49719	3.213.222.32	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:10 UTC	615	OUT	GET /XcmlIeXd3Qk1RS3dZZDBacGl5b3RBT1R6YVVqM2lCem8wMU1EQ05zS2RuNTExK28vd1pzYXZsUXZVS2R1WWpVdGRVS0lPcmtVMy9NbjRjY3VCc0pyc0Z0UTYySDFURC9EUHlrZjdZY0VtcVNQOXhnOTM4YlVKdTZmU3Jmd09nPT0tLUNuUmFsd2J0WUhhTG5Pdy8tLXJBTzRhc3psZjhRU1VVVFJzQ0kzT1E9PQ==?cid=2358546053 HTTP/1.1 Host: do.not.click.on.this.link.instantrevert.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:10 UTC	486	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:10 GMT Content-Type: text/html Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Cache-Control: no-cache Content-Security-Policy: X-Request-Id: 46bba46a-6b02-4bb8-bf32-8d638c24f4e0 X-Runtime: 0.086219 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49762	3.213.222.32	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:18 UTC	1020	OUT	GET /XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==?cid=2358546053 HTTP/1.1 Host: do.not.click.on.this.link.instantrevert.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:18 UTC	574	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 461 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"43df9329c0aa4fe3521ac6d0bf6f1a95" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 67670317-46d6-459e-a1e5-4cac3c21d629 X-Runtime: 0.114663 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:18 UTC	461	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 64 2d 6c 6f 67 69 6e 2e 6e 65 74 2f 70 61 67 65 73 2f 66 32 65 36 66 32 61 39 35 65 61 66 2f 58 63 55 31 55 65 47 74 6f 63 30 35 72 59 6b 5a 61 4b 31 67 78 61 30 56 42 4e 6e 6c 61 65 6a 46 46 59 7a 42 77 63 6d 52 73 4e 7a 4e 71 54 6b 39 33 65 48 52 49 59 32 5a 58 61 6b 6c 6f 55 58 64 74 53 44 64 61 52 44 4e 4d 56 6d 78 4a 59 6a 42 30 54 6c 52 74 56 47 35 55 4c 7a 6b 78 59 56 4a 69 65 6b 78 34 64 7a 64 61 56 55 64 46 51 57 63 76 63 57 46 50 61 32 34 35 52 32 31 79 53 7a 52 6b 51 6c 46 48 4d 45 4a 33 52 47 56 48 63 55 5a 75 55 58 6c 42 4d 58 68 69 62 30 35 Data Ascii: <html> <head> <script>window.location.href = 'https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49771	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:19 UTC	1369	OUT	GET /pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://do.not.click.on.this.link.instantrevert.net/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ==?cid=2358546053 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:22 UTC	832	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1873 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"74133370e122c9bb68f488aaad71134d" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 58f0dec7-871b-4dc0-8c93-efbb3c9498c7 X-Runtime: 2.158227 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:22 UTC	1873	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49770	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:22 UTC	958	OUT	GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:22 UTC	263	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:22 GMT Content-Type: text/css Content-Length: 1471 Connection: close Last-Modified: Thu, 09 Jan 2025 15:03:31 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:22 UTC	1471	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss /.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/ line 4, app/assets/stylesheets/landing-wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49792	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:22 UTC	937	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:22 UTC	279	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:22 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 09 Jan 2025 15:03:31 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:22 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-09 18:15:22 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2025-01-09 18:15:22 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2025-01-09 18:15:23 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49806	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:23 UTC	1044	OUT	GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:24 UTC	832	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:24 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1873 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"74133370e122c9bb68f488aaad71134d" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: cf63f0d1-9288-40e1-b8e5-7ab52c723eca X-Runtime: 0.606168 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:24 UTC	1873	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49808	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:24 UTC	893	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=0-
2025-01-09 18:15:24 UTC	523	IN	HTTP/1.1 206 Partial Content x-amz-id-2: M033dL+5LSmEltzNOgFN2Wndp7lR+38/TW/w5HAjTBvd9r4cYCG+KXWPlAZTufD0N9Md2FrZjzY= x-amz-request-id: 9HTQ6Y67WRSYX7VH Date: Thu, 09 Jan 2025 18:15:25 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 0-214545/214546 Content-Type: audio/vnd.wave Content-Length: 214546 Server: AmazonS3 Connection: close
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 52 49 46 46 0a 46 03 00 57 41 56 45 66 6d 74 20 12 00 00 00 01 00 02 00 80 3e 00 00 00 fa 00 00 04 00 10 00 00 00 64 61 74 61 00 16 03 00 41 00 41 00 4c 00 4c 00 b5 ff b5 ff 41 00 41 00 c5 ff c5 ff 38 00 38 00 d9 ff d9 ff 25 00 25 00 d8 ff d8 ff 21 00 21 00 e9 ff e9 ff 2a 00 2a 00 fd ff fd ff 20 00 20 00 e8 ff e8 ff 04 00 04 00 e1 ff e1 ff 05 00 05 00 ef ff ef ff 0a 00 0a 00 f5 ff f5 ff 0a 00 0a 00 fd ff fd ff 10 00 10 00 fa ff fa ff 03 00 03 00 fd ff fd ff 04 00 04 00 ff ff ff ff 05 00 05 00 fb ff fb ff fd ff fd ff f6 ff f6 ff fc ff fb ff fe ff fe ff 06 00 06 00 00 00 00 00 fd ff fd ff fc ff fc ff 06 00 06 00 09 00 09 00 09 00 09 00 03 00 03 00 fd ff fd ff fe ff fe ff 00 00 00 00 fd ff fd ff fb ff fb ff fd ff fd ff 00 00 00 00 01 00 01 00 00 00 00 00 02 Data Ascii: RIFFFWAVEfmt >dataAALLAA88%%!!**
2025-01-09 18:15:24 UTC	501	IN	Data Raw: 70 fd eb fd eb fd be fd be fd ea fd ea fd c8 fd c8 fd 61 fe 61 fe 72 fe 72 fe 8c fe 8c fe 5f fe 5f fe c3 fe c3 fe b2 fe b2 fe 0e ff 0e ff 0a ff 0a ff 38 ff 38 ff 5b ff 5b ff a7 ff a7 ff c0 ff c0 ff d3 ff d3 ff 37 00 37 00 51 00 51 00 5a 00 5a 00 99 00 99 00 f7 00 f7 00 24 01 24 01 65 01 65 01 98 01 98 01 f7 01 f7 01 41 02 41 02 72 02 72 02 a9 02 a9 02 af 02 af 02 f2 02 f2 02 03 03 03 03 75 03 75 03 22 03 22 03 90 03 90 03 c8 03 c8 03 76 03 76 03 25 04 25 04 f2 03 f2 03 29 04 29 04 40 04 40 04 13 04 13 04 ed 03 ed 03 ca 04 ca 04 e6 03 e6 03 e2 03 e3 03 7b 04 7b 04 54 04 54 04 b5 03 b5 03 06 04 06 04 c4 03 c4 03 08 04 08 04 55 03 55 03 92 03 92 03 98 03 98 03 81 03 81 03 e6 02 e6 02 ee 03 ee 03 c1 02 c1 02 6d 02 6d 02 97 02 97 02 f0 02 f0 02 75 01 75 01 2a Data Ascii: paarr__88[[77QQZZ$$eeAArruu""vv%%))@@{{TTUUmmuu*
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: fe 6c ff 6c ff eb fe eb fe 1a 00 1a 00 1e ff 1e ff 30 00 30 00 b3 ff b3 ff 1d 00 1d 00 5c ff 5c ff 6d 00 6d 00 e2 ff e2 ff 5e 00 5e 00 6a 00 6a 00 5e 00 5e 00 e8 00 e8 00 87 00 87 00 14 01 14 01 9c 00 9c 00 a7 01 a7 01 1b 01 1b 01 be 01 be 01 3c 01 3c 01 0e 02 0e 02 b3 01 b3 01 27 02 27 02 f3 01 f3 01 4e 02 4e 02 0d 02 0d 02 6c 02 6c 02 1f 02 1f 02 96 02 96 02 79 02 79 02 57 02 57 02 b3 02 b3 02 84 02 84 02 ba 02 ba 02 d0 02 d0 02 b3 02 b3 02 c0 02 c0 02 a3 02 a3 02 94 02 94 02 6d 02 6d 02 98 02 98 02 5f 02 5f 02 5d 02 5d 02 8e 02 8e 02 28 02 28 02 99 02 99 02 d1 01 d1 01 7b 02 7b 02 04 02 04 02 0b 02 0b 02 cc 01 cc 01 e3 01 e3 01 bb 01 bb 01 6f 01 6f 01 a8 01 a8 01 2b 01 2b 01 64 01 64 01 c3 00 c3 00 09 01 09 01 a0 00 a0 00 a1 00 a1 00 9c 00 9c 00 27 00 Data Ascii: ll00\\mm^^jj^^<<''NNllyyWWmm__]](({{oo++dd'
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: fd 8e f9 8e f9 92 01 92 01 81 fe 81 fe 0a 02 0a 02 95 fe 95 fe 12 fd 12 fd 19 fe 19 fe ac 02 ac 02 15 ff 15 ff 6c fe 6c fe 4b fe 4b fe a2 03 a2 03 a7 ff a7 ff 84 06 84 06 e1 fd e1 fd 94 fe 94 fe 25 fd 25 fd 4f 02 4f 02 cb 0b cb 0b 3e 03 3e 03 02 f7 02 f7 b4 f9 b4 f9 fd 02 fd 02 00 05 00 05 8d fe 8d fe ba fe ba fe 22 02 22 02 51 f9 51 f9 e8 07 e8 07 ca fc ca fc 7b 00 7b 00 8d fc 8d fc 5d fd 5d fd 1d 03 1d 03 a0 03 a0 03 76 fc 76 fc 82 ff 82 ff 7a 03 7a 03 22 fa 22 fa 40 02 40 02 39 06 39 06 6f fb 6f fb e4 02 e4 02 a7 fa a7 fa 8f 04 8f 04 f4 03 f4 03 f8 02 f8 02 ed fc ed fc 8c 04 8c 04 04 f8 04 f8 a4 04 a4 04 eb fb eb fb de 00 de 00 65 05 65 05 69 fd 69 fd fa 05 fa 05 0b fc 0b fc 66 f9 66 f9 8a 01 8a 01 d2 fe d2 fe bc fe bc fe 69 00 69 00 53 01 53 01 42 02 Data Ascii: llKK%%OO>>""QQ{{]]vvzz""@@99ooeeiiffiiSSB
