Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://chanf-trojan.pages.dev/

Overview

General Information

Sample URL:http://chanf-trojan.pages.dev/
Analysis ID:1502064
Infos:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected BlockedWebSite

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 4512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2000,i,10204124167721552774,6881573130457901008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 1488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://chanf-trojan.pages.dev/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_42JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: http://chanf-trojan.pages.dev/Avira URL Cloud: detection malicious, Label: phishing
      Antivirus detection for URL or domain
      Source: https://chanf-trojan.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637Avira URL Cloud: Label: phishing
      Source: https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.cssAvira URL Cloud: Label: phishing
      Source: https://chanf-trojan.pages.dev/favicon.icoAvira URL Cloud: Label: phishing

      Phishing

      barindex
      Yara detected BlockedWebSite
      Source: Yara matchFile source: 0.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_42, type: DROPPED
      Source: https://chanf-trojan.pages.dev/HTTP Parser: No favicon
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49745 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: chanf-trojan.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: chanf-trojan.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://chanf-trojan.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: chanf-trojan.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: chanf-trojan.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://chanf-trojan.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: chanf-trojan.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficDNS traffic detected: DNS query: chanf-trojan.pages.dev
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
      Source: unknownHTTP traffic detected: POST /report/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 433Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 30 Aug 2024 22:39:24 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 21Connection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bb846cf2a1043a7-EWRalt-svc: h3=":443"; ma=86400
      Source: chromecache_42.2.drString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
      Source: chromecache_42.2.drString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49745 version: TLS 1.2
      Source: classification engineClassification label: mal64.phis.win@17/9@10/8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2000,i,10204124167721552774,6881573130457901008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://chanf-trojan.pages.dev/"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2000,i,10204124167721552774,6881573130457901008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
      Process Injection      		1
      Process Injection      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      http://chanf-trojan.pages.dev/100%Avira URL Cloudphishing

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://www.cloudflare.com/learning/access-management/phishing-attack/0%Avira URL Cloudsafe
      https://chanf-trojan.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637100%Avira URL Cloudphishing
      https://a.nel.cloudflare.com/report/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ0%Avira URL Cloudsafe
      https://www.cloudflare.com/5xx-error-landing0%Avira URL Cloudsafe
      https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.css100%Avira URL Cloudphishing
      https://chanf-trojan.pages.dev/favicon.ico100%Avira URL Cloudphishing

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		unknown
        www.google.com
        		142.250.185.100
        		truefalse
          		unknown
          chanf-trojan.pages.dev
          		188.114.96.3
          		truefalse
            		unknown
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://chanf-trojan.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637false
              • Avira URL Cloud: phishing
              		unknown
              https://a.nel.cloudflare.com/report/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJfalse
              • Avira URL Cloud: safe
              		unknown
              https://chanf-trojan.pages.dev/false
                		unknown
                https://chanf-trojan.pages.dev/favicon.icofalse
                • Avira URL Cloud: phishing
                		unknown
                https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.cssfalse
                • Avira URL Cloud: phishing
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.cloudflare.com/learning/access-management/phishing-attack/chromecache_42.2.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.cloudflare.com/5xx-error-landingchromecache_42.2.drfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.185.100
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                188.114.97.3
                		unknownEuropean Union
                		13335CLOUDFLARENETUSfalse
                188.114.96.3
                		chanf-trojan.pages.devEuropean Union
                		13335CLOUDFLARENETUSfalse
                35.190.80.1
                		a.nel.cloudflare.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.8
                192.168.2.6
                192.168.2.11

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1502064
                Start date and time:2024-08-31 00:38:23 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 3m 12s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://chanf-trojan.pages.dev/
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:6
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal64.phis.win@17/9@10/8
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0

                Warnings

                • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.142, 74.125.133.84, 34.104.35.123, 52.165.165.26, 192.229.221.95, 52.165.164.15, 93.184.221.240, 20.3.187.198, 2.19.126.137, 2.19.126.163, 142.250.184.227
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: http://chanf-trojan.pages.dev/

                Simulations

                Behavior and APIs

                No simulations

                LLM Input / Output

                InputOutput
                URL: https://chanf-trojan.pages.dev/ Model: jbxai
                {
"brand":["Cloudfare"],
"contains_trigger_text":true,
"prominent_button_name":"Learn More",
"text_input_field_labels":["Your IP: Click to reveal"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                Chrome Cache Entry: 39

