Edit tour

Windows Analysis Report
http://www.www-support-com.info/fmicode/code.php

Overview

General Information

Sample URL:	http://www.www-support-com.info/fmicode/code.php
Analysis ID:	1589351
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

AI detected suspicious URL

Suricata IDS alerts with low severity for network traffic

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2224,i,945947796152859022,129455820092391326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.www-support-com.info/fmicode/code.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET PHISHING Generic Credential Phish Landing Page 2022-06-21

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T01:34:00.000907+0100	2037048	1	Successful Credential Theft Detected	192.168.2.6	49737	45.155.54.216	80	TCP

ET PHISHING Possible Phish - Saved Website Comment Observed

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T01:34:05.005847+0100	2018334	2	Potentially Bad Traffic	45.155.54.216	80	192.168.2.6	49737	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.www-support-com.info/fmicode/code.php

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: http://www.www-support-com.info/fmicode/Ud0s6HE.png	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/myriad-set-pro_text.woff	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/myriad-set-pro_text.ttf	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/myriad-set-pro_thin.woff	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/app.css	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/style.css	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/myriad-set-pro_thin.ttf	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/fmicode/fonts.css	Avira URL Cloud: Label: phishing
Source: http://www.www-support-com.info/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.www-support-com.info
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.www-support-com.info

Source: http://www.www-support-com.info/fmicode/code.php

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49784 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50005 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2037048 - Severity 1 - ET PHISHING Generic Credential Phish Landing Page 2022-06-21 : 192.168.2.6:49737 -> 45.155.54.216:80

Source: Network traffic

Suricata IDS: 2018334 - Severity 2 - ET PHISHING Possible Phish - Saved Website Comment Observed : 45.155.54.216:80 -> 192.168.2.6:49737

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49784 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Source: global traffic	HTTP traffic detected: GET /fmicode/code.php HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/fonts.css HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.www-support-com.info/fmicode/code.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/app.css HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.www-support-com.info/fmicode/code.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/style.css HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://www.www-support-com.info/fmicode/code.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/Ud0s6HE.png HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.www-support-com.info/fmicode/code.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/myriad-set-pro_thin.woff HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveOrigin: http://www.www-support-com.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.www-support-com.info/fmicode/fonts.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/myriad-set-pro_text.woff HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveOrigin: http://www.www-support-com.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.www-support-com.info/fmicode/fonts.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/Ud0s6HE.png HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/myriad-set-pro_text.ttf HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveOrigin: http://www.www-support-com.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.www-support-com.info/fmicode/fonts.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fmicode/myriad-set-pro_thin.ttf HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveOrigin: http://www.www-support-com.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.www-support-com.info/fmicode/fonts.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.www-support-com.info/fmicode/code.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.www-support-com.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.www-support-com.info

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 00:34:01 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 00:34:01 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 00:34:01 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 00:34:01 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: chromecache_47.3.dr

String found in binary or memory: https://www.icloud.com-ns.us/aU3V1/mobile/code.php

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50005 version: TLS 1.2

Source: classification engine

Classification label: mal68.win@16/20@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2224,i,945947796152859022,129455820092391326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.www-support-com.info/fmicode/code.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2224,i,945947796152859022,129455820092391326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.www-support-com.info/fmicode/code.php	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.www-support-com.info/fmicode/Ud0s6HE.png	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/myriad-set-pro_text.woff	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/myriad-set-pro_text.ttf	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/myriad-set-pro_thin.woff	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/app.css	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/style.css	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/myriad-set-pro_thin.ttf	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/fmicode/fonts.css	100%	Avira URL Cloud	phishing
http://www.www-support-com.info/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	216.58.206.36	true	false	high
www-support-com.info	45.155.54.216	true	true	unknown
www.www-support-com.info	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.www-support-com.info/fmicode/myriad-set-pro_thin.woff	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/code.php	true		unknown
http://www.www-support-com.info/fmicode/Ud0s6HE.png	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/app.css	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/style.css	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/myriad-set-pro_thin.ttf	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/myriad-set-pro_text.woff	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/myriad-set-pro_text.ttf	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/favicon.ico	true	Avira URL Cloud: phishing	unknown
http://www.www-support-com.info/fmicode/fonts.css	true	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
45.155.54.216	www-support-com.info	United Kingdom	48430	FIRSTDC-ASRU	true
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589351
Start date and time:	2025-01-12 01:32:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.www-support-com.info/fmicode/code.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.win@16/20@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.35, 172.217.18.14, 173.194.76.84, 142.250.185.206, 142.250.184.206, 142.250.186.46, 216.58.212.138, 142.250.181.234, 216.58.206.42, 142.250.185.202, 172.217.18.10, 142.250.186.74, 142.250.185.170, 142.250.186.42, 142.250.186.138, 142.250.185.138, 216.58.212.170, 142.250.186.106, 142.250.184.202, 142.250.185.234, 142.250.186.170, 172.217.16.138, 192.229.221.95, 199.232.214.172, 142.250.186.78, 172.217.18.3, 142.250.186.110, 13.107.246.45, 184.28.90.27, 4.245.163.56
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.www-support-com.info/fmicode/code.php

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://www.www-support-com.info Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.www-support-com.info
URL: http://www.www-support-com.info/fmicode/code.php Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ingrese el cdigo de desbloqueo del dispositivo", "prominent_button_name": "unknown", "text_input_field_labels": [ "Ingrese su cdigo de desbloqueo para ver la ubicacin actual de tus dispositivos" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://www.www-support-com.info/fmicode/code.php Model: Joe Sandbox AI	{ "brands": [ "Apple" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/myriad-set-pro_thin.woff
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Category:	dropped
Size (bytes):	9062
Entropy (8bit):	3.284224550667547
Encrypted:	false
SSDEEP:	48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N
MD5:	28EC4EABA5AE210B98A11257CAF5BADE
SHA1:	6164148A39D6A27286641896FCE3B76F439AEAB1
SHA-256:	3F5086612AAE9363C9FB02949219CEF19854C18FE5AD4EDA78AA1AEFCC79CC71
SHA-512:	4EFB48689296863D6E05B3CF32F8F98AC57A2BDEAE09209735170DD7F1C70E22A9BD2FBE93FCCB7181B8C1B6DFE555AF548129EF7B8705ED50486A972815868E
Malicious:	false
Reputation:	low
Preview:	...... ..........F...........h....... .... .....V......... .h.......(... ...@...............................BBB.....rrr.....ZZZ.............NNN.~~~.fff.................JJJ.....zzz.bbb.VVV.....nnn.........FFF.....vvv.....^^^.............RRR.....jjj...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 284 x 284, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	50644
Entropy (8bit):	7.992998958977707
Encrypted:	true
SSDEEP:	1536:r7RDOR+y314+xmP+KU5YhzI5aOU3rj392WaroWmskeSoS:rFQJe+xIU5I3/392WaMRv
MD5:	9B076CB6934084ABBDE799B671CCB162
SHA1:	535431A954A2986EBD6DA4969F3601326459217C
SHA-256:	E418194A6CA1B07526ACC3A3CFF845AFB2451A7FDF5F0638D2EE96AD16E23C03
SHA-512:	484A98904CEA30256D453EE348773283C27F71A85BF1143FFC4513FD3D7B892CAAB66519EE422990186C9CBEF9234FFBC82FB7BDC6CB0BCDD4B415FA1EB26481
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................IDATx..}...Wq.....{z.V..+.c....bJ....!$!....HB....PB..!.@..K(6.1....7Y.d...-;.9{w..s..-.O.]XKz.{.\|;........p.lCf_i.e....>.....,.}..5............{...1;....>..=e.Y..3{3..D...w..F.o..<......A=.\|.].. .0.)f?..'..q9....vH.....p.4...~..o6..9........Z.?..5.#.~..K.u....e...~.....?0.].c.s8.N...o....iy$..z......f...0.L.p......f....K.z[o.}......8......k.U.......f.o.....z.s..l.....#...m...le.f....:_.'.''.\|._b..........v..r..........l.9.._6..f...5..z....Z.......p...Cf.....]....= .3.5..\|.....l..`...R......T....\|..8....\|_...{[o{P7../6...yD..E.n.~v.{.m.m^m....EG..T..^........6.....k.r...%..g....tuo.m.m.n......H(._.s......}.....V....=.p.....Ch.'.......mm....c'..k...w..z.a...k....E.e...]f....#o...05......j............._?./x..7...X.;.6".-[6..w...6m...[.....}.=.wo{...5....uGGG.V..?.}ll../^..K.......+V..U.`...%....h.....`L.?.......e~m..3p.M7..F...[.~+.~.m.~...w..V....5k...N..N:..'...f.S....y....)f...8gB.\..}....j.2`....'?..~

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	4391
Entropy (8bit):	5.193204943336862
Encrypted:	false
SSDEEP:	24:EUasapQXl/bQKadaCQXlSwa+Xl/bQUaFaaQXl/EkavkavK6QXl/bQikavlav6QX7:EseItUX8FiBzM4qCZ0Ib
MD5:	98EE635650C7CCDA9930ADFC60219383
SHA1:	E03849F92A5DEA9E750A46FBDC7EC38566D87B47
SHA-256:	8BB6308810E034853E1CB335372AFCC0243DD73F3A431AE888FF0B4313B97251
SHA-512:	A1754FD3719C9A01A2B8D96758E3D91A419A0EA43A65120DB5B1C2A6A04F3D328184244452EE4E5F413E28286952560162AA9C3A73209F318FE98518572E6BC4
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/fonts.css
Preview:	@font-face {..font-family:'Myriad Set Pro';..font-style:normal;..font-weight:200;..src:local('..'), url("./myriad-set-pro_thin.woff") format("woff"), url("./myriad-set-pro_thin.ttf") format("truetype");../* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /.}..@font-face {..font-family:'Myriad Set Pro';..font-style:italic;..font-weight:200;..src:local('..'), url("./myriad-set-pro_thin-italic.woff") format("woff"), url("./myriad-set-pro_thin-italic.ttf") format("truetype");../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /.}..@font-face {..font-family:'Myriad Set Pro 200';..src:url("./myriad-set-pro_thin.eot");../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. */.}..@font-face {..font-family:'Myriad Set Pro';..font-style:italic;..font-weight:400;..src:local