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 04 60 04 60 04 51 01 51 01 78 ff 78 ff d9 fe d9 fe 8a fd 8a fd 08 04 08 04 ae 03 ae 03 98 01 98 01 79 01 79 01 e7 02 e7 02 49 03 49 03 89 00 89 00 bd 00 bd 00 ad 01 ad 01 71 03 71 03 db fe db fe 77 01 77 01 9f 00 9f 00 c6 02 c6 02 18 03 18 03 fb ff fb ff 2c 00 2c 00 e2 fe e2 fe b9 ff b9 ff 41 01 41 01 f1 01 f1 01 66 ff 66 ff 89 ff 89 ff 91 00 91 00 98 fe 98 fe 7f 00 7f 00 52 ff 52 ff 99 03 99 03 88 fe 88 fe cf fb cf fb 3d fe 3d fe 6d ff 6d ff 3c 02 3c 02 16 ff 16 ff 3f fd 3f fd bb fc bb fc ba fe ba fe f5 ff f5 ff ec ff ec ff 39 00 39 00 33 fe 33 fe f2 fb f2 fb 0a fd 0a fd db fe db fe af ff af ff b7 fc b7 fc 99 fd 9a fd be fc be fc 8e fa 8e fa f5 fd f5 fd 84 fd 84 fd 4b fe 4b fe b5 fb b5 fb d4 fa d4 fa 81 fa 81 fa 21 fb 21 fb 9c fa 9c fa f7 fc f7 fc 39 fb Data Ascii: ``QQxxyyIIqqww,,AAffRR==mm<<??9933KK!!9
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: fc d3 fc d3 fc f2 ff f2 ff c4 04 c4 04 bc 01 bc 01 d1 fd d1 fd 44 fe 44 fe 61 fd 61 fd 7c 02 7c 02 25 01 25 01 9d 00 9d 00 8b 03 8b 03 16 fd 16 fd c6 fa c6 fa 74 fc 74 fc e0 07 e0 07 4e 0b 4e 0b 1b f8 1b f8 bf f4 bf f4 e1 fe e1 fe 0d 09 0d 09 c6 0a c6 0a 65 f6 65 f6 88 fa 88 fa 6a 00 6a 00 c3 03 c3 03 aa 02 aa 02 6e fe 6e fe ea fd ea fd a5 00 a5 00 04 ff 04 ff 6f 01 6f 01 97 fe 97 fe f7 02 f7 02 a8 ff a8 ff 9c ff 9c ff 01 fe 01 fe 52 fd 52 fd 38 02 38 02 b2 02 b2 02 03 00 03 00 19 03 19 03 1a f8 1a f8 1f 00 1f 00 67 03 67 03 93 00 93 00 31 01 31 01 ed fc ed fc 0e ff 0e ff ea 01 ea 01 64 00 64 00 ca 01 ca 01 45 fd 45 fd 42 ff 42 ff a0 02 a0 02 e0 fd e0 fd 1d 01 1d 01 92 fd 92 fd 9b 02 9b 02 0d 01 0d 01 f8 ff f8 ff fb ff fb ff 3a fc 3a fc 08 01 08 01 ba 00 Data Ascii: DDaa\|\|%%ttNNeejjnnooRR88gg11ddEEBB::
2025-01-09 18:15:24 UTC	10749	IN	Data Raw: 00 2c 00 2c 00 ce ff ce ff ec ff ec ff 28 00 28 00 6a 00 6a 00 a9 ff a9 ff ea ff ea ff e2 ff e2 ff d2 ff d2 ff b0 00 b0 00 ce ff ce ff e5 ff e5 ff f8 ff f8 ff a1 ff a1 ff 7b 00 7b 00 59 00 59 00 a5 ff a5 ff d1 ff d1 ff b6 ff b6 ff 50 00 50 00 86 00 86 00 c6 ff c6 ff ec ff ec ff b8 ff b8 ff c9 ff c9 ff 96 00 96 00 1c 00 1c 00 bd ff bd ff df ff df ff 29 00 29 00 00 00 00 00 b3 ff b3 ff 15 00 15 00 2e 00 2e 00 1e 00 1e 00 f3 ff f3 ff d5 ff d5 ff 00 00 00 00 ea ff ea ff 2d 00 2d 00 2e 00 2e 00 ff ff ff ff e2 ff e2 ff 92 ff 92 ff f7 ff f7 ff 8b 00 8b 00 62 00 62 00 01 00 01 00 30 ff 30 ff a6 ff a6 ff 75 00 75 00 89 00 89 00 7a 00 7a 00 81 ff 81 ff 50 ff 50 ff 06 00 06 00 3c 00 3c 00 66 00 66 00 0e 00 0e 00 e0 ff e0 ff dd ff dd ff da ff da ff c8 ff c8 ff 3e 00 Data Ascii: ,,((jj{{YYPP))..--..bb00uuzzPP<<ff>
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: fa ff fa ff 01 00 01 00 0c 00 0c 00 0a 00 0a 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 fa ff fa ff fb ff fb ff fd ff fd ff 02 00 02 00 08 00 08 00 03 00 03 00 f9 ff f9 ff f5 ff f5 ff f9 ff f9 ff ff ff ff ff 01 00 01 00 00 00 00 00 03 00 03 00 05 00 05 00 05 00 05 00 ff ff ff ff fa ff fa ff fc ff fc ff 02 00 02 00 05 00 05 00 00 00 00 00 ff ff ff ff 01 00 01 00 06 00 06 00 06 00 06 00 00 00 00 00 01 00 01 00 00 00 00 00 07 00 07 00 05 00 05 00 00 00 00 00 fb ff fb ff fc ff fc ff 00 00 00 00 00 00 00 00 f9 ff f9 ff fa ff fa ff fe ff fe ff 02 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 01 00 01 00 03 00 03 00 03 00 03 00 00 00 00 00 00 00 00 00 ff ff ff ff fe ff fe ff fc ff fc ff 00 00 00 00 ff ff ff ff ff ff ff ff 04 00 04 Data Ascii:
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49807	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:24 UTC	908	OUT	GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: video Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=0-
2025-01-09 18:15:24 UTC	518	IN	HTTP/1.1 206 Partial Content x-amz-id-2: i49T4E/+BpoxHc1Cu7/rzIoJb2q0TT0UEN/e/D7kuVS8TPMbWQSfzdF8On4pCSlnXcLrjj9KUSs= x-amz-request-id: 9HTT2KHCWGEY1VBC Date: Thu, 09 Jan 2025 18:15:25 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "117b3edc22858d8b022e75c64001cead" x-amz-version-id: _rYO9q6z9cr.70TeaubCza8Kt7dWLH.u Accept-Ranges: bytes Content-Range: bytes 0-330770/330771 Content-Type: video/mp4 Content-Length: 330771 Server: AmazonS3 Connection: close
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 00 00 00 20 66 74 79 70 6d 70 34 32 00 00 02 00 69 73 6f 6d 69 73 6f 32 61 76 63 31 6d 70 34 31 00 00 0b 29 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 d8 62 5d 24 d8 62 5d 24 00 00 03 e8 00 00 14 82 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 18 69 6f 64 73 00 00 00 00 10 80 80 80 07 00 4f ff ff ff fe ff 00 00 0a 2e 74 72 61 6b 00 00 00 5c 74 6b 68 64 00 00 00 03 d8 62 5d 24 d8 62 5d 24 00 00 00 01 00 00 00 00 00 00 14 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 Data Ascii: ftypmp42isomiso2avc1mp41)moovlmvhdb]$b]$@iodsO.trak\tkhdb]$b]$
2025-01-09 18:15:24 UTC	506	IN	Data Raw: d2 06 c2 32 a6 dd 91 62 02 9d 30 eb 8b 80 94 ae 9c 04 1f ac c9 cf 74 40 f1 b4 d5 f9 aa e4 a9 b4 9b fe fa 80 0f 1a d3 55 0c e1 e4 35 94 c4 a7 ee 85 e1 04 81 af 9b 79 e2 b2 10 d0 f6 ba fe 2b dc 8b 07 57 89 35 5d af 8f 7f f5 fd 6a ae 8b f2 f4 90 be b7 15 87 c3 3b 57 d7 e8 0e 64 ee fd 89 d7 d4 38 f6 7f b0 f1 11 75 ff 29 e9 ed fe 6a 56 2a 5b f7 43 57 d3 13 62 ba 82 01 ad c2 05 b5 7c e2 4e 13 d0 c4 a7 77 61 6c c7 e7 b1 73 98 19 e9 40 8c e9 a9 36 e7 fb a0 33 32 90 7f 1c e8 9e 5b e6 c1 bf d0 d5 c7 d3 b8 4c 16 4a aa 52 67 41 03 40 f5 f6 86 b7 35 3c f9 23 2d 14 b4 7e 2f 60 e7 c0 96 47 4e d7 fd 01 3f ea 68 7a be 51 a2 7f 8b e8 e1 93 77 cc 93 7a 94 b7 c8 57 2e 7a 53 94 20 6b c7 c0 81 42 f8 6f 69 b4 f9 db fb 24 b5 80 6b 7e 33 12 50 31 89 7b c5 e2 72 e1 28 5b 5b 7f 5d Data Ascii: 2b0t@U5y+W5]j;Wd8u)jV*[CWb\|Nwals@632[LJRgA@5<#-~/`GN?hzQwzW.zS kBoi$k~3P1{r([[]
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 30 fe 41 62 fa fb 9d e1 1d 5b c5 4e 59 ee db 3b 00 9a 20 ab e0 ab e1 f8 40 80 13 86 71 6e f5 0a 23 d3 43 5d 21 92 56 c9 68 16 37 c8 dc 68 8c 13 02 49 dc 07 3c db 0b 46 bc 9e 7f 2e 63 56 8b af 53 34 00 00 03 00 00 03 00 04 9e 10 21 43 d2 e6 f3 24 26 fe 13 9d 9a f4 0d 89 e7 2d 0e cc a0 c2 6a 4a d9 f3 4d df c8 9c 52 12 43 89 5e 6c 80 4f f2 36 28 6b cf 62 4f 4a a1 45 55 7b 5b ce 80 95 7a 41 60 29 69 2b 55 42 09 ae 56 7c be 1c 8b bc 95 29 7a 91 5d 77 07 cd 2e c8 42 72 cd be 3e dc bc 81 8e 3a 46 bd 0e 7d c3 af 7d 0e 12 cb 8b 7c 7c 23 b9 80 42 e8 09 fa 66 dd b6 ce fe 44 ab fc 25 03 72 a4 e7 3e 5f dd e6 c5 8f b5 4a 73 a3 47 54 1c 03 f4 1b 17 fb 22 7a e8 a8 4b 6e 10 09 ee 63 ee db 40 eb 08 be 56 49 78 79 4e fe e9 f0 e7 33 be bb 72 05 13 dc bd 44 c4 9b be ec b4 4f Data Ascii: 0Ab[NY; @qn#C]!Vh7hI<F.cVS4!C$&-jJMRC^lO6(kbOJEU{[zA`)i+UBV\|)z]w.Br>:F}}\|\|#BfD%r>_JsGT"zKnc@VIxyN3rDO
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: ee 8f 3b fd 2a 20 9f b6 da 9e bc c6 32 d0 9f 0d 6b cd d3 35 65 74 11 cf de 45 8d b5 9f e7 18 30 cf 74 59 cc 10 40 ba 23 c4 71 dc d9 4a 77 96 27 0a 03 53 75 07 9f 92 e7 47 3c f0 38 9b d8 14 c3 41 e0 3f a3 ef c1 aa 12 00 9c d2 b6 e6 4c a3 b6 f8 d0 45 90 3f 28 01 79 36 3b 41 3c 5c 0f 55 00 8e 21 fb 2a c2 42 49 d6 39 01 4b 8a 0d 03 a4 77 dc fb 89 67 64 20 15 68 12 7d 18 bd c7 b2 f2 56 5c 12 1b b8 40 a6 10 11 2b 0b aa 91 16 72 15 32 81 aa bc 83 0a 68 6d 15 b9 61 30 48 62 98 05 5f 68 dc b6 de 9f b3 65 aa 2b fd 26 49 9b 48 bc dd 13 cf 52 66 c0 fd 73 8a 4b 09 f0 91 47 e0 68 31 5e 5b ea 5f b0 eb 6c 0d 06 03 06 e2 b5 40 85 58 3e 36 08 b1 8d a1 bf 64 b8 70 ac 94 ff 65 2d 51 04 2d b9 d5 1b cf d3 b0 d3 53 eb cd 6a 18 0c 9a bb 33 fa c5 85 8e 46 88 fc 43 80 16 6d ca 06 Data Ascii: ;* 2k5etE0tY@#qJw'SuG<8A?LE?(y6;A<\U!*BI9Kwgd h}V\@+r2hma0Hb_he+&IHRfsKGh1^[_l@X>6dpe-Q-Sj3FCm