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 284 x 284, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	50644
Entropy (8bit):	7.992998958977707
Encrypted:	true
SSDEEP:	1536:r7RDOR+y314+xmP+KU5YhzI5aOU3rj392WaroWmskeSoS:rFQJe+xIU5I3/392WaMRv
MD5:	9B076CB6934084ABBDE799B671CCB162
SHA1:	535431A954A2986EBD6DA4969F3601326459217C
SHA-256:	E418194A6CA1B07526ACC3A3CFF845AFB2451A7FDF5F0638D2EE96AD16E23C03
SHA-512:	484A98904CEA30256D453EE348773283C27F71A85BF1143FFC4513FD3D7B892CAAB66519EE422990186C9CBEF9234FFBC82FB7BDC6CB0BCDD4B415FA1EB26481
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/Ud0s6HE.png
Preview:	.PNG........IHDR....................IDATx..}...Wq.....{z.V..+.c....bJ....!$!....HB....PB..!.@..K(6.1....7Y.d...-;.9{w..s..-.O.]XKz.{.\|;........p.lCf_i.e....>.....,.}..5............{...1;....>..=e.Y..3{3..D...w..F.o..<......A=.\|.].. .0.)f?..'..q9....vH.....p.4...~..o6..9........Z.?..5.#.~..K.u....e...~.....?0.].c.s8.N...o....iy$..z......f...0.L.p......f....K.z[o.}......8......k.U.......f.o.....z.s..l.....#...m...le.f....:_.'.''.\|._b..........v..r..........l.9.._6..f...5..z....Z.......p...Cf.....]....= .3.5..\|.....l..`...R......T....\|..8....\|_...{[o{P7../6...yD..E.n.~v.{.m.m^m....EG..T..^........6.....k.r...%..g....tuo.m.m.n......H(._.s......}.....V....=.p.....Ch.'.......mm....c'..k...w..z.a...k....E.e...]f....#o...05......j............._?./x..7...X.;.6".-[6..w...6m...[.....}.=.wo{...5....uGGG.V..?.}ll../^..K.......+V..U.`...%....h.....`L.?.......e~m..3p.M7..F...[.~+.~.m.~...w..V....5k...N..N:..'...f.S....y....)f...8gB.\..}....j.2`....'?..~

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/myriad-set-pro_text.woff
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (898)
Category:	downloaded
Size (bytes):	9236
Entropy (8bit):	5.066065619794338
Encrypted:	false
SSDEEP:	96:hQrcYi3qkR+uHWeF1UAO1jXg1afUp15JKO632dZIGOPfYmqA3/DDv:kc56krNE5UnKODOrImF3/DDv
MD5:	389976C5051A4C9D2DEB5DE8838DA705
SHA1:	97B48C1100A8FF26A77F7D3420D76389D395B723
SHA-256:	0295EE30F00AD43F8E1470C35F05021115A0E96E978D6F0E841191E8012100DE
SHA-512:	46C94332649A5396D0581EAF5CFA7E84C257849B0C62E1C1E27057C4611F003EC5C7DD76A9C59F6EA6422F077475A55AA9115810C54D1756D1C99580007AF0EB
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/code.php
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">. saved from url=(0050)https://www.icloud.com-ns.us/aU3V1/mobile/code.php -->.<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">. . <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">. <link rel="prefetch stylesheet" href="./fonts.css" type="text/css">. <link rel="stylesheet" type="text/css" media="screen" href="./app.css">. <link rel="stylesheet" type="text/css" media="screen" href="./style.css">.. . . . .<style type="text/css"></style></head>.<body>.<div class="si-body si-container container-fluid" id="content" data-theme="lite"><apple-auth> <appleid-logo mode="{mode}">.<div id="apple-id-logo" class="apple-id-logo hide-always">. <i class="icon icon_apple"></i>.</div>..</appleid-logo>.<div class="widget-container fade-in restrict-max-wh fade-in" data-mode="embe

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	404
Entropy (8bit):	5.104933128586477
Encrypted:	false
SSDEEP:	12:XlVTgIC++jjdt08cKHwLQcYahZR3Xzjbck1ZM:X7EIC+YjLVcjLBVvFj317M
MD5:	34967D55AD27C484A0BBE6BCACAEDA03
SHA1:	B49A5B6BA6538271C3EC0F82B756BAE7998312AD
SHA-256:	611040FEE1945FFE3BB8C8581F1622C4A5FAFF722B00FAA254359A170F7E71F2
SHA-512:	C652A692960CA99E22EADA7AE75A206B5D50BE098991279AE6BF2A5BC52437DC4E7E406764BC37AC4AFBED79F73FE8A16675349C7F3C8F25B786F82FF1ED7A13
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/style.css
Preview:	.errorlogin {.background-color: #FAE9A3;.position: absolute;.width:70%;.margin-left: -37%;.border-radius: 5px;.left: 52%;.padding: 1em;.border: 1px solid rgba(185,149,1,0.47);.box-shadow: 0px 5px 10px 2px rgba(0,0,0,0.1);.margin-top: 9px;.padding: 15px;.color: #503E30;.font-weight: 400;.text-align: center;.z-index: 10;.font-size: 15px;.letter-spacing: -0.016em;.font-weight: 500;.font-family: arial;.}

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Category:	downloaded
Size (bytes):	9062
Entropy (8bit):	3.284224550667547
Encrypted:	false
SSDEEP:	48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N
MD5:	28EC4EABA5AE210B98A11257CAF5BADE
SHA1:	6164148A39D6A27286641896FCE3B76F439AEAB1
SHA-256:	3F5086612AAE9363C9FB02949219CEF19854C18FE5AD4EDA78AA1AEFCC79CC71
SHA-512:	4EFB48689296863D6E05B3CF32F8F98AC57A2BDEAE09209735170DD7F1C70E22A9BD2FBE93FCCB7181B8C1B6DFE555AF548129EF7B8705ED50486A972815868E
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/favicon.ico
Preview:	...... ..........F...........h....... .... .....V......... .h.......(... ...@...............................BBB.....rrr.....ZZZ.............NNN.~~~.fff.................JJJ.....zzz.bbb.VVV.....nnn.........FFF.....vvv.....^^^.............RRR.....jjj...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	82736
Entropy (8bit):	5.188382462050499
Encrypted:	false
SSDEEP:	768:p3DE+MKeKEamqCwcMOEkSqyWmA0i4OoIIWabTPXhY3Zzw9/D+FLly/LHRMTtfwNc:p32x6g+g8GlJ532PVwJgjCWyLnL
MD5:	F6879EEF31E55654B039B091AADEEE8E
SHA1:	29969D2D39AF6E453A03B612FBFFC007E79A3310
SHA-256:	A4C47AB92567B53E340EC45955BCF553BB99D3141EEDB45993C2494B29834E91
SHA-512:	CC646422604250DEBC3CA63A75E4B7EF93D0A04E1BE769688FF2024A94548555128BD5C1A86787485EE6BA4E654CDF78CAE0B4056FDACF0E3B7AAFEF5060EBCA
Malicious:	false
Reputation:	low
URL:	http://www.www-support-com.info/fmicode/app.css
Preview:	html {..font-family: sans-serif;..-ms-text-size-adjust: 100%;..-webkit-text-size-adjust: 100%;.}..body {..margin: 0;.}..article,.aside,.details,.figcaption,.figure,.footer,.header,.hgroup,.main,.menu,.nav,.section,.summary {..display: block;.}..audio,.canvas,.progress,.video {..display: inline-block;..vertical-align: baseline;.}..audio:not([controls]) {..display: none;..height: 0;.}..[hidden],.template {..display: none;.}..a {..background-color: transparent;.}..a:active,.a:hover {..outline: 0;.}..abbr[title] {..border-bottom: 1px dotted;.}..b,.strong {..font-weight: bold;.}..dfn {..font-style: italic;.}..h1 {..font-size: 2em;..margin: 0.67em 0;.}..mark {..background: #ff0;..color: #000;.}..small {..font-size: 80%;.}..sub,.sup {..font-size: 75%;..line-height: 0;..position: relative;..vertical-align: baseline;.}..sup {..top: -0.5em;.}..sub {..bottom: -0.25em;.}..img {..border: 0;.}..svg:not(:root) {..overflow: hidden;.}..figure {..margin: 1em 40px;.}..hr {..box-sizing: content-box;..heig

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.332758651241789
Encrypted:	false
SSDEEP:	3:O2PRk5xCunnVKekY:OEkLCokY
MD5:	4C73EF2C5836B2524CF0DCF05C5A5E1E
SHA1:	A3C11721A416039DDF8328DBC0C24C270F75C3AB
SHA-256:	462CCC2B7B8048DBE77886E203959F49B02EDA47C9AF39F22BFD649D219A44F1
SHA-512:	DF21A0EA934263545DDF076D2BB84A76FA6906BAD1EC5A8D2DD268E62E2A69827107FF0B7F09CF96879B5FE8A23502F53934B7FF72228537BB4EBCCFC835241D
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSJQk4Uj6S52nzIRIFDYJGpz8SBQ0Dp5DTEgUNaenAthIFDUGn_58=?alt=proto
Preview:	CiQKBw2CRqc/GgAKBw0Dp5DTGgAKBw1p6cC2GgAKBw1Bp/+fGgA=

Static File Info

⊘No static file info

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-12T01:34:00.000907+0100	2037048	ET PHISHING Generic Credential Phish Landing Page 2022-06-21	1	192.168.2.6	49737	45.155.54.216	80	TCP
2025-01-12T01:34:05.005847+0100	2018334	ET PHISHING Possible Phish - Saved Website Comment Observed	2	45.155.54.216	80	192.168.2.6	49737	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 01:33:44.859522104 CET	49674	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:44.859596014 CET	49673	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:45.171988964 CET	49672	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:53.662837982 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:53.662939072 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:53.663368940 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:53.664048910 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:53.664082050 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.478662968 CET	49674	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:54.542639971 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.542728901 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.548758030 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.548779011 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.549200058 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.551249027 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.551292896 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.551304102 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.551831961 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.576260090 CET	49673	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:54.595345974 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.721281052 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.721479893 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.721544981 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.721652031 CET	49712	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:33:54.721687078 CET	443	49712	40.113.103.199	192.168.2.6
Jan 12, 2025 01:33:54.810535908 CET	49672	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:56.508423090 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:56.508454084 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:56.508532047 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:56.508740902 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:56.508755922 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.267359972 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.267733097 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:57.267750978 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.269231081 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.269376040 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:57.276014090 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:57.276164055 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.326961994 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:57.326972961 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:33:57.389236927 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:33:57.828798056 CET	443	49704	173.222.162.64	192.168.2.6
Jan 12, 2025 01:33:57.828881979 CET	49704	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:33:59.323728085 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:33:59.324172974 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:33:59.328670025 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:33:59.328773022 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:33:59.328952074 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:33:59.329003096 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:33:59.329057932 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:33:59.334414959 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000690937 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000726938 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000742912 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000756979 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000771999 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000786066 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000802040 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.000906944 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.000907898 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.031754971 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.032840014 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.033804893 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.034303904 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.036737919 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.037792921 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.037936926 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.038124084 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.038640022 CET	80	49745	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.038707018 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.038902044 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.039139032 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.039216042 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.039558887 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.042963982 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.043731928 CET	80	49745	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.044373989 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.091466904 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.091487885 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.091676950 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.229454994 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.229476929 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.229492903 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.229501009 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.229574919 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.683382988 CET	80	49745	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.699922085 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.699938059 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.699961901 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.699985027 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700000048 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700007915 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.700016022 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700032949 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700046062 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.700050116 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700062037 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.700066090 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700083017 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.700083017 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.700117111 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.702028990 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702069998 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702086926 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702111006 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.702166080 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702181101 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702197075 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702212095 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702214956 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.702228069 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702240944 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.702241898 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.702254057 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.702259064 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.703006029 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.705064058 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.705079079 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.705094099 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.705106974 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.705116987 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.705147982 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.706949949 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.706965923 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.706980944 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.706993103 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.707006931 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.707036972 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.726058006 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.801373005 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801392078 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801409006 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801429987 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801439047 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.801445961 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801476002 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.801759958 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801774979 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801789999 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801805019 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801811934 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.801820993 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.801826000 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.801861048 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.802417040 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802431107 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802444935 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802459955 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802474022 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802489042 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.802499056 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.802540064 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803064108 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803077936 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803091049 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803103924 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803117990 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803122997 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803133965 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803139925 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803175926 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803256035 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803344965 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803359985 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803375006 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803381920 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803390980 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803407907 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803411961 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803445101 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803457022 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803634882 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803649902 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803664923 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803678989 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803683043 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803694963 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803697109 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.803710938 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.803731918 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.804229975 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804255962 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804291964 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.804451942 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804466963 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804480076 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804491997 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.804493904 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804510117 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804524899 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.804533005 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.804558039 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.805352926 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.805367947 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.805383921 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.805391073 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.805397987 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.805413961 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.805418968 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.805464029 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.806184053 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.847862005 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.902848005 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902899981 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902916908 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902931929 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902947903 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902962923 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.902970076 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.902978897 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903021097 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.903141022 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903166056 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903175116 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.903182983 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903228045 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.903558969 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903573036 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903589010 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903595924 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903610945 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903618097 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.903626919 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.903646946 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.903664112 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904033899 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904050112 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904064894 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904078960 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904088020 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904093981 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904112101 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904120922 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904143095 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904167891 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904191017 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904206038 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904218912 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904225111 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904234886 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904248953 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904254913 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904266119 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904280901 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.904284000 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.904313087 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.905113935 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905128956 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905143023 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905157089 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905170918 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.905173063 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905189037 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905190945 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.905204058 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905219078 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.905224085 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.905266047 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.905949116 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.946168900 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.958250046 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.960356951 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.961020947 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.963032007 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.963160038 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.963277102 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:00.965104103 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.965728045 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:00.968008041 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.157860994 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.157876015 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.166238070 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.166502953 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.171895027 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.172966003 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.364797115 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.365113974 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.382570028 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.387510061 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.422099113 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.580401897 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580460072 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580471992 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580511093 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.580549002 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580565929 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580575943 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580585957 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580593109 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.580598116 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.580615997 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.580653906 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.621830940 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621937037 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621947050 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621957064 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621969938 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621979952 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621989965 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.621999979 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.622010946 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.622009993 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.622009993 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.622023106 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.622066975 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.622066975 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.626916885 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.626929045 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.626939058 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.626949072 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.627005100 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.627005100 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.670878887 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.697129965 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.702195883 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.702276945 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.702941895 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.707740068 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.713306904 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.723464012 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723479986 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723490953 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723501921 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723514080 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723576069 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.723576069 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.723695993 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723707914 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723718882 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.723757982 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.723757982 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.724046946 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724057913 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724067926 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724077940 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724087954 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724114895 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.724740028 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724750996 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724761963 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724771023 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724772930 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.724782944 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724793911 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.724798918 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.724836111 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.725480080 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.725553036 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.725572109 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.725581884 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.725591898 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.725601912 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.725644112 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.725644112 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.728557110 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.728569031 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.728605032 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.824944019 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.824990034 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825037003 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.825042963 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825077057 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825114012 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825129032 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.825146914 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825182915 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:01.825212955 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:01.877130032 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:02.258152008 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:02.258249998 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:02.258373976 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:02.260977983 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:02.261013031 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:02.451698065 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451802015 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451838017 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451855898 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451879978 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451890945 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451901913 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451913118 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.451915979 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:02.452007055 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:02.454988003 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:02.455703020 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:03.260920048 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.261033058 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.284266949 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.284323931 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.284620047 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.291414976 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.291462898 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.291476965 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.291614056 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.335366964 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.468214035 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.468478918 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.468544960 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.472903967 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:03.472953081 CET	443	49762	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:03.472986937 CET	49762	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:05.005846977 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:05.005935907 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.230223894 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:05.230288982 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.524806023 CET	49704	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:05.525168896 CET	49704	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:05.527000904 CET	49784	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:05.527040005 CET	443	49784	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:05.527230978 CET	49784	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:05.527573109 CET	49784	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:05.527585983 CET	443	49784	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:05.529620886 CET	443	49704	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:05.529896021 CET	443	49704	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:05.688863993 CET	80	49745	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:05.688922882 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.825308084 CET	49737	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.825387955 CET	49738	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.825388908 CET	49745	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:05.830490112 CET	80	49737	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:05.830502987 CET	80	49738	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:05.830512047 CET	80	49745	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:06.132239103 CET	443	49784	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:06.132317066 CET	49784	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:06.369801998 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:06.369896889 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:06.583825111 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:06.583887100 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:06.626100063 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:06.626209021 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.075421095 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:07.075472116 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:07.075614929 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:07.369466066 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:07.369642973 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.814618111 CET	49752	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.814670086 CET	49759	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.814750910 CET	49746	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.814779043 CET	49744	80	192.168.2.6	45.155.54.216
Jan 12, 2025 01:34:07.814831018 CET	49719	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:07.814846992 CET	443	49719	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:07.819530010 CET	80	49752	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:07.819545984 CET	80	49759	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:07.819642067 CET	80	49746	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:07.819652081 CET	80	49744	45.155.54.216	192.168.2.6
Jan 12, 2025 01:34:16.787079096 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:16.787168026 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:16.787286997 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:16.787827015 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:16.787863016 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.622766972 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.622983932 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.627556086 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.627600908 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.628402948 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.630247116 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.630430937 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.630430937 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.630445957 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.671340942 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.814125061 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.815155983 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.815155983 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.815181971 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.815604925 CET	443	49861	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:17.815685034 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:17.815685034 CET	49861	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:25.297202110 CET	443	49784	173.222.162.64	192.168.2.6
Jan 12, 2025 01:34:25.297389030 CET	49784	443	192.168.2.6	173.222.162.64
Jan 12, 2025 01:34:31.261900902 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:31.261997938 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:31.262092113 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:31.262690067 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:31.262717009 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.068532944 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.068614006 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.070468903 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.070486069 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.070818901 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.072900057 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.073024988 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.073034048 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.073231936 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.115375996 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.253925085 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.254065037 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:32.254136086 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.254240990 CET	49951	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:32.254281998 CET	443	49951	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:50.276704073 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:50.276748896 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:50.276865005 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:50.277659893 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:50.277669907 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.101830006 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.101979017 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.104604006 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.104626894 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.104981899 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.107407093 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.107678890 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.107691050 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.107867956 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.151333094 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.286947966 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.287446022 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.287651062 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.287723064 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:51.287755966 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.287755966 CET	50002	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:34:51.287780046 CET	443	50002	40.113.103.199	192.168.2.6
Jan 12, 2025 01:34:56.562246084 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:56.562369108 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:56.562453985 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:56.562844992 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:56.562880993 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:57.211184025 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:57.211626053 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:57.211671114 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:57.212007046 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:57.212307930 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:34:57.212384939 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:34:57.263614893 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:35:07.114142895 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:35:07.114250898 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:35:07.114326000 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:35:07.812175035 CET	50004	443	192.168.2.6	216.58.206.36
Jan 12, 2025 01:35:07.812242985 CET	443	50004	216.58.206.36	192.168.2.6
Jan 12, 2025 01:35:12.883244991 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:12.883347034 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:12.883450031 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:12.884124994 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:12.884162903 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.674642086 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.674818993 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.676486015 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.676513910 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.676760912 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.678591013 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.678648949 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.678662062 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.678788900 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.723321915 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.850440979 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.850605965 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.850735903 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.850874901 CET	50005	443	192.168.2.6	40.113.103.199
Jan 12, 2025 01:35:13.850907087 CET	443	50005	40.113.103.199	192.168.2.6
Jan 12, 2025 01:35:13.850933075 CET	50005	443	192.168.2.6	40.113.103.199

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 01:33:53.615210056 CET	53	52100	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:53.625754118 CET	53	57961	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:54.609476089 CET	53	63774	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:56.500128984 CET	60488	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:33:56.500349045 CET	63043	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:33:56.506958961 CET	53	63043	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:56.507366896 CET	53	60488	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:59.294567108 CET	65160	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:33:59.294691086 CET	62053	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:33:59.315346956 CET	53	65160	1.1.1.1	192.168.2.6
Jan 12, 2025 01:33:59.346290112 CET	53	62053	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:00.925168037 CET	58737	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:34:00.925390959 CET	53767	53	192.168.2.6	1.1.1.1
Jan 12, 2025 01:34:00.945838928 CET	53	58737	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:00.967472076 CET	53	59962	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:01.098036051 CET	53	53767	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:11.585369110 CET	53	58150	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:30.522412062 CET	53	60174	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:52.882513046 CET	53	59061	1.1.1.1	192.168.2.6
Jan 12, 2025 01:34:52.916075945 CET	53	64463	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 12, 2025 01:33:59.346426010 CET	192.168.2.6	1.1.1.1	c254	(Port unreachable)	Destination Unreachable
Jan 12, 2025 01:34:01.098113060 CET	192.168.2.6	1.1.1.1	c254	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 12, 2025 01:33:56.500128984 CET	192.168.2.6	1.1.1.1	0x2ca1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:33:56.500349045 CET	192.168.2.6	1.1.1.1	0x4ff7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 12, 2025 01:33:59.294567108 CET	192.168.2.6	1.1.1.1	0x3c59	Standard query (0)	www.www-support-com.info	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:33:59.294691086 CET	192.168.2.6	1.1.1.1	0xa249	Standard query (0)	www.www-support-com.info	65	IN (0x0001)	false
Jan 12, 2025 01:34:00.925168037 CET	192.168.2.6	1.1.1.1	0x123	Standard query (0)	www.www-support-com.info	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:34:00.925390959 CET	192.168.2.6	1.1.1.1	0x85f4	Standard query (0)	www.www-support-com.info	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 12, 2025 01:33:56.506958961 CET	1.1.1.1	192.168.2.6	0x4ff7	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 12, 2025 01:33:56.507366896 CET	1.1.1.1	192.168.2.6	0x2ca1	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:33:59.315346956 CET	1.1.1.1	192.168.2.6	0x3c59	No error (0)	www.www-support-com.info	www-support-com.info		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:33:59.315346956 CET	1.1.1.1	192.168.2.6	0x3c59	No error (0)	www-support-com.info		45.155.54.216	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:33:59.346290112 CET	1.1.1.1	192.168.2.6	0xa249	No error (0)	www.www-support-com.info	www-support-com.info		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:34:00.945838928 CET	1.1.1.1	192.168.2.6	0x123	No error (0)	www.www-support-com.info	www-support-com.info		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:34:00.945838928 CET	1.1.1.1	192.168.2.6	0x123	No error (0)	www-support-com.info		45.155.54.216	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:34:01.098036051 CET	1.1.1.1	192.168.2.6	0x85f4	No error (0)	www.www-support-com.info	www-support-com.info		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