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: c7 33 7f 23 76 02 c8 a2 a3 bf e9 bc 89 56 cc ff 0e b6 54 4f eb 95 f8 7d 06 da 1f cc 81 6c 9a d7 b1 81 64 fc e0 95 0c 6d bd 24 62 02 54 86 10 2c 85 7b 45 f8 81 c8 4f 95 5a 04 43 e5 e3 af 69 06 e8 b3 43 a1 2a 74 d4 20 61 e6 cf 94 76 36 63 85 8f d5 d4 ae 49 84 b1 42 5a 17 73 02 7c 3e 23 f5 26 f0 f6 20 92 e7 71 50 83 b4 f7 dc 31 ce c6 3c bf 66 28 d6 aa 04 f3 df 5b 9f 26 f8 13 11 c3 ea 2f 3a 3b bd d3 94 59 d6 7d 45 47 f5 87 f3 72 06 5c 1f ec a4 40 89 f6 9a d7 7c 86 ec d1 48 fe 14 60 61 84 20 6a b6 31 be ed 19 76 1e 02 0e 45 62 92 68 19 7c e3 26 e9 40 c9 17 ba 56 41 ee 7d ae 2b 27 e2 a8 ee dd 7c fd 9d 88 e1 f9 39 10 12 f0 d6 29 c7 4a 68 62 e8 b8 f6 21 57 ad 29 99 09 93 32 e2 cd f7 fe ae cb 6a 19 dc 8a 38 04 3c 89 9a 4e 32 39 3e 87 55 8a d4 a3 9b ec 12 a3 b3 7c Data Ascii: 3#vVTO}ldm$bT,{EOZCiC*t av6cIBZs\|>#& qP1<f([&/:;Y}EGr\@\|H`a j1vEbh\|&@VA}+'\|9)Jhb!W)2j8<N29>U\|
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: ae 04 ae b9 3d 82 bc f3 72 46 96 c5 e1 ac e8 67 20 c1 16 9a fb 64 fe f6 a9 ea 5c 64 d7 88 89 37 f5 2a 1d cb e8 37 52 32 84 f6 df e9 1a 36 12 fb 06 b7 7d b2 f3 6f be e8 32 55 e7 1d 4a 90 28 52 fd f9 25 7b d6 dd 98 4d d1 b0 9b 06 8c 31 25 48 2e 0c 71 73 99 4f 18 36 39 c5 c8 f2 48 aa 52 9e e9 db 78 df 79 ff e9 11 68 74 a2 39 e0 c0 d9 72 69 95 3f 12 0c 7d ed 43 b5 13 2c d9 c6 b2 b0 05 9d 1c 9a ca 67 72 1e b4 b8 77 18 20 be de 0a a1 6e 8e e0 f7 33 d5 ab 57 cd 28 80 17 c2 e7 78 dd 6a e0 2a 55 01 f8 c1 97 d5 e2 84 70 6e c1 8b 6a 89 09 7c da d6 24 ff f5 b4 12 58 c4 46 75 d0 7e 47 be d0 54 be fa c1 81 89 b7 96 b3 1d 9c 81 7e 91 f8 d4 b0 e0 a3 08 03 8e 97 20 b5 0e cf 71 19 93 b4 8d 19 d4 c6 4f 37 a4 ed 35 2e f5 e7 74 4e 48 e4 db f2 11 98 63 db 2a db 82 a3 9f 27 77 Data Ascii: =rFg d\d77R26}o2UJ(R%{M1%H.qsO69HRxyht9ri?}C,grw n3W(xjUpnj\|$XFu~GT~ qO75.tNHc*'w
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 17 62 48 92 ff ca 0e 0b f8 0a 88 34 ce 73 70 32 e9 e2 4d 1f cb 7a 53 65 b1 c2 60 6d 0a c4 e9 ba bd 6d ab 44 0c 64 1f 70 33 5b 6a 12 93 5a 90 e0 40 40 e0 02 43 ab 69 ca 90 99 b6 ec 0a d8 18 9c b4 a9 35 1d 61 49 2d c5 8d ee 02 fe 9d ac 71 85 f3 08 03 cd 68 7e e3 80 87 81 00 00 02 c3 01 9e 40 44 4f 00 00 03 00 00 0a 45 25 e9 e9 d1 70 be 36 00 00 03 00 00 03 00 55 2b af fe dc a7 65 0c 54 02 a0 2c 8f b1 ff f2 74 b1 3c 8b a5 60 ae c6 b7 27 04 f1 10 6f 8b 8a 13 f7 c3 66 23 4c 00 d6 b9 7a db 9e 00 0f 57 31 cf f6 d3 55 47 bf e1 08 67 c2 e9 6d 42 2c 6a fd 20 51 d6 58 d7 66 57 a0 54 1a 53 13 b1 1c c1 c3 70 fe d4 b7 70 b0 25 24 3d 4b a4 05 08 ed 16 ae d2 95 18 47 31 72 43 21 ef 19 d0 14 58 7b 9a 71 86 7f 53 e9 cf d5 89 bc b4 c5 b0 e6 a3 0d c4 2d 31 50 61 35 b6 35 fe Data Ascii: bH4sp2MzSe`mmDdp3[jZ@@Ci5aI-qh~@DOE%p6U+eT,t<`'of#LzW1UGgmB,j QXfWTSpp%$=KG1rC!X{qS-1Pa55
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: 13 2a 67 fe 51 f6 ef dd 0d 84 8f d6 6a 1c a9 90 80 73 3b 43 01 10 a6 d2 8a 8b 36 0f b8 84 8d 25 a0 6f 14 08 d1 c7 e3 85 8c c7 ab d1 92 40 f4 83 52 4c 28 e2 f0 f2 2a fa 17 c7 db 63 fb 6e 58 d3 ff 0d ed ff e5 16 60 30 3c d0 b2 56 e5 cc 70 11 92 1d 79 b3 df ae 6c 0a e9 e0 71 af 55 65 56 9f da fa c0 66 06 23 d7 e9 77 31 b7 69 35 2b 28 db b7 fd 7a 22 6b 45 ee 3e 87 bc c2 b0 fb f3 b3 2a 0c b5 cf bd 82 14 bd 35 dd 73 84 44 1f b8 0e e0 09 5a f8 e6 ee 54 d5 ac 3d 17 a4 ef 72 b5 7b e1 8f 3e f0 e8 45 0a 98 8d f3 02 f3 02 6e 7f f2 75 d8 4d fe 7c a6 27 97 39 49 19 4d b6 21 80 9c d0 05 64 ee 8b 2c 8f 5c 89 99 42 28 ba f9 5a 7d c0 e0 c1 bf 72 69 2c e7 da a6 5b 8e 05 97 e6 51 e5 b7 eb 2b ff 65 48 10 53 c6 ba 98 b8 ff c5 06 3a ab ad c0 77 9c 17 d9 54 a9 75 6d 64 2f f4 3c Data Ascii: gQjs;C6%o@RL(cnX`0<VpylqUeVf#w1i5+(z"kE>*5sDZT=r{>EnuM\|'9IM!d,\B(Z}ri,[Q+eHS:wTumd/<
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 18 5a d3 72 b8 fa 74 83 ce 31 de df 6e 6b d9 23 d9 64 7d 94 17 13 c6 d4 60 86 81 b4 90 0b 40 f9 46 55 c2 90 dd d3 47 be a7 ce 6f b2 e2 ed 14 2b 1a e9 14 0f e9 c5 e6 f8 01 ec c5 ea 89 46 5c 6d c8 b1 4f 1f 6f 11 33 d7 f5 4a 2c 87 a6 88 01 70 7e 9f a0 87 05 79 97 e2 1b 09 02 ea 5d f8 02 f5 8e 3b 6f 2a 43 12 3d d9 2d d8 a2 b8 ab 26 7a 06 b3 a7 e4 c6 05 ea 14 98 21 d1 f5 7f b0 56 9e 61 c2 75 10 28 35 de 56 0e 65 6d f7 14 21 7f 3f 7c c7 84 18 3a ca 01 44 13 27 ce 1e 53 a8 ac 2c 0c a8 5e a9 19 33 ab c1 94 84 bf b6 06 3f b2 ab 88 d9 0b f7 be 83 fd 87 f0 f8 88 c2 a0 7b d8 92 59 45 56 da 3d a8 63 01 ea 80 e9 e6 97 66 8e 45 2c 18 3f ac 1c e1 b1 8b 63 3a 1f 75 94 2a 10 ef 7f 98 47 58 17 d2 3b 0b f6 18 b0 36 4c 4f ae 45 30 f2 03 ef 05 08 0e 58 a2 a8 bd ff 6e fd 88 40 Data Ascii: Zrt1nk#d}`@FUGo+F\mOo3J,p~y];oC=-&z!Vau(5Vem!?\|:D'S,^3?{YEV=cfE,?c:uGX;6LOE0Xn@
2025-01-09 18:15:24 UTC	1024	IN	Data Raw: b1 2d 43 c9 be 09 65 55 da c9 aa 79 64 1c 8f b4 9f 5a 2e 32 ea 89 d8 50 4f ae 69 9a 26 aa 7a 8c c6 3d 07 fa 59 0a 59 61 da 7f 9e 7d b4 49 57 22 4e 18 4c 05 da 6d 74 2a d5 be 1f 60 fa f0 ef 12 bb 67 01 d3 68 a2 83 55 eb 1b 9a d1 07 6e 75 14 02 21 0c 05 0e 58 b7 7a 84 ad 24 0a 8e 38 99 30 03 fc 09 83 0a e7 da b6 05 05 ae 08 ce 80 05 55 4c 98 e9 0a 03 71 93 02 fe 1b f3 49 72 59 16 60 5d 66 e1 fa f6 b7 85 a9 4b d8 a1 8a 3e 32 33 f6 d1 3e 0a 53 7d 57 1e 74 de 26 a2 37 e1 46 b4 f7 6c 30 5c fc e3 04 e7 e6 44 c0 b8 90 92 28 e6 91 71 fd b0 c7 6d 8b 67 0d 32 6b 6f e8 0d ec 2f c1 ef e0 62 01 17 6c 37 9c 5c 32 96 2b b9 be 79 cb 8a e0 2c 42 36 c8 dd 85 4a 3f 6e 23 cd 7c bc f0 81 dc fd 03 ab 7a cc 9f e8 36 14 42 55 94 5e c9 60 3c bd 29 35 62 ba a5 15 d2 39 4a 34 57 bf Data Ascii: -CeUydZ.2POi&z=YYa}IW"NLmt*`ghUnu!Xz$80ULqIrY`]fK>23>S}Wt&7Fl0\D(qmg2ko/bl7\2+y,B6J?n#\|z6BU^`<)5b9J4W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49810	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:24 UTC	427	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secured-login.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:24 UTC	279	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:24 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 09 Jan 2025 15:03:31 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-09 18:15:24 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2025-01-09 18:15:24 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2025-01-09 18:15:24 UTC	6056	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 6f 6d 70 6f 6e 65 6e 74 28 6e 75 6c 6c 3d 3d 6e 3f 22 22 3a 6e 29 7d 3b 69 66 28 6e 75 6c 6c 3d 3d 65 29 72 65 74 75 72 6e 22 22 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 7c 7c 65 2e 6a 71 75 65 72 79 26 26 21 63 65 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 65 29 29 63 65 2e 65 61 63 68 28 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 69 28 74 68 69 73 2e 6e 61 6d 65 2c 74 68 69 73 2e 76 61 6c 75 65 29 7d 29 3b 65 6c 73 65 20 66 6f 72 28 6e 20 69 6e 20 65 29 50 74 28 6e 2c 65 5b 6e 5d 2c 74 2c 69 29 3b 72 65 74 75 72 6e 20 72 2e 6a 6f 69 6e 28 22 26 22 29 7d 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 73 65 72 69 61 6c 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 65 2e 70 61 72 61 6d 28 74 68 69 73 2e 73 65 72 69 61 Data Ascii: omponent(null==n?"":n)};if(null==e)return"";if(Array.isArray(e)\|\|e.jquery&&!ce.isPlainObject(e))ce.each(e,function(){i(this.name,this.value)});else for(n in e)Pt(n,e[n],t,i);return r.join("&")},ce.fn.extend({serialize:function(){return ce.param(this.seria
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 69 63 65 3b 56 2e 63 6c 65 61 6e 44 61 74 61 3d 28 6e 3d 56 2e 63 6c 65 61 6e 44 61 74 61 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 2c 69 2c 73 3d 30 3b 6e 75 6c 6c 21 3d 28 69 3d 74 5b 73 5d 29 3b 73 2b 2b 29 28 65 3d 56 2e 5f 64 61 74 61 28 69 2c 22 65 76 65 6e 74 73 22 29 29 26 26 65 2e 72 65 6d 6f 76 65 26 26 56 28 69 29 2e 74 72 69 67 67 65 72 48 61 6e 64 6c 65 72 28 22 72 65 6d 6f 76 65 22 29 3b 6e 28 74 29 7d 29 2c 56 2e 77 69 64 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 69 2c 65 29 7b 76 61 72 20 73 2c 6e 2c 6f 2c 61 3d 7b 7d 2c 72 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 5b 30 5d 2c 6c 3d 72 2b 22 2d 22 2b 28 74 3d 74 2e 73 70 6c 69 74 28 22 2e 22 29 5b 31 5d 29 3b 72 65 74 75 72 6e 20 65 7c 7c 28 65 3d 69 2c 69 3d 56 2e Data Ascii: ice;V.cleanData=(n=V.cleanData,function(t){for(var e,i,s=0;null!=(i=t[s]);s++)(e=V._data(i,"events"))&&e.remove&&V(i).triggerHandler("remove");n(t)}),V.widget=function(t,i,e){var s,n,o,a={},r=t.split(".")[0],l=r+"-"+(t=t.split(".")[1]);return e\|\|(e=i,i=V.