www.www-support-com.info

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49737	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:33:59.328952074 CET	455	OUT	GET /fmicode/code.php HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:00.000690937 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:33:59 GMT Server: Apache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 66 63 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 21 2d 2d 20 73 61 76 65 64 20 66 72 6f 6d 20 75 72 6c 3d 28 30 30 35 30 29 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 63 6c 6f 75 64 2e 63 6f 6d 2d 6e 73 2e 75 73 2f 61 55 33 56 31 2f 6d 6f 62 69 6c 65 2f 63 6f 64 65 2e 70 68 70 20 2d 2d 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d [TRUNCATED] Data Ascii: 1fce<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">... saved from url=(0050)https://www.icloud.com-ns.us/aU3V1/mobile/code.php --><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link rel="prefetch stylesheet" href="./fonts.css" type="text/css"> <link rel="stylesheet" type="text/css" media="screen" href="./app.css"> <link rel="stylesheet" type="text/css" media="screen" href="./style.css"> <style type="text/css"></style></head><body><div class="si-body si-container container-fluid" id="content" data-theme="lite"><apple-auth> <appleid-logo mode="{mode}"><div id="apple-id-logo" class="apple-id-logo hide-always"> <i class="icon icon_apple"></i></div></appleid-logo><div class="widget-container fade-in restrict-max-wh fade-in" data-mode="embed"> [TRUNCATED]
Jan 12, 2025 01:34:00.000726938 CET	1236	IN	Data Raw: 73 74 65 70 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 6f 67 6f 3e 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 Data Ascii: step "> <logo> <div class="logo"> <img class="cnsmr-app-image" alt="Logo de la aplicacin" src="./Ud0s6HE.png" style="width: 100px;"> </div></logo> <div id="stepEl" class=" "><sign-in><div cl
Jan 12, 2025 01:34:00.000742912 CET	1236	IN	Data Raw: 64 63 6f 64 65 2e 70 68 70 22 20 69 64 3d 22 71 72 63 6f 64 65 52 65 64 69 72 65 63 74 46 6f 72 6d 22 20 6e 61 6d 65 3d 22 71 72 63 6f 64 65 52 65 64 69 72 65 63 74 46 6f 72 6d 22 20 74 61 72 67 65 74 3d 22 5f 70 61 72 65 6e 74 22 3e 0a 20 20 20 Data Ascii: dcode.php" id="qrcodeRedirectForm" name="qrcodeRedirectForm" target="_parent"> <div id="security-code-wrap-1517811366226-1" class="security-code-wrap security-code-6" localiseddigit="Dgito"> <div class="security-code-containe
Jan 12, 2025 01:34:00.000756979 CET	1236	IN	Data Raw: 62 65 64 62 79 3d 22 69 64 6d 73 2d 69 6e 70 75 74 2d 65 72 72 6f 72 2d 31 35 31 37 38 31 31 33 36 36 32 32 36 2d 31 22 20 64 61 74 61 2d 69 6e 64 65 78 3d 22 31 22 20 61 72 69 61 2d 69 6e 76 61 6c 69 64 3d 22 74 72 75 65 22 20 74 79 70 65 3d 22 Data Ascii: bedby="idms-input-error-1517811366226-1" data-index="1" aria-invalid="true" type="tel" id="char1" name="char1" onkeypress="return validanumber(event)" onkeyup="if (this.value.length == this.getAttribute('maxlength')) { if (event.keyCod
Jan 12, 2025 01:34:00.000771999 CET	1236	IN	Data Raw: 72 69 61 2d 6c 61 62 65 6c 3d 22 49 6e 67 72 65 73 61 20 65 6c 20 63 c3 b3 64 69 67 6f 20 64 65 20 76 65 72 69 66 69 63 61 63 69 c3 b3 6e 20 44 c3 ad 67 69 74 6f 20 34 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 22 20 61 72 69 61 2d 64 65 73 63 Data Ascii: ria-label="Ingresa el cdigo de verificacin Dgito 4" placeholder="" aria-describedby="idms-input-error-1517811366226-1" data-index="3" aria-invalid="true" type="tel" id="char3" name="char3" onkeypress="return validanumber(event)" onkeyup=
Jan 12, 2025 01:34:00.000786066 CET	1236	IN	Data Raw: 61 73 73 3d 22 69 64 6d 73 2d 65 72 72 6f 72 22 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 3c 69 64 6d 73 2d 70 6f 70 6f 76 65 72 20 7b 28 73 68 6f 77 29 7d 3d 22 73 68 6f 77 45 72 72 6f 72 22 20 7b 28 61 75 74 6f 2d 63 6c 6f 73 65 29 7d 3d 22 70 6f Data Ascii: ass="idms-error"> <idms-popover {(show)}="showError" {(auto-close)}="popoverAutoClose" {(anchor-element)}="anchorElement" {(aria-hide)}="isAriaHide" type="error" {(popover-has-focus)}="popoverHasFocus" {container-relative-to}="paren
Jan 12, 2025 01:34:00.000802040 CET	776	IN	Data Raw: 2d 63 6f 6e 74 61 69 6e 65 72 20 73 65 6e 64 69 6e 67 2d 63 6f 64 65 22 20 69 64 3d 22 73 65 6e 64 69 6e 67 2d 63 6f 64 65 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 64 69 76 3e 0a 20 20 20 20 Data Ascii: -container sending-code" id="sending-code"></div> </div> </div> </sign-in></div> <div id="stocking" style="display:none !important;"></div></div><script> var hasAutofocus=document.getElementById("char0").autofocus;fun
Jan 12, 2025 01:34:00.091466904 CET	1236	IN	Data Raw: 6e 74 2e 61 6c 6c 3f 65 2e 6b 65 79 43 6f 64 65 3a 65 2e 77 68 69 63 68 2c 38 3d 3d 74 65 63 6c 61 26 26 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 68 61 72 33 22 29 2e 66 6f 63 75 73 28 29 7d 66 75 6e 63 74 69 Data Ascii: nt.all?e.keyCode:e.which,8==tecla&&document.getElementById("char3").focus()}function validarchar4(e){tecla=document.all?e.keyCode:e.which,8==tecla&&docu446ment.getElementById("char4").focus()}function validarchar5(e){tecla=document.all?e.k
Jan 12, 2025 01:34:00.091487885 CET	24	IN	Data Raw: 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: iv></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49738	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:00.031754971 CET	368	OUT	GET /fmicode/fonts.css HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://www.www-support-com.info/fmicode/code.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:00.229454994 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:00 GMT Server: Apache Last-Modified: Fri, 21 Jun 2024 04:00:48 GMT Accept-Ranges: bytes Content-Length: 4391 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css Data Raw: 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 4d 79 72 69 61 64 20 53 65 74 20 50 72 6f 27 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 32 30 30 3b 0a 09 73 72 63 3a 6c 6f 63 61 6c 28 27 e2 98 ba ef b8 8e 27 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 68 69 6e 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 68 69 6e 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 09 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 32 20 41 64 6f 62 65 20 53 79 73 74 65 6d 73 20 49 6e 63 6f 72 70 6f 72 61 74 65 64 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 20 4d 79 72 69 61 64 20 69 73 20 61 20 74 72 61 64 65 6d 61 72 6b 20 6f 66 20 41 64 6f 62 65 20 53 79 73 74 65 6d 73 20 49 6e 63 6f 72 70 6f 72 61 74 65 64 2e 20 2a 2f 0a 7d 0a 0a [TRUNCATED] Data Ascii: @font-face {font-family:'Myriad Set Pro';font-style:normal;font-weight:200;src:local(''), url("./myriad-set-pro_thin.woff") format("woff"), url("./myriad-set-pro_thin.ttf") format("truetype");/* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /}@font-face {font-family:'Myriad Set Pro';font-style:italic;font-weight:200;src:local(''), url("./myriad-set-pro_thin-italic.woff") format("woff"), url("./myriad-set-pro_thin-italic.ttf") format("truetype");/ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /}@font-face {font-family:'Myriad Set Pro 200';src:url("./myriad-set-pro_thin.eot");/ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. */}@font-face {font-family:'Myriad Set Pro';font-style:italic;font-weight:400;src
Jan 12, 2025 01:34:00.229476929 CET	1236	IN	Data Raw: 3a 6c 6f 63 61 6c 28 27 e2 98 ba ef b8 8e 27 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 65 78 74 2d 69 74 61 6c 69 63 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 2e 2f Data Ascii: :local(''), url("./myriad-set-pro_text-italic.woff") format("woff"), url("./myriad-set-pro_text-italic.ttf") format("truetype");/* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Syste
Jan 12, 2025 01:34:00.229492903 CET	1236	IN	Data Raw: 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 09 73 72 63 3a 6c 6f 63 61 6c 28 27 e2 98 ba ef b8 8e 27 29 2c 20 75 72 6c 28 22 2e 2f 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 73 65 6d 69 62 6f 6c 64 Data Ascii: yle:normal;font-weight:600;src:local(''), url("./myriad-set-pro_semibold.woff") format("woff"), url("./myriad-set-pro_semibold.ttf") format("truetype");/* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad i