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 74 3d 74 68 69 73 2e 61 74 74 72 28 22 69 64 22 29 29 26 26 28 69 3d 28 69 3d 74 68 69 73 2e 65 71 28 30 29 2e 70 61 72 65 6e 74 73 28 29 2e 6c 61 73 74 28 29 29 2e 61 64 64 28 28 69 2e 6c 65 6e 67 74 68 3f 69 3a 74 68 69 73 29 2e 73 69 62 6c 69 6e 67 73 28 29 29 2c 74 3d 22 6c 61 62 65 6c 5b 66 6f 72 3d 27 22 2b 56 2e 65 73 63 61 70 65 53 65 6c 65 63 74 6f 72 28 74 29 2b 22 27 5d 22 2c 65 3d 65 2e 61 64 64 28 69 2e 66 69 6e 64 28 74 29 2e 61 64 64 42 61 63 6b 28 74 29 29 29 2c 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 65 29 29 3a 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 5b 5d 29 7d 2c 56 2e 66 6e 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 63 73 73 28 22 70 6f 73 69 74 69 6f 6e 22 Data Ascii: t=this.attr("id"))&&(i=(i=this.eq(0).parents().last()).add((i.length?i:this).siblings()),t="label[for='"+V.escapeSelector(t)+"']",e=e.add(i.find(t).addBack(t))),this.pushStack(e)):this.pushStack([])},V.fn.scrollParent=function(t){var e=this.css("position"
2025-01-09 18:15:24 UTC	16384	IN	Data Raw: 74 2e 63 61 6e 63 65 6c 48 65 6c 70 65 72 52 65 6d 6f 76 61 6c 3d 21 30 2c 74 2e 5f 74 72 69 67 67 65 72 28 22 64 65 61 63 74 69 76 61 74 65 22 2c 65 2c 73 29 29 7d 29 7d 2c 64 72 61 67 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6e 29 7b 56 2e 65 61 63 68 28 6e 2e 73 6f 72 74 61 62 6c 65 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 21 31 2c 65 3d 74 68 69 73 3b 65 2e 70 6f 73 69 74 69 6f 6e 41 62 73 3d 6e 2e 70 6f 73 69 74 69 6f 6e 41 62 73 2c 65 2e 68 65 6c 70 65 72 50 72 6f 70 6f 72 74 69 6f 6e 73 3d 6e 2e 68 65 6c 70 65 72 50 72 6f 70 6f 72 74 69 6f 6e 73 2c 65 2e 6f 66 66 73 65 74 2e 63 6c 69 63 6b 3d 6e 2e 6f 66 66 73 65 74 2e 63 6c 69 63 6b 2c 65 2e 5f 69 6e 74 65 72 73 65 63 74 73 57 69 74 68 28 65 2e 63 6f 6e 74 61 69 6e 65 72 43 61 63 Data Ascii: t.cancelHelperRemoval=!0,t._trigger("deactivate",e,s))})},drag:function(i,s,n){V.each(n.sortables,function(){var t=!1,e=this;e.positionAbs=n.positionAbs,e.helperProportions=n.helperProportions,e.offset.click=n.offset.click,e._intersectsWith(e.containerCac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49816	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:25 UTC	950	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=196608-214545 If-Range: "6b207845061b2bf9205c8418d478cc0b"
2025-01-09 18:15:25 UTC	527	IN	HTTP/1.1 206 Partial Content x-amz-id-2: zcnl+DGRneC8Aqa7a76jIcDinXCwqlTOhjZVRmzAUu9ojO+Azo8TNrWZv+0C020elXFzE3D8Gww= x-amz-request-id: G34AKVWE0HXENVKG Date: Thu, 09 Jan 2025 18:15:26 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 196608-214545/214546 Content-Type: audio/vnd.wave Content-Length: 17938 Server: AmazonS3 Connection: close
2025-01-09 18:15:25 UTC	8446	IN	Data Raw: 01 00 04 00 04 00 00 00 00 00 fd ff fd ff fe ff fe ff fb ff fb ff f7 ff f7 ff fc ff fc ff 04 00 04 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 fe ff fe ff fb ff fb ff fc ff fc ff fb ff fb ff 04 00 04 00 fd ff fd ff fd ff fd ff 01 00 01 00 fd ff fd ff fa ff fa ff 01 00 01 00 f7 ff f7 ff fc ff fc ff ff ff ff ff ff ff ff ff 08 00 08 00 05 00 05 00 00 00 00 00 ff ff ff ff 03 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 fd ff fd ff 02 00 02 00 02 00 02 00 08 00 08 00 05 00 05 00 fe ff fe ff 04 00 04 00 01 00 01 00 03 00 03 00 00 00 00 00 08 00 08 00 07 00 07 00 08 00 08 00 06 00 06 00 0b 00 0b 00 03 00 03 00 01 00 01 00 00 00 00 00 ff ff ff ff fd ff fd ff 02 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff fc ff fc ff 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:25 UTC	9000	IN	Data Raw: 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 62 65 78 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 62 77 66 2f 62 65 78 74 2f 31 2e 30 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 63 72 65 61 74 6f 72 41 74 6f 6d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 63 Data Ascii: e/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:bext="http://ns.adobe.com/bwf/bext/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:creatorAtom="http://ns.adobe.com/c
2025-01-09 18:15:25 UTC	492	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49821	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:25 UTC	795	OUT	GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: W/"74133370e122c9bb68f488aaad71134d"
2025-01-09 18:15:25 UTC	772	IN	HTTP/1.1 304 Not Modified Date: Thu, 09 Jan 2025 18:15:25 GMT Content-Length: 0 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"74133370e122c9bb68f488aaad71134d" Cache-Control: max-age=0, private, must-revalidate X-Request-Id: faf4d45d-1b0c-432d-8f32-7cb96e435de6 X-Runtime: 0.033273 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49822	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:25 UTC	648	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Language: en-US,en;q=0.9 Range: bytes=115712-196607 If-Range: "6b207845061b2bf9205c8418d478cc0b"
2025-01-09 18:15:26 UTC	527	IN	HTTP/1.1 206 Partial Content x-amz-id-2: KhsRCncc96Dt2dRr2e3hq8fLD0Wz+L/ehMrZTLAHPEWX2KzDenUwMG2sRX/6QLApSnBVBk/PEWI= x-amz-request-id: NJXS6N7W5VGNFRBH Date: Thu, 09 Jan 2025 18:15:27 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 115712-196607/214546 Content-Type: audio/vnd.wave Content-Length: 80896 Server: AmazonS3 Connection: close
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: c6 fc 86 fc 86 fc 10 fc 10 fc 01 fc 01 fc 3a fc 3a fc 45 fc 45 fc 6d fb 6d fb e2 fa e2 fa e8 fa e8 fa 9d fa 9d fa 41 fa 41 fa 1f fa 1f fa 85 fa 85 fa b2 fa b2 fa e0 fa e0 fa 2b fb 2b fb 47 fb 47 fb 7f fb 7f fb 54 fb 54 fb e6 fa e6 fa f5 fa f5 fa 97 fc 97 fc e3 fd e3 fd fe fd fe fd 8f fd 8f fd 65 fd 65 fd 81 fd 81 fd ac fd ac fd 4e ff 4e ff 98 00 98 00 4c 01 4c 01 b8 01 b8 01 41 01 41 01 7c 00 7c 00 95 01 95 01 c6 04 c6 04 94 05 94 05 50 04 50 04 d3 03 d3 03 c1 04 c1 04 a7 05 a7 05 3e 06 3e 06 3c 07 3c 07 09 08 09 08 b1 07 b1 07 79 07 79 07 96 07 96 07 bf 08 bf 08 f5 08 f5 08 13 08 13 08 55 07 55 07 7b 08 7b 08 e1 08 e1 08 83 07 83 07 2a 06 2a 06 fc 05 fc 05 c8 05 c8 05 6b 05 6b 05 25 05 25 05 0f 05 0f 05 c7 03 c7 03 24 02 24 02 f4 00 f4 00 31 01 31 01 9d Data Ascii: ::EEmmAA++GGTTeeNNLLAA\|\|PP>><<yyUU{{**kk%%$$11
2025-01-09 18:15:26 UTC	497	IN	Data Raw: ff ff fc ff fc ff fc ff fc ff ff ff ff ff 00 00 00 00 fd ff fd ff ff ff ff ff 03 00 03 00 04 00 04 00 00 00 00 00 ff ff ff ff 03 00 03 00 01 00 01 00 fe ff fe ff f9 ff f9 ff fa ff fa ff fe ff fe ff fe ff fe ff fb ff fb ff fc ff fc ff 00 00 00 00 01 00 01 00 00 00 00 00 00 00 00 00 05 00 05 00 08 00 08 00 0a 00 0a 00 0c 00 0c 00 0f 00 0f 00 13 00 13 00 0e 00 0e 00 09 00 09 00 06 00 06 00 06 00 06 00 fe ff fe ff f7 ff f7 ff f6 ff f6 ff f7 ff f7 ff f7 ff f7 ff f9 ff f9 ff fe ff fe ff 03 00 03 00 05 00 05 00 03 00 03 00 05 00 05 00 04 00 04 00 04 00 04 00 fc ff fc ff fb ff fb ff fb ff fb ff fd ff fd ff fb ff fb ff fb ff fb ff 01 00 01 00 05 00 05 00 06 00 06 00 00 00 00 00 01 00 01 00 05 00 05 00 06 00 06 00 fe ff fe ff fc ff fc ff ff ff ff ff 01 00 01 00 fd Data Ascii:
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 00 04 00 04 00 05 00 05 00 0e 00 0e 00 0f 00 0f 00 11 00 11 00 05 00 05 00 02 00 02 00 04 00 04 00 0a 00 0a 00 01 00 01 00 f9 ff f9 ff fa ff fa ff 08 00 08 00 07 00 07 00 f2 ff f2 ff eb ff eb ff f5 ff f5 ff fe ff fe ff e9 ff e9 ff e4 ff e4 ff ee ff ee ff 0a 00 0a 00 0e 00 0e 00 0a 00 0a 00 12 00 12 00 1e 00 1e 00 28 00 28 00 13 00 13 00 ff ff ff ff f0 ff f0 ff f5 ff f5 ff ea ff ea ff d9 ff d9 ff de ff de ff f4 ff f4 ff 05 00 05 00 05 00 05 00 08 00 08 00 1a 00 1a 00 23 00 23 00 1a 00 1a 00 0a 00 0a 00 07 00 07 00 0c 00 0c 00 06 00 06 00 f6 ff f6 ff f8 ff f8 ff 02 00 01 00 02 00 02 00 ee ff ee ff ee ff ee ff fa ff fa ff f6 ff f6 ff e5 ff e5 ff e9 ff e9 ff fb ff fb ff 0c 00 0c 00 00 00 00 00 00 00 00 00 0b 00 0b 00 23 00 23 00 16 00 16 00 07 00 07 00 0a 00 Data Ascii: ((####