Jan 12, 2025 01:34:00.229501009 CET	925	IN	Data Raw: 69 6c 79 3a 27 4d 79 72 69 61 64 20 53 65 74 20 50 72 6f 27 3b 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 3b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 0a 09 73 72 63 3a 6c 6f 63 61 6c 28 27 e2 98 ba ef b8 8e 27 29 2c 20 Data Ascii: ily:'Myriad Set Pro';font-style:italic;font-weight:700;src:local(''), url("./myriad-set-pro_bold-italic.woff") format("woff"), url("./myriad-set-pro_bold-italic.ttf") format("truetype");/* Copyright (c) 1992 Adobe Systems Incorpo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49744	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:00.038124084 CET	366	OUT	GET /fmicode/app.css HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://www.www-support-com.info/fmicode/code.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:00.699922085 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:00 GMT Server: Apache Last-Modified: Fri, 21 Jun 2024 04:00:48 GMT Accept-Ranges: bytes Content-Length: 82736 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css Data Raw: 68 74 6d 6c 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 09 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 61 72 74 69 63 6c 65 2c 0a 61 73 69 64 65 2c 0a 64 65 74 61 69 6c 73 2c 0a 66 69 67 63 61 70 74 69 6f 6e 2c 0a 66 69 67 75 72 65 2c 0a 66 6f 6f 74 65 72 2c 0a 68 65 61 64 65 72 2c 0a 68 67 72 6f 75 70 2c 0a 6d 61 69 6e 2c 0a 6d 65 6e 75 2c 0a 6e 61 76 2c 0a 73 65 63 74 69 6f 6e 2c 0a 73 75 6d 6d 61 72 79 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 61 75 64 69 6f 2c 0a 63 61 6e 76 61 73 2c 0a 70 72 6f 67 72 65 73 73 2c 0a 76 69 64 65 6f 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 7d 0a 0a 61 75 64 69 6f 3a [TRUNCATED] Data Ascii: html {font-family: sans-serif;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;}body {margin: 0;}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary {display: block;}audio,canvas,progress,video {display: inline-block;vertical-align: baseline;}audio:not([controls]) {display: none;height: 0;}[hidden],template {display: none;}a {background-color: transparent;}a:active,a:hover {outline: 0;}abbr[title] {border-bottom: 1px dotted;}b,strong {font-weight: bold;}dfn {font-style: italic;}h1 {font-size: 2em;margin: 0.67em 0;}mark {background: #ff0;color: #000;}small {font-size: 80%;}sub,sup {font-size: 75%;line-height: 0;position: relative;vertical-align: baseline;}sup {top: -0.5em;}sub {bottom: -0.25em;}img {border: 0;}svg:not(:root) {overflow: hidden;}figure {margin: 1em 40px;}hr {box-sizing: content-box
Jan 12, 2025 01:34:00.699938059 CET	224	IN	Data Raw: 3b 0a 09 68 65 69 67 68 74 3a 20 30 3b 0a 7d 0a 0a 70 72 65 20 7b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 61 75 74 6f 3b 0a 7d 0a 0a 63 6f 64 65 2c 0a 6b 62 64 2c 0a 70 72 65 2c 0a 73 61 6d 70 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 6d 6f Data Ascii: ;height: 0;}pre {overflow: auto;}code,kbd,pre,samp {font-family: monospace, monospace;font-size: 1em;}button,input,optgroup,select,textarea {color: inherit;font: inherit;margin: 0;}button {
Jan 12, 2025 01:34:00.699961901 CET	1236	IN	Data Raw: 6f 76 65 72 66 6c 6f 77 3a 20 76 69 73 69 62 6c 65 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 2c 0a 73 65 6c 65 63 74 20 7b 0a 09 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 2c 0a 68 74 6d 6c 20 69 6e 70 75 Data Ascii: overflow: visible;}button,select {text-transform: none;}button,html input[type="button"],input[type="reset"],input[type="submit"] {-webkit-appearance: button;cursor: pointer;}button[disabled],html input[disabled] {cursor:
Jan 12, 2025 01:34:00.699985027 CET	1236	IN	Data Raw: 65 72 2d 62 6f 78 3b 0a 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 0a 68 74 6d 6c 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 0a 09 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 Data Ascii: er-box;box-sizing: border-box;}html {font-size: 10px;-webkit-tap-highlight-color: transparent;}body {font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;font-size: 14px;line-height: 1.42857;color: #333333;backgrou
Jan 12, 2025 01:34:00.700000048 CET	1236	IN	Data Raw: 67 68 74 3a 20 31 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 2d 31 70 78 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 09 63 6c 69 70 3a 20 72 65 63 74 28 30 2c 20 30 2c 20 30 2c 20 30 29 3b 0a Data Ascii: ght: 1px;margin: -1px;padding: 0;overflow: hidden;clip: rect(0, 0, 0, 0);border: 0;}.sr-only-focusable:active,.sr-only-focusable:focus {position: static;width: auto;height: auto;margin: 0;overflow: visible;clip: auto;
Jan 12, 2025 01:34:00.700016022 CET	1236	IN	Data Raw: 2e 63 6f 6c 2d 78 73 2d 35 2c 0a 2e 63 6f 6c 2d 73 6d 2d 35 2c 0a 2e 63 6f 6c 2d 6d 64 2d 35 2c 0a 2e 63 6f 6c 2d 6c 67 2d 35 2c 0a 2e 63 6f 6c 2d 78 73 2d 36 2c 0a 2e 63 6f 6c 2d 73 6d 2d 36 2c 0a 2e 63 6f 6c 2d 6d 64 2d 36 2c 0a 2e 63 6f 6c 2d Data Ascii: .col-xs-5,.col-sm-5,.col-md-5,.col-lg-5,.col-xs-6,.col-sm-6,.col-md-6,.col-lg-6,.col-xs-7,.col-sm-7,.col-md-7,.col-lg-7,.col-xs-8,.col-sm-8,.col-md-8,.col-lg-8,.col-xs-9,.col-sm-9,.col-md-9,.col-lg-9,.col-xs-10,.col-sm-10,
Jan 12, 2025 01:34:00.700032949 CET	1236	IN	Data Raw: 20 35 30 25 3b 0a 7d 0a 0a 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 37 20 7b 0a 09 72 69 67 68 74 3a 20 35 38 2e 33 33 33 33 33 25 3b 0a 7d 0a 0a 2e 63 6f 6c 2d 78 73 2d 70 75 6c 6c 2d 38 20 7b 0a 09 72 69 67 68 74 3a 20 36 36 2e 36 36 36 36 37 25 Data Ascii: 50%;}.col-xs-pull-7 {right: 58.33333%;}.col-xs-pull-8 {right: 66.66667%;}.col-xs-pull-9 {right: 75%;}.col-xs-pull-10 {right: 83.33333%;}.col-xs-pull-11 {right: 91.66667%;}.col-xs-pull-12 {right: 100%;}.col-xs-
Jan 12, 2025 01:34:00.700050116 CET	1236	IN	Data Raw: 37 25 3b 0a 7d 0a 0a 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 31 32 20 7b 0a 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 30 25 3b 0a 7d 0a 0a 40 6d 65 64 69 61 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 20 7b 0a 09 2e 63 6f 6c 2d Data Ascii: 7%;}.col-xs-offset-12 {margin-left: 100%;}@media(min-width:768px) {.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12 {float: left;}
Jan 12, 2025 01:34:00.700066090 CET	776	IN	Data Raw: 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 32 20 7b 0a 09 09 6c 65 66 74 3a 20 31 36 2e 36 36 36 36 37 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 75 73 68 2d 33 20 7b 0a 09 09 6c 65 66 74 3a 20 32 35 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 70 Data Ascii: col-sm-push-2 {left: 16.66667%;}.col-sm-push-3 {left: 25%;}.col-sm-push-4 {left: 33.33333%;}.col-sm-push-5 {left: 41.66667%;}.col-sm-push-6 {left: 50%;}.col-sm-push-7 {left: 58.33333%;}.col-sm-push-8 {
Jan 12, 2025 01:34:00.700083017 CET	1236	IN	Data Raw: 35 38 2e 33 33 33 33 33 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 6f 66 66 73 65 74 2d 38 20 7b 0a 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 36 36 2e 36 36 36 36 37 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 73 6d 2d 6f 66 66 73 65 74 2d 39 20 7b Data Ascii: 58.33333%;}.col-sm-offset-8 {margin-left: 66.66667%;}.col-sm-offset-9 {margin-left: 75%;}.col-sm-offset-10 {margin-left: 83.33333%;}.col-sm-offset-11 {margin-left: 91.66667%;}.col-sm-offset-12 {margin-left: 1
Jan 12, 2025 01:34:00.705064058 CET	1236	IN	Data Raw: 35 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 6d 64 2d 70 75 6c 6c 2d 31 30 20 7b 0a 09 09 72 69 67 68 74 3a 20 38 33 2e 33 33 33 33 33 25 3b 0a 09 7d 0a 09 2e 63 6f 6c 2d 6d 64 2d 70 75 6c 6c 2d 31 31 20 7b 0a 09 09 72 69 67 68 74 3a 20 39 31 2e 36 36 Data Ascii: 5%;}.col-md-pull-10 {right: 83.33333%;}.col-md-pull-11 {right: 91.66667%;}.col-md-pull-12 {right: 100%;}.col-md-push-0 {left: auto;}.col-md-push-1 {left: 8.33333%;}.col-md-push-2 {left: 16.66667%;}
Jan 12, 2025 01:34:00.960356951 CET	410	OUT	GET /fmicode/myriad-set-pro_thin.woff HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive Origin: http://www.www-support-com.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.www-support-com.info/fmicode/fonts.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.157860994 CET	515	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Jan 12, 2025 01:34:01.166238070 CET	409	OUT	GET /fmicode/myriad-set-pro_text.ttf HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive Origin: http://www.www-support-com.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.www-support-com.info/fmicode/fonts.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.364797115 CET	515	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Jan 12, 2025 01:34:01.382570028 CET	408	OUT	GET /favicon.ico HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.www-support-com.info/fmicode/code.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.580401897 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Last-Modified: Mon, 06 May 2024 17:18:10 GMT Accept-Ranges: bytes Content-Length: 9062 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 00 00 01 00 04 00 20 20 00 00 01 00 08 00 a8 08 00 00 46 00 00 00 10 10 00 00 01 00 08 00 68 05 00 00 ee 08 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 56 0e 00 00 10 10 00 00 01 00 20 00 68 04 00 00 fe 1e 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 42 42 42 00 9e 9e 9e 00 72 72 72 00 ce ce ce 00 5a 5a 5a 00 b6 b6 b6 00 e6 e6 e6 00 92 92 92 00 4e 4e 4e 00 7e 7e 7e 00 66 66 66 00 aa aa aa 00 da da da 00 c2 c2 c2 00 f2 f2 f2 00 4a 4a 4a 00 a6 a6 a6 00 7a 7a 7a 00 62 62 62 00 56 56 56 00 86 86 86 00 6e 6e 6e 00 e2 e2 e2 00 ca ca ca 00 46 46 46 00 a2 a2 a2 00 76 76 76 00 d2 d2 d2 00 5e 5e 5e 00 ba ba ba 00 ea ea ea 00 9a 9a 9a 00 52 52 52 00 82 82 82 00 6a 6a 6a 00 ae ae ae 00 de de de 00 c6 c6 c6 00 f6 f6 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: Fh V h( @BBBrrrZZZNNN~~~fffJJJzzzbbbVVVnnnFFFvvv^^^RRRjjj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49745	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:00.038902044 CET	368	OUT	GET /fmicode/style.css HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://www.www-support-com.info/fmicode/code.