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: 05 3d 04 3d 04 63 05 63 05 23 06 23 06 36 09 36 09 40 0c 40 0c be 10 be 10 43 13 43 13 6c 16 6c 16 0d 18 0d 18 97 16 97 16 2b 13 2b 13 b7 0d b7 0d d0 08 d0 08 87 01 87 01 3f fb 3f fb f3 f3 f3 f3 17 f1 17 f1 b1 ee b1 ee ce ef ce ef 8e f1 8e f1 83 f5 83 f5 d7 fa d7 fa 1d 00 1d 00 6d 04 6d 04 92 06 92 06 f6 08 f6 08 b1 07 b1 07 d2 05 d2 05 0c 01 0c 01 34 fe 34 fe 36 fa 36 fa 9d f6 9d f6 a0 f4 a0 f4 3d f4 3d f4 96 f6 96 f6 86 f8 86 f8 e6 fb e6 fb c3 fe c3 fe 39 00 39 00 fc 02 fc 02 bd 01 bd 01 be 01 be 01 23 fd 23 fd 46 fd 46 fd d0 f8 d0 f8 2d f6 2d f6 30 f4 30 f4 8f f4 8f f4 16 f5 16 f5 e3 f5 e3 f5 c7 f9 c7 f9 cc fb cc fb 2a ff 2a ff a1 00 a1 00 88 02 88 02 a4 01 a4 01 63 01 63 01 f0 fe f0 fe 94 fc 94 fc 32 f9 32 f9 8c f7 8c f7 26 f6 26 f6 4a f5 4a f5 8e f5 Data Ascii: ==cc##66@@CCll++??mm4466==99##FF--00**cc22&&JJ
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: f3 43 f6 43 f6 b3 f9 b3 f9 00 00 00 00 4b 02 4b 02 16 05 16 05 11 04 11 04 df 04 df 04 bb 01 bb 01 d0 ff d0 ff 9d fc 9d fc b1 fb b1 fb 07 fa 07 fa 78 fa 78 fa b8 fb b8 fb a6 fe a6 fe bb 00 bb 00 88 02 88 02 b1 02 b1 02 77 02 77 02 98 00 98 00 27 fe 27 fe f9 fa f9 fa 2f f9 2f f9 8d f6 8d f6 1e f5 1e f5 10 f5 10 f5 ab f5 ab f5 4e f8 4e f8 7f f9 7f f9 bd fc bd fc 61 fd 61 fd b8 01 b8 01 41 00 41 00 75 00 75 00 59 fe 59 fe a7 fd a7 fd 14 fc 14 fc 76 fa 76 fa 9d fa 9d fa 47 f9 47 f9 a2 fc a2 fc ea fc ea fc 42 ff 42 ff 12 00 12 00 1a 02 1a 02 05 02 05 02 a7 ff a7 ff 43 fe 43 fe cc fa cc fa d2 f8 d2 f8 97 f5 97 f5 b7 f4 b7 f4 f5 f3 f5 f3 93 f4 93 f4 49 f6 49 f6 71 f7 71 f7 06 fa 06 fa fa fa fa fa 84 fb 84 fb 12 fa 12 fa d2 f8 d2 f8 e6 f7 e6 f7 83 f4 83 f4 3b f3 Data Ascii: CCKKxxww''//NNaaAAuuYYvvGGBBCCIIqq;
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: f8 b6 01 b6 01 af ff af ff 00 fc 00 fc 79 07 79 07 6d fa 6d fa db 04 db 04 1f 01 1f 01 b5 fd b5 fd da 06 da 06 c6 fb c6 fb 09 07 09 07 15 fe 15 fe c1 02 c1 02 d5 02 d5 02 e3 fc e3 fc 51 05 51 05 d9 00 d9 00 05 05 05 05 a9 03 a9 03 7f 04 7f 04 e4 03 e4 03 fb 05 fb 05 0b 03 0b 03 58 03 58 03 ab 09 ab 09 7b ff 7b ff 9f 07 9f 07 a8 00 a8 00 e3 04 e3 04 a5 05 a5 05 0e 01 0e 01 a4 07 a4 07 7a 03 7a 03 99 02 99 02 3e 09 3e 09 00 ff 00 ff 1d 0a 1d 0a 79 ff 78 ff 3b 06 3b 06 8b 01 8b 01 75 03 75 03 2b 01 2b 01 91 00 91 00 e7 03 e7 03 9f fe 9f fe 3d 03 3d 03 25 ff 25 ff 4b 02 4b 02 45 fe 45 fe d7 03 d7 03 a5 fb a5 fb bb 01 bb 01 a6 fe a6 fe 74 ff 74 ff ea fc ea fc 85 fd 85 fd 60 fd 60 fd d3 fd d3 fd ab 03 ab 03 3a fa 3a fa 6f 05 6f 05 6f f6 6f f6 92 03 92 03 de f6 Data Ascii: yymmQQXX{{zz>>yx;;uu++==%%KKEEtt``::oooo
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: fe 33 fe 33 fe 19 f9 19 f9 a0 02 a0 02 67 fa 67 fa f6 fe f6 fe bc fc bc fc 4b fe 4b fe 1c fc 1c fc cb ff cb ff a3 fe a3 fe 45 fd 45 fd cb fa cb fa 96 03 96 03 96 fc 96 fc a5 fc a5 fc 9d 04 9d 04 69 f6 69 f6 99 02 99 02 bb 02 bb 02 27 f6 27 f6 5c 05 5c 05 ae ff ae ff 35 f8 35 f8 52 0a 52 0a 48 fb 48 fb a5 00 a5 00 43 06 43 06 7f fa 7f fa 45 05 45 05 e3 01 e3 01 cb fd cb fd 7e 03 7e 03 54 03 54 03 f3 fe f3 fe a5 02 a5 02 c7 01 c7 01 e1 05 e1 05 67 fd 67 fd e2 06 e2 06 d7 03 d7 03 df fc df fc 2f 08 2f 08 0c 01 0c 01 c7 ff c7 ff b8 08 b8 08 39 fc 39 fc de 03 de 03 40 05 40 05 20 fb 20 fb eb 07 eb 07 4d 00 4d 00 20 00 20 00 95 01 95 01 ac 04 ac 04 cc f9 cb f9 f5 06 f5 06 a0 01 a0 01 d7 fa d7 fa 6d 05 6d 05 28 fe 28 fe 34 fc 35 fc 35 06 35 06 51 fd 51 fd 96 fc Data Ascii: 33ggKKEEii''\\55RRHHCCEE~~TTgg//99@@ MM mm((4555QQ
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: 00 12 00 12 00 cf ff cf ff 7e ff 7e ff 13 ff 13 ff 0d ff 0d ff 83 ff 83 ff 80 ff 80 ff fe fe fe fe a1 fe a1 fe bf fe bf fe 50 ff 4f ff e6 ff e6 ff 47 00 47 00 94 00 94 00 48 00 48 00 87 ff 87 ff b0 fe b0 fe 2e fe 2e fe 69 fe 69 fe 91 ff 91 ff cc 00 cc 00 a2 01 a2 01 7f 01 7f 01 bf 00 bf 00 9d ff 9d ff 5e fe 5e fe bd fd bd fd 46 fe 46 fe 8d ff 8d ff b3 00 b3 00 61 01 61 01 03 01 03 01 0e 00 0e 00 b0 fe b0 fe 91 fd 91 fd 66 fd 66 fd 02 fe 02 fe 29 ff 29 ff 70 00 70 00 fd 00 fd 00 d0 00 d0 00 30 00 30 00 3f ff 3f ff a8 fe a8 fe 78 fe 78 fe e5 fe e5 fe f5 ff f5 ff 99 00 99 00 f3 00 f3 00 12 01 12 01 a1 00 a1 00 2a 00 2a 00 eb ff eb ff 18 00 18 00 d2 00 d2 00 b8 01 b8 01 97 02 97 02 9f 03 9f 03 55 04 55 04 a7 04 a7 04 9a 04 9a 04 13 04 13 04 9c 03 9c 03 58 03 Data Ascii: ~~POGGHH..ii^^FFaaff))pp00??xx**UUX
2025-01-09 18:15:26 UTC	2341	IN	Data Raw: fe b4 fe b4 fe 7d ff 7d ff ab 00 ab 00 a8 01 a8 01 17 02 17 02 d9 01 d9 01 39 01 39 01 7e 00 7e 00 c4 ff c4 ff 59 ff 59 ff 6d ff 6d ff b6 ff b6 ff 1c 00 1c 00 7f 00 7f 00 a9 00 a9 00 7f 00 7f 00 37 00 37 00 d7 ff d7 ff 6a ff 6a ff ea fe ea fe 87 fe 87 fe 6c fe 6c fe 6e fe 6e fe 81 fe 81 fe c9 fe c9 fe 2b ff 2b ff 78 ff 78 ff 8f ff 8f ff 61 ff 61 ff ec fe ec fe 85 fe 85 fe 3d fe 3d fe 25 fe 25 fe 64 fe 64 fe fe fe fe fe 9c ff 9c ff 25 00 25 00 4c 00 4c 00 42 00 42 00 05 00 05 00 55 ff 55 ff ef fe ef fe 65 fe 65 fe 6c fe 6c fe 97 fe 97 fe d7 fe d7 fe 09 ff 09 ff 1c ff 1c ff 14 ff 14 ff e5 fe e5 fe 7e fe 7e fe 08 fe 08 fe 9e fd 9e fd 89 fd 89 fd c2 fd c2 fd 28 fe 28 fe 88 fe 88 fe eb fe eb fe 3b ff 3b ff 5d ff 5d ff 3e ff 3e ff 02 ff 02 ff f4 fe f4 fe f5 fe Data Ascii: }}99~~YYmm77jjllnn++xxaa==%%dd%%LLBBUUeell~~((;;...>
2025-01-09 18:15:26 UTC	9450	IN	Data Raw: a7 ff a7 ff c1 ff c1 ff 92 ff 92 ff d0 fe d0 fe f8 fd f8 fd de fc de fc 90 fc 90 fc c4 fc c4 fc 02 fe 02 fe 88 ff 88 ff 89 01 89 01 d2 02 d2 02 56 03 56 03 7c 02 7c 02 e5 00 e5 00 fb fe fb fe b6 fd b6 fd 8e fd 8e fd 9a fe 9a fe 8c 00 8c 00 c6 02 c6 02 93 04 93 04 99 05 99 05 1b 05 1b 05 7b 03 7b 03 53 01 53 01 c8 ff c8 ff e9 fe e9 fe f0 fe f0 fe 84 ff 84 ff 55 00 55 00 7a 00 7a 00 bd ff bd ff 13 fe 13 fe 3e fc 3e fc b9 fa b9 fa 05 fa 05 fa 30 fa 30 fa d0 fb d0 fb 5b fe 5b fe 47 01 47 01 7b 03 7b 03 c7 04 c7 04 7d 04 7d 04 3c 03 3c 03 fd 00 fd 00 88 fe 88 fe ba fc ba fc 47 fc 47 fc 65 fd 65 fd 76 ff 76 ff a4 01 a4 01 3e 03 3e 03 2d 04 2d 04 4d 03 4d 03 0d 01 0d 01 67 fe 67 fe 8e fc 8e fc 80 fb 80 fb ef fb ef fb 24 fd 24 fd 41 ff 41 ff e2 00 e2 00 32 02 32 Data Ascii: VV\|\|{{SSUUzz>>00[[GG{{}}<<GGeevv>>--MMgg$$AA22

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49823	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:26 UTC	897	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=32768-
2025-01-09 18:15:26 UTC	527	IN	HTTP/1.1 206 Partial Content x-amz-id-2: 7qXtOpuL8xpJi0zvV7Nxnt+07tcM4pxqke/wF4zgx0kOYLMXI2b3e4zwDmF/tkvX43AvMyD98Cs= x-amz-request-id: NJXH61YPAKB425AC Date: Thu, 09 Jan 2025 18:15:27 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 32768-214545/214546 Content-Type: audio/vnd.wave Content-Length: 181778 Server: AmazonS3 Connection: close
2025-01-09 18:15:26 UTC	8446	IN	Data Raw: 81 fa 4f 05 4f 05 62 fb 62 fb 11 03 11 03 7e 00 7e 00 75 00 75 00 d2 02 d2 02 9a 00 9a 00 47 fd 47 fd 1d 02 1d 02 a9 ff a9 ff 14 fb 14 fb a2 ff a2 ff 3e 01 3e 01 00 00 00 00 29 fd 29 fd 5d 03 5d 03 52 ff 52 ff c0 00 c0 00 ad 03 ad 03 33 ff 33 ff 82 00 82 00 aa ff aa ff 8c fd 8c fd 3e 01 3e 01 a3 03 a3 03 ce fa ce fa fb ff fb ff 85 ff 85 ff 9c 01 9c 01 56 fe 56 fe b6 01 b6 01 d5 00 d5 00 f6 fd f6 fd 65 01 65 01 be 01 be 01 ff fd ff fd 27 fe 27 fe a2 03 a2 03 34 f8 34 f8 38 06 38 06 5a 02 5a 02 4e fd 4e fd 0e 04 0e 04 db f9 db f9 d1 05 d1 05 09 fb 09 fb 37 04 37 04 00 05 00 05 bd f7 bd f7 c8 08 c8 08 9e f8 9e f8 80 04 80 04 97 fd 97 fd 4c 03 4c 03 a7 f3 a7 f3 a0 0b a0 0b 79 fb 79 fb ef 00 ef 00 ab 01 ab 01 40 03 40 03 4b 04 4b 04 19 ff 19 ff d2 f6 d2 f6 d0 Data Ascii: OObb~~uuGG>>))]]RR33>>VVee''4488ZZNN77LLyy@@KK
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: bf ff bf ff 80 00 80 00 2a 00 2a 00 97 ff 97 ff 71 ff 71 ff e4 ff e4 ff 36 00 36 00 ae 00 ae 00 a8 ff a8 ff 5b ff 5b ff b2 ff b2 ff 43 00 43 00 16 01 16 01 45 00 45 00 36 00 36 00 5e ff 5e ff 50 ff 50 ff 5f 00 5f 00 44 01 44 01 e0 01 e0 01 91 ff 91 ff 15 fe 15 fe 61 fe 61 fe b1 00 b1 00 bb 01 bb 01 c3 00 c3 00 7f fe 7f fe b8 fd b8 fd e5 fe e5 fe fe 00 fe 00 6e 01 6e 01 ba ff ba ff e1 fe e1 fe ea fe ea fe a0 ff a0 ff e6 ff e6 ff b3 ff b3 ff 4e 00 4e 00 9b ff 9b ff 9a ff 9a ff 4a 00 4a 00 a9 01 a9 01 dd 00 dd 00 e4 fe e4 fe f8 fd f8 fd 62 ff 62 ff 8d 01 8d 01 9a 02 9a 02 39 01 39 01 43 fe 43 fe 53 fd 53 fd b6 fe b6 fe 6e 01 6e 01 8c 02 8c 02 f1 00 f1 00 24 ff 24 ff c8 fd c8 fd af fe af fe 4a 00 4a 00 31 01 31 01 3d 00 3d 00 3c ff 3c ff 79 ff 79 ff 5d 00 5d Data Ascii: **qq66[[CCEE66^^PP__DDaannNNJJbb99CCSSnn$$JJ11==<<yy]]