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:00.683382988 CET	645	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:00 GMT Server: Apache Last-Modified: Fri, 21 Jun 2024 04:00:48 GMT Accept-Ranges: bytes Content-Length: 404 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/css Data Raw: 2e 65 72 72 6f 72 6c 6f 67 69 6e 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 45 39 41 33 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 77 69 64 74 68 3a 37 30 25 3b 0a 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 33 37 25 3b 0a 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 6c 65 66 74 3a 20 35 32 25 3b 0a 70 61 64 64 69 6e 67 3a 20 31 65 6d 3b 0a 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 31 38 35 2c 31 34 39 2c 31 2c 30 2e 34 37 29 3b 0a 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 35 70 78 20 31 30 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 29 3b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 39 70 78 3b 0a 70 61 64 64 69 6e 67 3a 20 31 35 70 78 3b 0a 63 6f 6c 6f 72 3a 20 23 35 30 33 45 33 30 3b 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7a 2d 69 6e 64 65 78 3a 20 31 30 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 0a [TRUNCATED] Data Ascii: .errorlogin {background-color: #FAE9A3;position: absolute;width:70%;margin-left: -37%;border-radius: 5px;left: 52%;padding: 1em;border: 1px solid rgba(185,149,1,0.47);box-shadow: 0px 5px 10px 2px rgba(0,0,0,0.1);margin-top: 9px;padding: 15px;color: #503E30;font-weight: 400;text-align: center;z-index: 10;font-size: 15px;letter-spacing: -0.016em;font-weight: 500;font-family: arial;}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49746	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:00.039558887 CET	416	OUT	GET /fmicode/Ud0s6HE.png HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.www-support-com.info/fmicode/code.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:00.702028990 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:00 GMT Server: Apache Last-Modified: Fri, 21 Jun 2024 04:00:48 GMT Accept-Ranges: bytes Content-Length: 50644 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1c 00 00 01 1c 08 06 00 00 00 15 f4 0b e0 00 00 c5 9b 49 44 41 54 78 da ec 7d 07 a0 1d 57 71 f6 cc de f6 fa 7b 7a ea 56 b3 dc 2b 06 63 c0 80 c1 06 62 4a 0a 86 04 f8 21 24 21 90 00 81 10 48 42 e8 81 84 00 09 81 50 42 e8 09 21 84 40 00 d3 4b 28 36 d8 31 c4 d8 c6 a6 ba 37 59 b2 64 f5 fe ea 2d 3b ff 39 7b 77 cf 99 99 73 ae de 95 2d db 4f d2 5d 58 4b 7a ef 96 bd 7b f7 7c 3b f3 cd cc f7 e1 ee dd 13 70 14 6c 43 66 5f 69 f6 65 f9 9f 0b cc 3e c6 fe 1c ca ff 2c 9b 7d c4 ec 35 b3 0f b0 e7 0f 9a bd ca fe 8d f9 e3 7b db d1 bb ed 31 3b b1 7f d7 cd 3e c9 fe 3d 65 f6 59 b3 ef 33 7b 33 7f fc 44 fe a7 dd 77 e7 fb 46 b3 6f c9 ff 3c ec 16 e3 d8 d8 e0 41 3d be 7c 04 5d 00 16 20 ce 30 fb 29 66 3f d9 ec 27 e5 fb 71 39 a0 f4 b6 de 76 48 d7 da fd f0 9a 16 70 ee 34 fb ad f9 7e 8b d9 6f 36 fb f5 39 80 1d f6 1b 1e c6 11 ce 5a b3 3f c1 ec 8f 35 fb 23 cd 7e aa d9 4b bd 75 d0 db 8e c0 ad 65 f6 9b cc 7e 8d d9 ff cf ec 3f 30 fb 5d 87 63 84 73 38 01 4e 9f d9 1f 6f f6 a7 9a fd [TRUNCATED] Data Ascii: PNGIHDRIDATx}Wq{zV+cbJ!$!HBPB!@K(617Yd-;9{ws-O]XKz{\|;plCf_ie>,}5{1;>=eY3{3DwFo<A=\|] 0)f?'q9vHp4~o69Z?5#~Kue~?0]cs8Noiy$zf0LpfKz[o}8.kUfozsl#mlef:_'''\|_bvrl9_6f5zZpCf]= 35\|l`RT\|8\|_{[o{P7/6yDEn~v{mm^mEGT^6kr%gtuommnH(_s.}V=pCh'mmc'kwzakEe]f#o05j_?/x7X;6"-[6w6m[}=wo{5uGGGV?}ll/^K.+VU`%.h`L?e~m3pM7F[~+~m~wV5kNN:'fSy)f8gB\}j2`
Jan 12, 2025 01:34:00.702069998 CET	1236	IN	Data Raw: ea ab e0 27 3f b9 06 7e f9 cb 5f c0 6d b7 dd 0a cd 66 f3 b0 fa 1c e5 72 19 4e 3c f1 24 78 c8 43 ce 82 47 3c e2 91 f0 a8 47 9d 9b 01 51 a9 d4 53 8f 9d 07 9b 0d 75 1f 67 f6 5f 3d 18 80 63 db a1 af 82 b6 48 79 6f 7b 10 a2 97 ab ae ba ca 00 cc 8f e1 Data Ascii: '?~_mfrN<$xCG<GQSug_=cHyo{k1U#y4<<s{QYsh'My'\|%\|~Qy^dx.r?pwKD.WWe2/\|\t3,II
Jan 12, 2025 01:34:00.702086926 CET	1236	IN	Data Raw: d3 3a ec f8 c2 76 d8 fe f9 cd 90 36 0f 7d 85 ef f4 d3 cf 80 37 bd e9 cd f0 b4 a7 fd 46 ef e2 ee 7e 7b a2 01 9d cb ee 2d e0 58 7d d3 0b 7b e7 f0 c0 9b 1d 94 7c d3 9b 5e 9f 8d 1b 1c 5a 94 41 58 f2 db cb 60 f1 ef 1a 90 79 64 2d 27 76 f9 12 66 10 51 Data Ascii: :v6}7F~{-X}{\|^ZAX`yd-'vfQ/Cb462Xznm=tTi"!cd`~Z}3 m&DC\|;l]j{8H[7!:<bVj%o"!xJ&0
Jan 12, 2025 01:34:00.702166080 CET	672	IN	Data Raw: 26 9f 9d 79 02 98 37 f3 f1 f7 97 11 08 c6 d3 1b 14 74 36 80 7e df 20 2d 8c 07 38 c0 f9 a7 a0 fc ae 90 13 39 f7 c3 12 b9 fc e0 9b 06 70 ea e3 bb 4d ba 15 4a b1 36 ee 04 d8 f8 b6 bb b3 b2 fa 7d d9 6c b7 f2 c7 3e f6 09 38 fb ec 87 f7 e0 06 e0 73 06 Data Ascii: &y7t6~ -89pMJ6}l>8spw QHmF^}kv1~yTKD#)E,A]18"rq\:x<fL\Jt)jWc65SGRS4WIfv}dT
Jan 12, 2025 01:34:00.702181101 CET	1236	IN	Data Raw: 62 f4 5e cf 4a d4 18 8d 16 78 cf 8b 68 02 54 d4 6c 01 4c 45 f0 43 91 3e 1c 5f c5 66 a9 5f 6c 06 42 3c 16 c2 9e 1e 88 17 e2 44 0d 4e 10 d4 e1 e7 43 8e a8 8c f4 26 1e 1c a1 2d a9 4f c1 ec c2 ed d0 aa 49 93 c0 d6 26 80 db 5f 7a 27 ec f9 df 9d f7 ea Data Ascii: b^JxhTlLEC>_f_lB<DNC&-OI&_z')?/p2X3aml_$>UPW>p>s@D4vi,~)p5F(WgX_h:#W({:?hyy@xLzJ-Ykv\|;Hu
Jan 12, 2025 01:34:00.702197075 CET	1236	IN	Data Raw: fa 80 48 c0 86 a2 39 d4 24 67 d0 cf 43 51 98 c5 a2 1c 1d 69 6c 44 21 00 46 22 1d 2a 82 41 c9 d8 90 2b c3 93 6a 10 74 dc 16 c3 13 0a 78 1b 7e 73 90 03 68 5a 2b 88 40 49 70 64 95 2f 84 be 5d 8b 0d f0 ac 02 6c 95 dd 1b f7 9d 53 82 87 fd e2 ec cc 2d Data Ascii: H9$gCQilD!F"A+jtx~shZ+@Ipd/]lS-nFt8=y;e/X'(-_/d_-6G+uhb2wr- WG^)z=I,"LZW@j36\DuhK<DwZ9(R$Y2]*NQ
Jan 12, 2025 01:34:00.702212095 CET	1236	IN	Data Raw: 35 ce 03 18 77 71 05 92 10 c0 07 11 c9 dd ec 88 55 6f 0a 92 83 fc aa f5 3c 81 c7 2a 77 f7 25 8a c8 72 2a a4 21 27 b8 85 01 d1 db 5e 04 14 dc f9 79 04 80 c4 2b 68 5a 36 82 c9 5b 80 d6 b0 51 33 18 24 89 59 42 0f 4c 9d 00 90 bd 85 24 8c 45 8a a2 3b Data Ascii: 5wqUo<w%r!'^y+hZ6[Q3$YBL$E;!,i#^"cA)g uC-p7OOYrP}l+xfEp@2Aip>:zN2Fmx2N<{ 3$mq"G-@)
Jan 12, 2025 01:34:00.702228069 CET	1236	IN	Data Raw: ad c0 ba e5 6c 10 12 88 09 bf f3 ed aa e7 7f 03 1a 77 b6 60 cf 87 a6 4d 88 de be 2e 4a 0b 13 58 f3 e1 63 a0 7a 4c f7 cd 81 56 83 db ae 81 c3 11 70 ac 1e ce b7 cc 5f 7e fd 70 39 e2 5f fc e2 e7 f0 d4 a7 5e 08 33 33 d3 5d 3d be ba b8 0a 67 fc ef e9 Data Ascii: lw`M.JXczLVp_~p9_^33]=g,/r=}J :XvwSF[^UoLBT.]arTiBZm[rJNOIcUQ1{<,/^J},mUCa""3
Jan 12, 2025 01:34:00.702241898 CET	328	IN	Data Raw: 3e c5 3d a0 42 6b 36 46 da 62 18 99 93 22 5d 30 58 80 38 27 80 cd 09 26 fa 2a 55 24 34 ff 3d d5 5a d0 1a df 0f 8d 85 26 5a b0 51 85 a8 5b 91 5b c4 a5 89 fe f6 3e d5 07 38 53 55 e7 03 43 30 01 e8 08 74 d2 32 53 79 78 23 4f a7 22 63 e2 e6 67 ad be Data Ascii: >=Bk6Fb"]0X8'&*U$4=Z&ZQ[[>8SUC0t2Syx#O"cgz<)hN@+D>}#P7]Gfq;i4JI`c{W$m&Xa4O=4+2y8pWgL_j&PRz9\|ka'BqG\MLR; w1H
Jan 12, 2025 01:34:00.702259064 CET	1236	IN	Data Raw: 10 70 46 fe fd 02 ab d3 88 7a 91 1f 00 ed c0 18 7a 45 c4 e2 d0 0d d8 24 a5 d2 01 ab 51 f6 a1 57 47 22 1b 20 ed 80 aa 81 a7 9d 5f 97 c6 13 18 7f c3 00 24 c3 98 57 ae 5a 70 c7 ef ae 87 74 ba bb ca d5 4b 5f fa 32 78 e7 3b df dd 03 9c 7b bb d9 81 b5 Data Ascii: pFzzE$QWG" _$WZptK_2x;{g<7#>gB^9zcWtg's\#T lb)m4>{RX=P=LCs*g_&Jj;x<!##aii)vRAOybg9)j!c$cK
Jan 12, 2025 01:34:00.706949949 CET	1236	IN	Data Raw: d8 85 bf b1 18 46 2e f2 b9 6a 69 e3 30 e0 de 9a 10 8c 82 c0 41 40 0b d4 90 30 3a e3 69 97 f8 83 cf 5a 31 10 41 dd ec 47 f1 d1 07 a1 0f 93 5b a4 44 8c 5e b2 46 bd d9 d3 36 41 73 c9 7e 31 ae 5c de 3e 0c b5 5f ad 32 80 33 6a 22 1c 69 67 4b 5c 3a 90 Data Ascii: F.ji0A@0:iZ1AG[D^F6As~1\>_23j"igK\:@]^p\|C/d7ZynHRr]l\|Q&@ #M^o]GuvNCG]oYwkz)g95d6bS*/Gc9,w-k