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: fc ff fc ff 00 00 00 00 fe ff fe ff 08 00 08 00 fe ff fe ff fc ff fc ff fe ff fe ff 06 00 06 00 00 00 00 00 ff ff ff ff 01 00 01 00 fb ff fb ff 05 00 05 00 00 00 00 00 03 00 03 00 ff ff ff ff 00 00 00 00 fb ff fb ff 03 00 03 00 fd ff fd ff fd ff fd ff ff ff ff ff 03 00 03 00 00 00 00 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 02 00 02 00 05 00 05 00 f9 ff f9 ff 00 00 00 00 fe ff fe ff 04 00 04 00 01 00 01 00 01 00 01 00 fd ff fd ff fd ff fd ff ff ff ff ff 01 00 01 00 00 00 00 00 02 00 02 00 02 00 02 00 fc ff fc ff 00 00 00 00 ff ff ff ff 00 00 00 00 fd ff fd ff 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff 01 00 01 00 fc ff fc ff ff ff ff ff 04 00 04 00 00 00 00 00 00 00 00 00 02 00 02 00 01 00 01 00 fe ff fe ff ff ff ff ff fe ff fe Data Ascii:
2025-01-09 18:15:26 UTC	592	IN	Data Raw: fb ff fb ff fe ff fe ff fc ff fc ff 00 00 00 00 00 00 00 00 04 00 04 00 09 00 09 00 0b 00 0b 00 04 00 04 00 fe ff fe ff fc ff fc ff fb ff fb ff fd ff fd ff fa ff fa ff fe ff fe ff 05 00 05 00 05 00 05 00 05 00 05 00 01 00 01 00 00 00 00 00 ff ff ff ff ff ff ff ff fb ff fb ff ff ff ff ff fe ff fe ff 00 00 00 00 00 00 00 00 fa ff fa ff 01 00 01 00 00 00 00 00 f8 ff f8 ff f9 ff f9 ff fe ff fe ff ff ff ff ff 00 00 00 00 03 00 03 00 03 00 03 00 05 00 05 00 04 00 04 00 ff ff ff ff fe ff fe ff f9 ff f9 ff fd ff fd ff 01 00 01 00 04 00 04 00 03 00 03 00 04 00 04 00 05 00 05 00 02 00 02 00 01 00 01 00 fe ff fe ff fc ff fc ff 02 00 02 00 05 00 05 00 07 00 07 00 00 00 00 00 01 00 01 00 fd ff fd ff f9 ff f9 ff fa ff fa ff fd ff fd ff ff ff ff ff 02 00 02 00 02 00 02 Data Ascii:
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 0d 00 0d 00 03 00 03 00 f8 ff f8 ff fa ff fa ff 02 00 02 00 01 00 01 00 fc ff fc ff fd ff fd ff 01 00 01 00 fd ff fd ff f6 ff f6 ff fd ff fd ff 03 00 03 00 06 00 06 00 fe ff fe ff f5 ff f5 ff f4 ff f4 ff fa ff fa ff fe ff fe ff f8 ff f8 ff fd ff fd ff 05 00 05 00 0a 00 0a 00 06 00 06 00 04 00 04 00 0b 00 0b 00 06 00 06 00 00 00 00 00 f9 ff f9 ff f9 ff f9 ff fc ff fc ff fd ff fd ff fb ff fb ff 00 00 00 00 0a 00 0a 00 13 00 13 00 09 00 09 00 ff ff ff ff f8 ff f8 ff f8 ff f8 ff fd ff fd ff 00 00 00 00 fd ff fd ff 04 00 04 00 0c 00 0c 00 0b 00 0b 00 00 00 00 00 f1 ff f1 ff ec ff ec ff f5 ff f5 ff 04 00 04 00 04 00 04 00 07 00 07 00 0f 00 0f 00 11 00 11 00 0b 00 0b 00 fe ff fe ff f1 ff f1 ff f3 ff f3 ff f9 ff f9 ff 00 00 00 00 01 00 01 00 01 00 01 00 ff ff ff Data Ascii:
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: 29 fe 29 fe 26 fd 26 fd 1f fc 1f fc ff fb ff fb a5 fb a5 fb 40 fc 40 fc da f7 da f7 5b f3 5b f3 55 ec 55 ec 92 e5 92 e5 29 e6 29 e6 4f eb 4f eb a4 f8 a4 f8 99 00 99 00 b6 03 b6 03 ca 03 ca 03 e7 fa e7 fa ff f4 ff f4 30 e9 30 e9 9d e5 9d e5 85 e2 85 e2 b5 e1 b5 e1 e6 e2 e6 e2 d6 dd d6 dd 3b d7 3b d7 b5 bf b5 bf 69 b2 69 b2 7d f1 7d f1 e7 2c e7 2c 6a 55 6a 55 75 49 75 49 6b 39 6b 39 51 32 51 32 aa 0d aa 0d 44 eb 44 eb 81 d7 81 d7 8d f0 8d f0 b9 f6 b9 f6 f9 ea f9 ea 3c f3 3c f3 d9 09 d9 09 e2 1d e2 1d 5f 07 5f 07 da f1 da f1 a8 e2 a8 e2 68 d0 68 d0 0b c7 0b c7 16 df 16 df 83 1f 83 1f 22 4e 22 4e c9 5d c9 5d f9 54 f9 54 2d 3e 2d 3e fb 1d fb 1d 95 fa 95 fa c0 eb c0 eb 84 e6 84 e6 f7 ea f7 ea 9a f7 9a f7 75 08 75 08 1a 16 1a 16 64 17 64 17 a7 13 a7 13 ac fe ac Data Ascii: ))&&@@[[UU))OO00;;ii}},,jUjUuIuIk9k9Q2Q2DD<<__hh"N"N]]TT->->uudd

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49825	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:26 UTC	591	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Language: en-US,en;q=0.9 Range: bytes=0-
2025-01-09 18:15:26 UTC	523	IN	HTTP/1.1 206 Partial Content x-amz-id-2: //rHaYmLFzyn89TzAY5ufs4Jq/j+YLTU74VqfGfG+x3vEk0phc9xZZZBL5lw+QqeBN2gzzeCa6o= x-amz-request-id: NJXJJVA8FXVKV148 Date: Thu, 09 Jan 2025 18:15:27 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 0-214545/214546 Content-Type: audio/vnd.wave Content-Length: 214546 Server: AmazonS3 Connection: close
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 52 49 46 46 0a 46 03 00 57 41 56 45 66 6d 74 20 12 00 00 00 01 00 02 00 80 3e 00 00 00 fa 00 00 04 00 10 00 00 00 64 61 74 61 00 16 03 00 41 00 41 00 4c 00 4c 00 b5 ff b5 ff 41 00 41 00 c5 ff c5 ff 38 00 38 00 d9 ff d9 ff 25 00 25 00 d8 ff d8 ff 21 00 21 00 e9 ff e9 ff 2a 00 2a 00 fd ff fd ff 20 00 20 00 e8 ff e8 ff 04 00 04 00 e1 ff e1 ff 05 00 05 00 ef ff ef ff 0a 00 0a 00 f5 ff f5 ff 0a 00 0a 00 fd ff fd ff 10 00 10 00 fa ff fa ff 03 00 03 00 fd ff fd ff 04 00 04 00 ff ff ff ff 05 00 05 00 fb ff fb ff fd ff fd ff f6 ff f6 ff fc ff fb ff fe ff fe ff 06 00 06 00 00 00 00 00 fd ff fd ff fc ff fc ff 06 00 06 00 09 00 09 00 09 00 09 00 03 00 03 00 fd ff fd ff fe ff fe ff 00 00 00 00 fd ff fd ff fb ff fb ff fd ff fd ff 00 00 00 00 01 00 01 00 00 00 00 00 02 Data Ascii: RIFFFWAVEfmt >dataAALLAA88%%!!**
2025-01-09 18:15:26 UTC	501	IN	Data Raw: 70 fd eb fd eb fd be fd be fd ea fd ea fd c8 fd c8 fd 61 fe 61 fe 72 fe 72 fe 8c fe 8c fe 5f fe 5f fe c3 fe c3 fe b2 fe b2 fe 0e ff 0e ff 0a ff 0a ff 38 ff 38 ff 5b ff 5b ff a7 ff a7 ff c0 ff c0 ff d3 ff d3 ff 37 00 37 00 51 00 51 00 5a 00 5a 00 99 00 99 00 f7 00 f7 00 24 01 24 01 65 01 65 01 98 01 98 01 f7 01 f7 01 41 02 41 02 72 02 72 02 a9 02 a9 02 af 02 af 02 f2 02 f2 02 03 03 03 03 75 03 75 03 22 03 22 03 90 03 90 03 c8 03 c8 03 76 03 76 03 25 04 25 04 f2 03 f2 03 29 04 29 04 40 04 40 04 13 04 13 04 ed 03 ed 03 ca 04 ca 04 e6 03 e6 03 e2 03 e3 03 7b 04 7b 04 54 04 54 04 b5 03 b5 03 06 04 06 04 c4 03 c4 03 08 04 08 04 55 03 55 03 92 03 92 03 98 03 98 03 81 03 81 03 e6 02 e6 02 ee 03 ee 03 c1 02 c1 02 6d 02 6d 02 97 02 97 02 f0 02 f0 02 75 01 75 01 2a Data Ascii: paarr__88[[77QQZZ$$eeAArruu""vv%%))@@{{TTUUmmuu*
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: fe 6c ff 6c ff eb fe eb fe 1a 00 1a 00 1e ff 1e ff 30 00 30 00 b3 ff b3 ff 1d 00 1d 00 5c ff 5c ff 6d 00 6d 00 e2 ff e2 ff 5e 00 5e 00 6a 00 6a 00 5e 00 5e 00 e8 00 e8 00 87 00 87 00 14 01 14 01 9c 00 9c 00 a7 01 a7 01 1b 01 1b 01 be 01 be 01 3c 01 3c 01 0e 02 0e 02 b3 01 b3 01 27 02 27 02 f3 01 f3 01 4e 02 4e 02 0d 02 0d 02 6c 02 6c 02 1f 02 1f 02 96 02 96 02 79 02 79 02 57 02 57 02 b3 02 b3 02 84 02 84 02 ba 02 ba 02 d0 02 d0 02 b3 02 b3 02 c0 02 c0 02 a3 02 a3 02 94 02 94 02 6d 02 6d 02 98 02 98 02 5f 02 5f 02 5d 02 5d 02 8e 02 8e 02 28 02 28 02 99 02 99 02 d1 01 d1 01 7b 02 7b 02 04 02 04 02 0b 02 0b 02 cc 01 cc 01 e3 01 e3 01 bb 01 bb 01 6f 01 6f 01 a8 01 a8 01 2b 01 2b 01 64 01 64 01 c3 00 c3 00 09 01 09 01 a0 00 a0 00 a1 00 a1 00 9c 00 9c 00 27 00 Data Ascii: ll00\\mm^^jj^^<<''NNllyyWWmm__]](({{oo++dd'
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: fd 8e f9 8e f9 92 01 92 01 81 fe 81 fe 0a 02 0a 02 95 fe 95 fe 12 fd 12 fd 19 fe 19 fe ac 02 ac 02 15 ff 15 ff 6c fe 6c fe 4b fe 4b fe a2 03 a2 03 a7 ff a7 ff 84 06 84 06 e1 fd e1 fd 94 fe 94 fe 25 fd 25 fd 4f 02 4f 02 cb 0b cb 0b 3e 03 3e 03 02 f7 02 f7 b4 f9 b4 f9 fd 02 fd 02 00 05 00 05 8d fe 8d fe ba fe ba fe 22 02 22 02 51 f9 51 f9 e8 07 e8 07 ca fc ca fc 7b 00 7b 00 8d fc 8d fc 5d fd 5d fd 1d 03 1d 03 a0 03 a0 03 76 fc 76 fc 82 ff 82 ff 7a 03 7a 03 22 fa 22 fa 40 02 40 02 39 06 39 06 6f fb 6f fb e4 02 e4 02 a7 fa a7 fa 8f 04 8f 04 f4 03 f4 03 f8 02 f8 02 ed fc ed fc 8c 04 8c 04 04 f8 04 f8 a4 04 a4 04 eb fb eb fb de 00 de 00 65 05 65 05 69 fd 69 fd fa 05 fa 05 0b fc 0b fc 66 f9 66 f9 8a 01 8a 01 d2 fe d2 fe bc fe bc fe 69 00 69 00 53 01 53 01 42 02 Data Ascii: llKK%%OO>>""QQ{{]]vvzz""@@99ooeeiiffiiSSB
2025-01-09 18:15:26 UTC	16384	IN	Data Raw: 04 60 04 60 04 51 01 51 01 78 ff 78 ff d9 fe d9 fe 8a fd 8a fd 08 04 08 04 ae 03 ae 03 98 01 98 01 79 01 79 01 e7 02 e7 02 49 03 49 03 89 00 89 00 bd 00 bd 00 ad 01 ad 01 71 03 71 03 db fe db fe 77 01 77 01 9f 00 9f 00 c6 02 c6 02 18 03 18 03 fb ff fb ff 2c 00 2c 00 e2 fe e2 fe b9 ff b9 ff 41 01 41 01 f1 01 f1 01 66 ff 66 ff 89 ff 89 ff 91 00 91 00 98 fe 98 fe 7f 00 7f 00 52 ff 52 ff 99 03 99 03 88 fe 88 fe cf fb cf fb 3d fe 3d fe 6d ff 6d ff 3c 02 3c 02 16 ff 16 ff 3f fd 3f fd bb fc bb fc ba fe ba fe f5 ff f5 ff ec ff ec ff 39 00 39 00 33 fe 33 fe f2 fb f2 fb 0a fd 0a fd db fe db fe af ff af ff b7 fc b7 fc 99 fd 9a fd be fc be fc 8e fa 8e fa f5 fd f5 fd 84 fd 84 fd 4b fe 4b fe b5 fb b5 fb d4 fa d4 fa 81 fa 81 fa 21 fb 21 fb 9c fa 9c fa f7 fc f7 fc 39 fb Data Ascii: ``QQxxyyIIqqww,,AAffRR==mm<<??9933KK!!9
2025-01-09 18:15:26 UTC	1024	IN	Data Raw: fc d3 fc d3 fc f2 ff f2 ff c4 04 c4 04 bc 01 bc 01 d1 fd d1 fd 44 fe 44 fe 61 fd 61 fd 7c 02 7c 02 25 01 25 01 9d 00 9d 00 8b 03 8b 03 16 fd 16 fd c6 fa c6 fa 74 fc 74 fc e0 07 e0 07 4e 0b 4e 0b 1b f8 1b f8 bf f4 bf f4 e1 fe e1 fe 0d 09 0d 09 c6 0a c6 0a 65 f6 65 f6 88 fa 88 fa 6a 00 6a 00 c3 03 c3 03 aa 02 aa 02 6e fe 6e fe ea fd ea fd a5 00 a5 00 04 ff 04 ff 6f 01 6f 01 97 fe 97 fe f7 02 f7 02 a8 ff a8 ff 9c ff 9c ff 01 fe 01 fe 52 fd 52 fd 38 02 38 02 b2 02 b2 02 03 00 03 00 19 03 19 03 1a f8 1a f8 1f 00 1f 00 67 03 67 03 93 00 93 00 31 01 31 01 ed fc ed fc 0e ff 0e ff ea 01 ea 01 64 00 64 00 ca 01 ca 01 45 fd 45 fd 42 ff 42 ff a0 02 a0 02 e0 fd e0 fd 1d 01 1d 01 92 fd 92 fd 9b 02 9b 02 0d 01 0d 01 f8 ff f8 ff fb ff fb ff 3a fc 3a fc 08 01 08 01 ba 00 Data Ascii: DDaa\|\|%%ttNNeejjnnooRR88gg11ddEEBB::

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49830	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:26 UTC	648	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Language: en-US,en;q=0.9 Range: bytes=214016-214545 If-Range: "6b207845061b2bf9205c8418d478cc0b"
2025-01-09 18:15:27 UTC	525	IN	HTTP/1.1 206 Partial Content x-amz-id-2: MNARBlMtOik8sk5L9Lw+bBYkhZjarw3BjypkEQdISJpbkV2E2h8w/mta5sXU2uSzsCRZK0ayz78= x-amz-request-id: NJXKA17Q4M84GGV6 Date: Thu, 09 Jan 2025 18:15:27 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 214016-214545/214546 Content-Type: audio/vnd.wave Content-Length: 530 Server: AmazonS3 Connection: close
2025-01-09 18:15:27 UTC	530	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49832	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:27 UTC	648	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Language: en-US,en;q=0.9 Range: bytes=196608-214545 If-Range: "6b207845061b2bf9205c8418d478cc0b"
2025-01-09 18:15:27 UTC	527	IN	HTTP/1.1 206 Partial Content x-amz-id-2: u9fa3bQzHYArmRxRnVzbncYrl7m79uSjj1c0Sla53xydLgPqM+7JF+L8ll1y/0zmGP1JvfsL+Gw= x-amz-request-id: T516GNBCJPE3W35H Date: Thu, 09 Jan 2025 18:15:28 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 196608-214545/214546 Content-Type: audio/vnd.wave Content-Length: 17938 Server: AmazonS3 Connection: close
2025-01-09 18:15:27 UTC	8446	IN	Data Raw: 01 00 04 00 04 00 00 00 00 00 fd ff fd ff fe ff fe ff fb ff fb ff f7 ff f7 ff fc ff fc ff 04 00 04 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 fe ff fe ff fb ff fb ff fc ff fc ff fb ff fb ff 04 00 04 00 fd ff fd ff fd ff fd ff 01 00 01 00 fd ff fd ff fa ff fa ff 01 00 01 00 f7 ff f7 ff fc ff fc ff ff ff ff ff ff ff ff ff 08 00 08 00 05 00 05 00 00 00 00 00 ff ff ff ff 03 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 fd ff fd ff 02 00 02 00 02 00 02 00 08 00 08 00 05 00 05 00 fe ff fe ff 04 00 04 00 01 00 01 00 03 00 03 00 00 00 00 00 08 00 08 00 07 00 07 00 08 00 08 00 06 00 06 00 0b 00 0b 00 03 00 03 00 01 00 01 00 00 00 00 00 ff ff ff ff fd ff fd ff 02 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff fc ff fc ff 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:27 UTC	9492	IN	Data Raw: 65 2f 52 65 73 6f 75 72 63 65 45 76 65 6e 74 23 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 62 65 78 74 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 62 77 66 2f 62 65 78 74 2f 31 2e 30 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 6e 73 3a 63 72 65 61 74 6f 72 41 74 6f 6d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 63 Data Ascii: e/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:bext="http://ns.adobe.com/bwf/bext/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:creatorAtom="http://ns.adobe.com/c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49840	54.231.227.161	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:28 UTC	647	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3 Accept-Language: en-US,en;q=0.9 Range: bytes=50176-196607 If-Range: "6b207845061b2bf9205c8418d478cc0b"
2025-01-09 18:15:28 UTC	527	IN	HTTP/1.1 206 Partial Content x-amz-id-2: 03BoXmaLq91nc1v7YJNY88Sk4qaeZr01i0WFKxUDdqgZMIoTEihFu/1k7xf6wOg1Rg8NeiYmpig= x-amz-request-id: CS5PC74KGWPMV0X3 Date: Thu, 09 Jan 2025 18:15:29 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 50176-196607/214546 Content-Type: audio/vnd.wave Content-Length: 146432 Server: AmazonS3 Connection: close
2025-01-09 18:15:28 UTC	16384	IN	Data Raw: 78 eb 9f f3 9f f3 e7 18 e7 18 e6 0f e6 0f 62 f8 62 f8 fc e6 fc e6 13 fb 13 fb 50 13 50 13 76 0b 76 0b 77 fb 77 fb 57 fc 57 fc ab f0 ab f0 9d 02 9d 02 4b 06 4b 06 ef 0a f0 0a ad 04 ad 04 94 f3 94 f3 97 f2 97 f2 91 ff 91 ff 6d 12 6d 12 2f 0b 2f 0b a0 f1 a0 f1 2f f1 2f f1 ac 05 ac 05 6a 0b 6a 0b 72 03 72 03 59 f7 59 f7 e9 fc e9 fc 17 ff 17 ff 95 07 95 07 26 03 26 03 52 fc 52 fc 7e ff 7e ff 06 f6 06 f6 a4 05 a4 05 23 08 23 08 82 fc 82 fc 4a 00 4a 00 17 f6 17 f6 18 02 18 02 a3 09 a3 09 5e 02 5e 02 99 fb 99 fb 51 f9 51 f9 04 f7 04 f7 46 0d 46 0d 77 0a 77 0a 8b 00 8b 00 d7 f4 d7 f4 a5 f4 a5 f4 de 04 de 04 a4 0b a4 0b 42 05 42 05 32 f6 32 f6 26 f9 26 f9 70 fe 70 fe 02 0e 02 0e 49 fd 49 fd a5 fd a5 fd f2 fb f2 fb 13 00 13 00 3e 07 3e 07 ce 03 ce 03 36 f5 36 f5 7b Data Ascii: xbbPPvvwwWWKKmm////jjrrYY&&RR~~##JJ^^QQFFwwBB22&&ppII>>66{
2025-01-09 18:15:28 UTC	497	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 ff ff ff ff fe ff fe ff fe ff fe ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:28 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:28 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:28 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-09 18:15:28 UTC	1024	IN	Data Raw: f7 30 f9 30 f9 ba f6 ba f6 5c f6 5c f6 13 f8 13 f8 56 fa 56 fa 23 f9 23 f9 bd f7 bd f7 f1 f6 f1 f6 0a f9 0a f9 b2 f6 b2 f6 36 f6 36 f6 2a f7 2a f7 ac f8 ac f8 48 fa 48 fa 2f f9 2f f9 3e fb 3e fb 41 f9 41 f9 2d f9 2d f9 af f8 af f8 ca fa ca fa bb f9 bb f9 b8 fa b8 fa 20 fd 20 fd c3 fd c3 fd 05 fd 05 fd 4d fa 4d fa 28 fb 28 fb ff fb ff fb eb fc eb fc 5e fc 5e fc 22 fd 22 fd ee fd ee fd bc fd bc fd 26 fc 26 fc ff fc ff fc ee fd ee fd 6b ff 6b ff f7 ff f7 ff 39 03 39 03 1a 06 1a 06 43 07 43 07 f1 04 f1 04 d4 03 d4 03 80 05 80 05 b2 07 b2 07 d8 07 d8 07 20 08 20 08 1a 0b 1a 0b d1 0d d1 0d bf 0d bf 0d ab 0c ab 0c ad 0f ad 0f c5 13 c5 13 af 14 af 14 6f 12 6f 12 6d 12 6d 12 16 13 16 13 c8 11 c8 11 43 0e 43 0e bb 0f bb 0f 0d 13 0d 13 df 13 df 13 c2 10 c2 10 37 0f Data Ascii: 00\\VV##66**HH//>>AA-- MM((^^""&&kk99CC oommCC7
2025-01-09 18:15:28 UTC	16384	IN	Data Raw: f9 0c f8 0c f8 fa f7 fa f7 18 f7 18 f7 d0 f8 d0 f8 94 f8 94 f8 ea f8 e9 f8 92 f7 92 f7 68 f9 68 f9 be f9 be f9 69 f9 69 f9 05 f8 05 f8 54 f9 54 f9 e0 f9 e0 f9 00 fa 00 fa 18 fa 18 fa 77 fa 77 fa 5a fa 5a fa 03 fa 03 fa e9 fa e9 fa 33 fb 33 fb d1 fa d1 fa ff fc ff fc a0 fb a0 fb 3b fc 3b fc 2b fa 2b fa a8 fb a8 fb f8 fb f8 fb da fc da fc 48 fd 48 fd e7 fb e7 fb 8a fd 8a fd bb fb bb fb fb fa fb fa fc fa fc fa dd fb dd fb 93 fc 93 fc 03 fb 03 fb a3 fc a3 fc d2 fa d2 fa 8a fb 8a fb 39 fb 39 fb b2 fc b2 fc 67 fa 67 fa 80 fa 80 fa 30 f9 30 f9 cf f9 cf f9 1c fa 1c fa db fa db fa 4b fa 4b fa 76 f9 76 f9 d8 fa d8 fa ae fa ae fa de f8 de f8 9d f9 9d f9 9f fa 9f fa 3a fa 3a fa 60 fa 60 fa ac fa ac fa 86 fb 86 fb 8d fb 8d fb b5 f9 b5 f9 7b fb 7b fb bd fb bd fb 44 fc Data Ascii: hhiiTTwwZZ33;;++HH99gg00KKvv::``{{D
2025-01-09 18:15:28 UTC	1024	IN	Data Raw: f8 db 0b da 0b b3 0c b3 0c 1a 0a 1a 0a f6 19 f6 19 d7 25 d7 25 fc 0d fc 0d a6 fd a6 fd a4 0d a4 0d d0 1f d0 1f b6 15 b6 15 32 0f 32 0f 8c 17 8c 17 08 19 08 19 fe 0d fe 0d 77 0d 77 0d 7b 0f 7b 0f 21 09 21 09 4f 08 4f 08 16 16 16 16 b0 15 b0 15 a9 04 a9 04 5f fc 5f fc cc 01 cc 01 25 00 25 00 bd ff bd ff 27 0b 27 0b 20 0d 20 0d 26 f9 26 f9 5c ec 5c ec 45 f6 45 f6 3f ff 3f ff 00 fc 00 fc 24 fd 24 fd 0e 00 0e 00 9a f7 9a f7 be ed be ed f6 f2 f6 f2 46 fb 46 fb 97 fa 97 fa 31 fa 31 fa fd fd fd fd a1 fb a1 fb 63 f4 63 f4 cb f4 cb f4 88 fa 88 fa db fd db fd a9 00 a9 00 f4 03 f4 03 72 00 72 00 41 f9 41 f9 ee f8 ee f8 e0 fe e0 fe ff 01 ff 01 08 04 08 04 bd 06 bd 06 42 05 42 05 fa fe fa fe 96 fc 96 fc aa 00 aa 00 53 05 53 05 2e 08 2e 08 2e 08 2e 08 e2 04 e2 04 c7 ff Data Ascii: %%22ww{{!!OO__%%'' &&\\EE??$$FF11ccrrAABBSS....