Jan 12, 2025 01:34:00.961020947 CET	410	OUT	GET /fmicode/myriad-set-pro_text.woff HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive Origin: http://www.www-support-com.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.www-support-com.info/fmicode/fonts.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.157876015 CET	515	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Jan 12, 2025 01:34:01.166502953 CET	409	OUT	GET /fmicode/myriad-set-pro_thin.ttf HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive Origin: http://www.www-support-com.info User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.www-support-com.info/fmicode/fonts.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.365113974 CET	515	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49752	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:00.963277102 CET	296	OUT	GET /fmicode/Ud0s6HE.png HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:01.621830940 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:01 GMT Server: Apache Last-Modified: Fri, 21 Jun 2024 04:00:48 GMT Accept-Ranges: bytes Content-Length: 50644 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1c 00 00 01 1c 08 06 00 00 00 15 f4 0b e0 00 00 c5 9b 49 44 41 54 78 da ec 7d 07 a0 1d 57 71 f6 cc de f6 fa 7b 7a ea 56 b3 dc 2b 06 63 c0 80 c1 06 62 4a 0a 86 04 f8 21 24 21 90 00 81 10 48 42 e8 81 84 00 09 81 50 42 e8 09 21 84 40 00 d3 4b 28 36 d8 31 c4 d8 c6 a6 ba 37 59 b2 64 f5 fe ea 2d 3b ff 39 7b 77 cf 99 99 73 ae de 95 2d db 4f d2 5d 58 4b 7a ef 96 bd 7b f7 7c 3b f3 cd cc f7 e1 ee dd 13 70 14 6c 43 66 5f 69 f6 65 f9 9f 0b cc 3e c6 fe 1c ca ff 2c 9b 7d c4 ec 35 b3 0f b0 e7 0f 9a bd ca fe 8d f9 e3 7b db d1 bb ed 31 3b b1 7f d7 cd 3e c9 fe 3d 65 f6 59 b3 ef 33 7b 33 7f fc 44 fe a7 dd 77 e7 fb 46 b3 6f c9 ff 3c ec 16 e3 d8 d8 e0 41 3d be 7c 04 5d 00 16 20 ce 30 fb 29 66 3f d9 ec 27 e5 fb 71 39 a0 f4 b6 de 76 48 d7 da fd f0 9a 16 70 ee 34 fb ad f9 7e 8b d9 6f 36 fb f5 39 80 1d f6 1b 1e c6 11 ce 5a b3 3f c1 ec 8f 35 fb 23 cd 7e aa d9 4b bd 75 d0 db 8e c0 ad 65 f6 9b cc 7e 8d d9 ff cf ec 3f 30 fb 5d 87 63 84 73 38 01 4e 9f d9 1f 6f f6 a7 9a fd [TRUNCATED] Data Ascii: PNGIHDRIDATx}Wq{zV+cbJ!$!HBPB!@K(617Yd-;9{ws-O]XKz{\|;plCf_ie>,}5{1;>=eY3{3DwFo<A=\|] 0)f?'q9vHp4~o69Z?5#~Kue~?0]cs8Noiy$zf0LpfKz[o}8.kUfozsl#mlef:_'''\|_bvrl9_6f5zZpCf]= 35\|l`RT\|8\|_{[o{P7/6yDEn~v{mm^mEGT^6kr%gtuommnH(_s.}V=pCh'mmc'kwzakEe]f#o05j_?/x7X;6"-[6w6m[}=wo{5uGGGV?}ll/^K.+VU`%.h`L?e~m3pM7F[~+~m~wV5kNN:'fSy)f8gB\}j2`
Jan 12, 2025 01:34:01.621937037 CET	224	IN	Data Raw: ea ab e0 27 3f b9 06 7e f9 cb 5f c0 6d b7 dd 0a cd 66 f3 b0 fa 1c e5 72 19 4e 3c f1 24 78 c8 43 ce 82 47 3c e2 91 f0 a8 47 9d 9b 01 51 a9 d4 53 8f 9d 07 9b 0d 75 1f 67 f6 5f 3d 18 80 63 db a1 af 82 b6 48 79 6f 7b 10 a2 97 ab ae ba ca 00 cc 8f e1 Data Ascii: '?~_mfrN<$xCG<GQSug_=cHyo{k1U#y4<<s{QYsh'My'\|%\|~Qy^dx.r?pwKD.WWe2
Jan 12, 2025 01:34:01.621947050 CET	1236	IN	Data Raw: 9b 05 9c 0b 2f 7c 0a 5c 74 d1 33 b3 14 2c 49 92 de 49 b9 ff 37 8b 01 af 79 20 00 c7 b2 d5 76 ee a2 57 62 b8 1f 36 5b 41 ba f6 da 6b e0 cb 5f fe 12 7c ed 6b 5f cd 2a 48 bd ad fb cd 56 c2 2e ba e8 19 f0 db bf fd 3b 70 ce 39 8f ec 55 c2 ee c7 4b d5 Data Ascii: /\|\t3,II7y vWb6[Ak_\|k_*HV.;p9UK4pbo\|?6mCXp'Nt:;/Z6=CY_\|S+,m~QcXx^OE=ny8Vb>9{8@
Jan 12, 2025 01:34:01.621957064 CET	1236	IN	Data Raw: bc 6a 25 0c 9e 6f 22 94 21 bd 78 f2 85 4a 26 82 99 30 00 b3 6f d0 fc d9 0f 89 49 8f 48 73 b2 a8 9e 83 2a 4f 12 00 81 7c b9 bb f0 86 30 8c 88 02 60 61 80 82 2c ad 42 0c 12 23 96 96 21 8f 7b 72 c0 0b 8f b5 f8 1d 99 28 a8 39 38 99 ed ad 81 29 f3 2b Data Ascii: j%o"!xJ&0oIHs*O\|0`a,B#!{r(98)+f40ql\|FCr`]ykm@g8m36+}$#wH^4Tc^>oTx,Ci (?_7$QB5q-BK(\|,<0X%zZ/
Jan 12, 2025 01:34:01.621969938 CET	1236	IN	Data Raw: be e0 f3 cc de 90 c2 9d 7f 76 c7 7d ea 64 ae 54 2a f0 e6 37 ff 2d bc e2 15 af 3c da 3b 95 27 cd be d8 80 ce 74 27 c0 f9 4d b3 7f e3 68 3d 3b bb 76 ed 82 97 bc e4 45 f0 fd ef 5f 7a af 5f a3 ba b4 0a c7 bf f7 24 18 7a 72 4d 4e 9f 99 eb ba b4 7b 10 Data Ascii: v}dT*7-<;'t'Mh=;vE_z_$zrMN{[d#o7y()P!AQTg@D\|JD(2,j.<wRKfW-Zx~-v.\x4of$<{Iqpug$@
Jan 12, 2025 01:34:01.621979952 CET	1236	IN	Data Raw: bb c1 44 38 67 70 c0 b1 ad 91 76 ec f9 88 96 11 fd ca 57 be 0c 2f 7b d9 8b 33 ee e6 60 b7 d5 6f 5c 0b 4b 5e 69 a2 97 0a 8b 76 26 6b 50 59 b7 08 12 5b 79 0a 5a ce b0 63 d9 57 f4 db 00 6b e2 c3 38 16 80 22 5e c3 1e 97 18 d0 69 6e 82 18 07 13 de e5 Data Ascii: D8gpvW/{3`o\K^iv&kPY[yZcWk8"^in}3Jqxq0AH2V7PPJH@)\|hFZ"l.-/#k~x813Ug`?`S6M]zKDD#H\~
Jan 12, 2025 01:34:01.621989965 CET	1236	IN	Data Raw: 7f 18 7e 11 f9 67 75 c5 3a 76 98 fc dc f3 fa 99 7f 1f 02 5e 9b 2b 4f 9b 14 6b d3 5a 28 cd 7a 07 c2 fe f3 2a f0 d0 6b 1e 0e 95 45 d5 83 ba 16 db 6a 05 6f 3d d2 00 e7 d8 02 70 46 e0 08 92 a3 78 df fb fe e9 a0 73 e1 81 93 06 e1 21 57 9c 09 d5 53 fc Data Ascii: ~gu:v^+OkZ(zkEjo=pFxs!WS5cCbq'L'e\|=8gNP&>SB"HmC>GFUcd<8TdqOt)ju*e$5Prk\|{]G6g]aOd
Jan 12, 2025 01:34:01.621999979 CET	1236	IN	Data Raw: b1 83 b4 85 8a 28 38 01 1b e4 21 79 d9 99 37 3a 8a 85 8d 72 7d f3 c8 4c 57 df 85 f9 1d af 46 91 2e d5 eb a1 77 5d 47 87 bc 27 c6 a3 1a a9 f7 13 50 23 9a 6a 78 1b 80 8e 70 f2 db 8a d7 9a f7 7c 94 40 3c 15 28 f1 91 d5 72 d2 4e a7 b2 48 06 83 d3 54 Data Ascii: (8!y7:r}LWF.w]G'P#jxp\|@<(rNHTk`M;V}`9ku{=h~m[y^W_}U=Jz}5v&IX9HPV}keJ<W.:ltQIqF\bPy1NoNdJ5#S@7
Jan 12, 2025 01:34:01.622010946 CET	776	IN	Data Raw: 00 62 05 e0 b1 6e d3 a1 12 40 b3 9c a7 49 a5 b6 30 3c 61 30 bc 8a 79 9a 45 25 73 26 4a 2d 93 82 b5 da 7f 9a 68 29 35 a9 59 96 8e e9 03 b4 cf 34 bf 6b 54 f6 43 73 a4 ed f3 8d e6 bd ac b6 4c 79 62 10 ca 53 03 3e f2 a3 82 8c f7 fd 3c a4 bd b9 48 79 Data Ascii: bn@I0<a0yE%s&J-h)5Y4kTCsLybS><Hy_qn79_LOYf`clqcqT ,\|;ilmpX5\|7x<gZ!lXObwH4^0tYL,z8
Jan 12, 2025 01:34:01.622023106 CET	1236	IN	Data Raw: 10 70 46 fe fd 02 ab d3 88 7a 91 1f 00 ed c0 18 7a 45 c4 e2 d0 0d d8 24 a5 d2 01 ab 51 f6 a1 57 47 22 1b 20 ed 80 aa 81 a7 9d 5f 97 c6 13 18 7f c3 00 24 c3 98 57 ae 5a 70 c7 ef ae 87 74 ba bb ca d5 4b 5f fa 32 78 e7 3b df dd 03 9c 7b bb d9 81 b5 Data Ascii: pFzzE$QWG" _$WZptK_2x;{g<7#>gB^9zcWtg's\#T lb)m4>{RX=P=LCs*g_&Jj;x<!##aii)vRAOybg9)j!c$cK
Jan 12, 2025 01:34:01.626916885 CET	1236	IN	Data Raw: d8 85 bf b1 18 46 2e f2 b9 6a 69 e3 30 e0 de 9a 10 8c 82 c0 41 40 0b d4 90 30 3a e3 69 97 f8 83 cf 5a 31 10 41 dd ec 47 f1 d1 07 a1 0f 93 5b a4 44 8c 5e b2 46 bd d9 d3 36 41 73 c9 7e 31 ae 5c de 3e 0c b5 5f ad 32 80 33 6a 22 1c 69 67 4b 5c 3a 90 Data Ascii: F.ji0A@0:iZ1AG[D^F6As~1\>_23j"igK\:@]^p\|C/d7ZynHRr]l\|Q&@ #M^o]GuvNCG]oYwkz)g95d6bS*/Gc9,w-k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49759	45.155.54.216	80	6460	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:34:01.702941895 CET	288	OUT	GET /favicon.ico HTTP/1.1 Host: www.www-support-com.info Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:34:02.451698065 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 00:34:02 GMT Server: Apache Last-Modified: Mon, 06 May 2024 17:18:10 GMT Accept-Ranges: bytes Content-Length: 9062 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: image/x-icon Data Raw: 00 00 01 00 04 00 20 20 00 00 01 00 08 00 a8 08 00 00 46 00 00 00 10 10 00 00 01 00 08 00 68 05 00 00 ee 08 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 56 0e 00 00 10 10 00 00 01 00 20 00 68 04 00 00 fe 1e 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 42 42 42 00 9e 9e 9e 00 72 72 72 00 ce ce ce 00 5a 5a 5a 00 b6 b6 b6 00 e6 e6 e6 00 92 92 92 00 4e 4e 4e 00 7e 7e 7e 00 66 66 66 00 aa aa aa 00 da da da 00 c2 c2 c2 00 f2 f2 f2 00 4a 4a 4a 00 a6 a6 a6 00 7a 7a 7a 00 62 62 62 00 56 56 56 00 86 86 86 00 6e 6e 6e 00 e2 e2 e2 00 ca ca ca 00 46 46 46 00 a2 a2 a2 00 76 76 76 00 d2 d2 d2 00 5e 5e 5e 00 ba ba ba 00 ea ea ea 00 9a 9a 9a 00 52 52 52 00 82 82 82 00 6a 6a 6a 00 ae ae ae 00 de de de 00 c6 c6 c6 00 f6 f6 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: Fh V h( @BBBrrrZZZNNN~~~fffJJJzzzbbbVVVnnnFFFvvv^^^RRRjjj
Jan 12, 2025 01:34:02.451802015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Jan 12, 2025 01:34:02.451838017 CET	1236	IN	Data Raw: fc 00 00 ff fc 00 00 ff fe 00 00 7f fe 00 00 3f ff 00 00 7f ff c1 c0 ff ff ff 1f ff ff ff 0f ff ff ff 07 ff ff ff 87 ff ff ff 87 ff ff ff e3 ff ff ff ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 00 Data Ascii: ?( FFFrrr^^^RRRjjjNNNzzzfffZZZJJJvvvbbbVVVnnn
Jan 12, 2025 01:34:02.451855898 CET	1236	IN	Data Raw: 21 21 20 0e 12 0a 0a 0a 0a 0a 0a 06 21 21 21 21 21 21 01 15 19 1e 1e 1e 1e 1e 1e 13 21 21 21 21 21 21 18 00 14 0a 02 02 1e 1e 1e 02 09 21 21 21 21 21 21 0a 00 14 19 19 19 0a 0a 0a 0a 21 21 21 21 21 21 1b 0c 08 1c 0b 18 0f 12 0a 0d 21 21 21 21 21 Data Ascii: !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!{??( @
Jan 12, 2025 01:34:02.451879978 CET	1236	IN	Data Raw: 61 61 61 ff 60 60 60 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 42 42 af 57 57 57 ff 61 61 61 ff 62 62 Data Ascii: aaa```pBBBWWWaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb``` :::0LLL^^^cccccccccccccccccccccccccccccc
Jan 12, 2025 01:34:02.451890945 CET	1236	IN	Data Raw: 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 70 70 70 ff 6a 6a 6a 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: pppppppppppppppppppppppppppppppppjjj0:::0DDD[[[mmmrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr===NNN
Jan 12, 2025 01:34:02.451901913 CET	776	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 40 40 30 44 44 44 cf 4d 4d 4d ff 59 59 59 ff 78 78 Data Ascii: @@@0DDDMMMYYYxxx1@@@`DDDEEE0
Jan 12, 2025 01:34:02.451913118 CET	776	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 40 40 30 44 44 44 cf 4d 4d 4d ff 59 59 59 ff 78 78 Data Ascii: @@@0DDDMMMYYYxxx1@@@`DDDEEE0
Jan 12, 2025 01:34:02.454988003 CET	1116	IN	Data Raw: 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 3[[[8PPP0===PPPP[[[\\\\\\\\\]]]\\\888 JJJ[[[