2025-01-09 18:15:28 UTC	11341	IN	Data Raw: fc c8 f8 c8 f8 71 f9 71 f9 29 fd 29 fd 17 00 17 00 91 00 91 00 92 fc 92 fc 64 f6 64 f6 7e f3 7e f3 f9 f5 f9 f5 c0 f9 c0 f9 14 fb 14 fb 5d f8 5d f8 14 f5 14 f5 90 f3 90 f3 de f2 de f2 bf f4 bf f4 45 f7 45 f7 1f f8 1f f8 c1 f7 c1 f7 58 f6 58 f6 2d f5 2d f5 a0 f5 a0 f5 8a f7 8a f7 7a f9 7a f9 48 fa 48 fa 86 fa 86 fa 98 fb 98 fb ee fb ee fb 1d fb 1d fb 6a fc 6a fc fd fd fd fd 6a ff 6a ff 70 ff 70 ff d0 00 d0 00 d1 01 d1 01 e7 00 e7 00 85 fe 85 fe f6 ff f6 ff f2 01 f2 01 66 03 66 03 98 03 98 03 e5 04 e5 04 12 02 12 02 72 fd 72 fd 5d fd 5d fd a8 01 a8 01 74 02 74 02 b4 01 b4 01 d6 08 d6 08 5a 0c 5a 0c 08 05 08 05 74 fc 74 fc c9 06 c9 06 0c 12 0c 12 21 0c 21 0c 27 01 27 01 ee 0b ee 0b 89 1a 89 1a b3 14 b3 14 12 05 12 05 82 09 82 09 60 18 60 18 5a 1a 5a 1a 8a 11 Data Ascii: qq))dd~~]]EEXX--zzHHjjjjppffrr]]ttZZtt!!''``ZZ
2025-01-09 18:15:28 UTC	9000	IN	Data Raw: fe ff fe ff 08 00 08 00 00 00 00 00 03 00 03 00 01 00 01 00 00 00 00 00 06 00 06 00 f9 ff f9 ff 09 00 09 00 fa ff fa ff 07 00 07 00 f9 ff f9 ff 05 00 05 00 fc ff fc ff 01 00 01 00 fc ff fc ff 00 00 00 00 fc ff fc ff 02 00 02 00 ff ff ff ff ff ff ff ff 01 00 01 00 fe ff fe ff 02 00 02 00 fe ff fe ff 03 00 03 00 fd ff fd ff 04 00 04 00 00 00 00 00 04 00 04 00 fe ff fe ff 05 00 05 00 fe ff fe ff 02 00 02 00 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff 02 00 02 00 fc ff fc ff 02 00 02 00 fe ff fe ff 00 00 00 00 fd ff fd ff 01 00 01 00 00 00 ff ff 01 00 01 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 01 00 01 00 ff ff ff ff 03 00 03 00 00 00 00 00 01 00 01 00 01 00 01 00 01 00 01 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49848	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:29 UTC	922	OUT	GET /favicon.ico HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcU1UeGtoc05rYkZaK1gxa0VBNnlaejFFYzBwcmRsNzNqTk93eHRIY2ZXakloUXdtSDdaRDNMVmxJYjB0TlRtVG5ULzkxYVJiekx4dzdaVUdFQWcvcWFPa245R21ySzRkQlFHMEJ3RGVHcUZuUXlBMXhib05vSG5lSnFiUXpYUUpYbnVpK1p1R3BjQ1EzaWhzeVN2VTBKalZhdUdKUTh3UWFZMkRhclZGNkpkY0drSk1rRFNoZ2NOUEdnPT0tLWFScXFhaFNHek5hQ2prZ0MtLXIxMlREbnhkYlhWZExtK3B2Qmdwa0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:29 UTC	253	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:29 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 09 Jan 2025 15:04:19 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49854	34.195.197.181	443	2740	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:29 UTC	352	OUT	GET /favicon.ico HTTP/1.1 Host: secured-login.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 18:15:29 UTC	253	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 18:15:29 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 09 Jan 2025 15:04:19 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	49877	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:15:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 6c 59 6b 5a 73 72 31 6e 30 69 77 39 67 74 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 66 66 61 35 37 31 63 31 32 35 63 64 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: qlYkZsr1n0iw9gt3.1Context: 69affa571c125cd8
2025-01-09 18:15:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:15:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 71 6c 59 6b 5a 73 72 31 6e 30 69 77 39 67 74 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 66 66 61 35 37 31 63 31 32 35 63 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4f 70 37 59 56 35 33 6a 38 51 34 58 4b 45 37 69 76 69 58 79 69 62 51 7a 51 42 4d 73 4d 4b 50 76 51 34 35 50 30 37 30 77 72 57 47 73 51 6e 43 52 38 31 78 6e 4b 74 69 75 44 53 68 66 55 32 36 30 5a 31 64 76 62 57 57 74 77 4a 30 58 6c 62 59 51 51 4c 79 72 39 6d 41 34 41 34 44 51 78 51 42 2b 74 64 76 67 53 6a 68 4f 73 4d 74 70 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: qlYkZsr1n0iw9gt3.2Context: 69affa571c125cd8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWOp7YV53j8Q4XKE7iviXyibQzQBMsMKPvQ45P070wrWGsQnCR81xnKtiuDShfU260Z1dvbWWtwJ0XlbYQQLyr9mA4A4DQxQB+tdvgSjhOsMtp
2025-01-09 18:15:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 6c 59 6b 5a 73 72 31 6e 30 69 77 39 67 74 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 66 66 61 35 37 31 63 31 32 35 63 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: qlYkZsr1n0iw9gt3.3Context: 69affa571c125cd8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:15:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:15:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 58 44 4b 46 66 6f 58 51 6b 71 4f 64 41 4c 30 4f 30 38 76 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XXDKFfoXQkqOdAL0O08v3g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	50028	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:16:02 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 50 62 47 45 78 79 62 78 45 57 56 73 4d 65 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 34 37 64 30 63 33 33 37 35 33 33 66 34 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vPbGExybxEWVsMes.1Context: ba47d0c337533f4b
2025-01-09 18:16:02 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:16:02 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 50 62 47 45 78 79 62 78 45 57 56 73 4d 65 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 34 37 64 30 63 33 33 37 35 33 33 66 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4f 70 37 59 56 35 33 6a 38 51 34 58 4b 45 37 69 76 69 58 79 69 62 51 7a 51 42 4d 73 4d 4b 50 76 51 34 35 50 30 37 30 77 72 57 47 73 51 6e 43 52 38 31 78 6e 4b 74 69 75 44 53 68 66 55 32 36 30 5a 31 64 76 62 57 57 74 77 4a 30 58 6c 62 59 51 51 4c 79 72 39 6d 41 34 41 34 44 51 78 51 42 2b 74 64 76 67 53 6a 68 4f 73 4d 74 70 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vPbGExybxEWVsMes.2Context: ba47d0c337533f4b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWOp7YV53j8Q4XKE7iviXyibQzQBMsMKPvQ45P070wrWGsQnCR81xnKtiuDShfU260Z1dvbWWtwJ0XlbYQQLyr9mA4A4DQxQB+tdvgSjhOsMtp
2025-01-09 18:16:02 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 50 62 47 45 78 79 62 78 45 57 56 73 4d 65 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 34 37 64 30 63 33 33 37 35 33 33 66 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vPbGExybxEWVsMes.3Context: ba47d0c337533f4b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:16:02 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:16:02 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 4b 61 6d 68 69 70 6a 5a 45 71 70 46 2f 6c 68 7a 51 48 6d 63 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vKamhipjZEqpF/lhzQHmcA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	50035	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:16:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 35 30 6c 2b 6d 73 4b 41 55 71 57 57 67 44 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 66 61 37 30 61 62 33 33 66 63 34 33 32 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: P50l+msKAUqWWgDS.1Context: 7cfa70ab33fc432c
2025-01-09 18:16:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:16:38 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 50 35 30 6c 2b 6d 73 4b 41 55 71 57 57 67 44 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 66 61 37 30 61 62 33 33 66 63 34 33 32 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4f 70 37 59 56 35 33 6a 38 51 34 58 4b 45 37 69 76 69 58 79 69 62 51 7a 51 42 4d 73 4d 4b 50 76 51 34 35 50 30 37 30 77 72 57 47 73 51 6e 43 52 38 31 78 6e 4b 74 69 75 44 53 68 66 55 32 36 30 5a 31 64 76 62 57 57 74 77 4a 30 58 6c 62 59 51 51 4c 79 72 39 6d 41 34 41 34 44 51 78 51 42 2b 74 64 76 67 53 6a 68 4f 73 4d 74 70 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: P50l+msKAUqWWgDS.2Context: 7cfa70ab33fc432c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWOp7YV53j8Q4XKE7iviXyibQzQBMsMKPvQ45P070wrWGsQnCR81xnKtiuDShfU260Z1dvbWWtwJ0XlbYQQLyr9mA4A4DQxQB+tdvgSjhOsMtp
2025-01-09 18:16:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 35 30 6c 2b 6d 73 4b 41 55 71 57 57 67 44 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 63 66 61 37 30 61 62 33 33 66 63 34 33 32 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: P50l+msKAUqWWgDS.3Context: 7cfa70ab33fc432c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:16:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:16:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 67 61 71 74 37 48 31 77 45 36 51 65 66 68 76 2b 35 75 58 66 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2gaqt7H1wE6Qefhv+5uXfQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	50037	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-09 18:17:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 72 49 35 45 42 4e 51 45 6b 43 7a 6e 6a 49 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 33 35 62 31 61 35 33 37 34 66 31 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: XrI5EBNQEkCznjIb.1Context: 3ac35b1a5374f138
2025-01-09 18:17:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-09 18:17:20 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 72 49 35 45 42 4e 51 45 6b 43 7a 6e 6a 49 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 33 35 62 31 61 35 33 37 34 66 31 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 4f 70 37 59 56 35 33 6a 38 51 34 58 4b 45 37 69 76 69 58 79 69 62 51 7a 51 42 4d 73 4d 4b 50 76 51 34 35 50 30 37 30 77 72 57 47 73 51 6e 43 52 38 31 78 6e 4b 74 69 75 44 53 68 66 55 32 36 30 5a 31 64 76 62 57 57 74 77 4a 30 58 6c 62 59 51 51 4c 79 72 39 6d 41 34 41 34 44 51 78 51 42 2b 74 64 76 67 53 6a 68 4f 73 4d 74 70 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: XrI5EBNQEkCznjIb.2Context: 3ac35b1a5374f138<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWOp7YV53j8Q4XKE7iviXyibQzQBMsMKPvQ45P070wrWGsQnCR81xnKtiuDShfU260Z1dvbWWtwJ0XlbYQQLyr9mA4A4DQxQB+tdvgSjhOsMtp
2025-01-09 18:17:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 58 72 49 35 45 42 4e 51 45 6b 43 7a 6e 6a 49 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 63 33 35 62 31 61 35 33 37 34 66 31 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: XrI5EBNQEkCznjIb.3Context: 3ac35b1a5374f138<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-09 18:17:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-09 18:17:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 4a 38 6b 4b 49 6b 45 74 6b 53 76 6f 72 31 6e 56 4a 38 54 51 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ZJ8kKIkEtkSvor1nVJ8TQQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6720, Parent PID: 5868

General

Target ID:	1
Start time:	13:15:02
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\PaymentAdvice.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2740, Parent PID: 6720

General

Target ID:	3
Start time:	13:15:06
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2032,i,10110141688215829052,9866546582253879018,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PaymentAdvice.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6720, Parent PID: 5868

General

Chronological Activities

Windows Analysis Report
PaymentAdvice.html