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:33:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 30 6f 38 71 45 64 56 6e 30 47 39 32 6c 57 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 66 32 35 37 66 31 33 62 34 39 39 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: S0o8qEdVn0G92lWz.1Context: d2b1f257f13b4998
2025-01-12 00:33:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:33:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 30 6f 38 71 45 64 56 6e 30 47 39 32 6c 57 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 66 32 35 37 66 31 33 62 34 39 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: S0o8qEdVn0G92lWz.2Context: d2b1f257f13b4998<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO
2025-01-12 00:33:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 53 30 6f 38 71 45 64 56 6e 30 47 39 32 6c 57 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 62 31 66 32 35 37 66 31 33 62 34 39 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: S0o8qEdVn0G92lWz.3Context: d2b1f257f13b4998<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:33:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:33:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 34 6a 47 47 41 63 70 33 53 55 57 7a 54 73 6d 78 55 49 47 30 77 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 4jGGAcp3SUWzTsmxUIG0wQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49762	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:34:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 4d 41 33 36 48 54 47 4f 45 69 74 46 34 46 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 38 61 32 37 64 31 66 31 30 64 33 30 62 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xMA36HTGOEitF4Fl.1Context: cc8a27d1f10d30bb
2025-01-12 00:34:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:34:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 4d 41 33 36 48 54 47 4f 45 69 74 46 34 46 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 38 61 32 37 64 31 66 31 30 64 33 30 62 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xMA36HTGOEitF4Fl.2Context: cc8a27d1f10d30bb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO
2025-01-12 00:34:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 4d 41 33 36 48 54 47 4f 45 69 74 46 34 46 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 38 61 32 37 64 31 66 31 30 64 33 30 62 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xMA36HTGOEitF4Fl.3Context: cc8a27d1f10d30bb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:34:03 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:34:03 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 4f 72 47 46 76 39 33 77 55 79 61 6d 4b 4c 50 75 47 58 65 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bOrGFv93wUyamKLPuGXelA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49861	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:34:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 4e 48 72 2f 31 48 37 69 6b 47 66 6f 71 45 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 65 63 64 35 62 35 30 34 62 33 30 35 39 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: qNHr/1H7ikGfoqEQ.1Context: f1ecd5b504b30598
2025-01-12 00:34:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:34:17 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 71 4e 48 72 2f 31 48 37 69 6b 47 66 6f 71 45 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 65 63 64 35 62 35 30 34 62 33 30 35 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: qNHr/1H7ikGfoqEQ.2Context: f1ecd5b504b30598<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO
2025-01-12 00:34:17 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 4e 48 72 2f 31 48 37 69 6b 47 66 6f 71 45 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 65 63 64 35 62 35 30 34 62 33 30 35 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: qNHr/1H7ikGfoqEQ.3Context: f1ecd5b504b30598<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:34:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:34:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 75 46 7a 57 2b 2b 78 47 55 6d 46 42 4d 67 73 41 6a 61 6e 4b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uuFzW++xGUmFBMgsAjanKg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49951	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:34:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 4e 36 73 2f 30 35 64 65 30 53 34 74 37 4f 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 61 37 39 62 61 30 61 61 38 36 61 30 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vN6s/05de0S4t7O0.1Context: 9ca79ba0aa86a038
2025-01-12 00:34:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:34:32 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 4e 36 73 2f 30 35 64 65 30 53 34 74 37 4f 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 61 37 39 62 61 30 61 61 38 36 61 30 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vN6s/05de0S4t7O0.2Context: 9ca79ba0aa86a038<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO
2025-01-12 00:34:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 4e 36 73 2f 30 35 64 65 30 53 34 74 37 4f 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 61 37 39 62 61 30 61 61 38 36 61 30 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vN6s/05de0S4t7O0.3Context: 9ca79ba0aa86a038<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:34:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:34:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 33 73 6c 42 5a 73 72 48 55 53 7a 6c 4b 49 5a 78 43 46 73 30 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: r3slBZsrHUSzlKIZxCFs0g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	50002	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:34:51 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 6e 72 57 66 58 65 43 5a 30 79 76 33 5a 66 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 33 63 65 32 66 63 38 37 34 65 66 33 64 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: TnrWfXeCZ0yv3Zf8.1Context: fb3ce2fc874ef3d9
2025-01-12 00:34:51 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:34:51 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 6e 72 57 66 58 65 43 5a 30 79 76 33 5a 66 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 33 63 65 32 66 63 38 37 34 65 66 33 64 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TnrWfXeCZ0yv3Zf8.2Context: fb3ce2fc874ef3d9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO
2025-01-12 00:34:51 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 6e 72 57 66 58 65 43 5a 30 79 76 33 5a 66 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 62 33 63 65 32 66 63 38 37 34 65 66 33 64 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: TnrWfXeCZ0yv3Zf8.3Context: fb3ce2fc874ef3d9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:34:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:34:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 64 79 59 79 6e 2b 67 44 30 75 44 48 68 66 2f 69 45 6c 45 77 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TdyYyn+gD0uDHhf/iElEwQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	50005	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:35:13 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 65 47 77 78 54 58 4b 72 6f 55 32 50 43 70 73 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 34 63 63 64 36 31 34 61 65 65 33 34 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: eGwxTXKroU2PCpsr.1Context: 6f4ccd614aee345
2025-01-12 00:35:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-12 00:35:13 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 65 47 77 78 54 58 4b 72 6f 55 32 50 43 70 73 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 34 63 63 64 36 31 34 61 65 65 33 34 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 49 53 50 32 4f 38 4e 4b 7a 30 76 34 44 34 55 58 43 52 68 54 57 61 57 41 65 69 79 51 6c 70 65 41 67 67 51 6a 45 2f 2f 66 71 73 64 6d 71 66 7a 59 30 64 58 43 47 61 70 52 43 4d 55 38 70 62 66 4c 47 41 53 50 72 45 64 33 4d 36 57 48 46 4f 61 7a 38 4d 77 44 36 2b 47 4e 59 4d 6a 71 77 2f 6d 4a 66 46 50 4f 6c 46 67 38 4e 68 6d 4f 38 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: eGwxTXKroU2PCpsr.2Context: 6f4ccd614aee345<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaISP2O8NKz0v4D4UXCRhTWaWAeiyQlpeAggQjE//fqsdmqfzY0dXCGapRCMU8pbfLGASPrEd3M6WHFOaz8MwD6+GNYMjqw/mJfFPOlFg8NhmO8
2025-01-12 00:35:13 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 65 47 77 78 54 58 4b 72 6f 55 32 50 43 70 73 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 34 63 63 64 36 31 34 61 65 65 33 34 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: eGwxTXKroU2PCpsr.3Context: 6f4ccd614aee345<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-12 00:35:13 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-12 00:35:13 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 41 4f 69 61 47 39 66 4d 52 30 2b 6e 78 39 6d 6b 56 59 2f 35 76 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: AOiaG9fMR0+nx9mkVY/5vQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4980, Parent PID: 4024

General

Target ID:	1
Start time:	19:33:47
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6460, Parent PID: 4980

General

Target ID:	3
Start time:	19:33:50
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2224,i,945947796152859022,129455820092391326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2872, Parent PID: 4024

General

Target ID:	4
Start time:	19:33:58
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.www-support-com.info/fmicode/code.php"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.www-support-com.info/fmicode/code.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
http://www.www-support-com.info/fmicode/code.php