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                Category:downloaded
                Size (bytes):452
                Entropy (8bit):7.0936408308765495
                Encrypted:false
                SSDEEP:12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
                MD5:C33DE66281E933259772399D10A6AFE8
                SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                Malicious:false
                Reputation:low
                URL:https://chanf-trojan.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
                Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                Chrome Cache Entry: 40

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (24050)
                Category:downloaded
                Size (bytes):24051
                Entropy (8bit):4.941039417164537
                Encrypted:false
                SSDEEP:192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
                MD5:5E8C69A459A691B5D1B9BE442332C87D
                SHA1:F24DD1AD7C9080575D92A9A9A2C42620725EF836
                SHA-256:84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
                SHA-512:6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
                Malicious:false
                Reputation:low
                URL:https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.css
                Preview:#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

                Chrome Cache Entry: 41

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                Category:dropped
                Size (bytes):452
                Entropy (8bit):7.0936408308765495
                Encrypted:false
                SSDEEP:12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
                MD5:C33DE66281E933259772399D10A6AFE8
                SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                Malicious:false
                Reputation:low
                Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                Chrome Cache Entry: 42

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (394)
                Category:downloaded
                Size (bytes):4394
                Entropy (8bit):5.085818411863047
                Encrypted:false
                SSDEEP:96:1j9jwIjYjUDK/D5DMF+BOis8EA2ZLimGrR49PaQxJbGD:1j9jhjYjIK/Vo+ts8IZOmGrO9ieJGD
                MD5:93F57A0F7A89270FDAFB0426C3C2C10B
                SHA1:280E1FAAD2D21EFBE68427984A0F2F9FE004FFBD
                SHA-256:E0C0A2E261B03263EAD1DD16FE7E7076915E5F8086C7CC8C75E2012422A913CF
                SHA-512:5C3DD0ACEC2EC05906A6BB2441D5833D28A539EB424FBBBCDBC2E6653C1B678CCC995B860E6E95CFEFE8EBE08CBBC882671631B4E774DA157D529D13AEAD8544
                Malicious:false
                Reputation:low
                URL:https://chanf-trojan.pages.dev/
                Preview:<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site | Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

                Chrome Cache Entry: 43

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):21
                Entropy (8bit):3.6537567082870015
                Encrypted:false
                SSDEEP:3:q9eRSKXB2:qRKXU
                MD5:A748F015A147B38B970B032FEE628BD1
                SHA1:9C9D3888E8C37CDE1323BDCE2DA361D9B6E23B30
                SHA-256:8B6825C0699B382A7A2A21B76B5FB925C91C50D02AD6163AB617915AB022DB08
                SHA-512:4ACF528C2C98F0A4FE0638E2681017F4630AC4421AF398C1F5D2F080D18EB6B95525BF3B7EB565E8A90F83D19C5B6B331429557570F54F1750EFD4079624115F
                Malicious:false
                Reputation:low
                URL:https://chanf-trojan.pages.dev/favicon.ico
                Preview:Incorrect password!!!

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 31, 2024 00:39:11.072597980 CEST49673443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:11.072634935 CEST49674443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:11.400768995 CEST49672443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:16.728360891 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:16.728409052 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:16.728491068 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:16.851996899 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:16.852027893 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:17.879203081 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:17.879312992 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.147277117 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.147301912 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.147631884 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.197575092 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.270243883 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.296582937 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.296597958 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.296722889 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.340502977 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.474765062 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.474905014 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.474978924 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.475119114 CEST49710443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.475136042 CEST4434971040.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.633929014 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.633959055 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:18.634053946 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.634613037 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:18.634624958 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.421577930 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.421684027 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.459094048 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.459114075 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.459379911 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.513412952 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.726262093 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.726391077 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.726401091 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.726521969 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.768506050 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.939568043 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.939697027 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:19.939850092 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.952250004 CEST49711443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:19.952270985 CEST4434971140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:20.726903915 CEST49674443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:20.730921984 CEST49673443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:21.129041910 CEST49672443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:21.260612011 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.260649920 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.261049032 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.261234045 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.261250973 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.725505114 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.725809097 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.725822926 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.726900101 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.726973057 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.728204012 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.728269100 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.728413105 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.728427887 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.823040962 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.861648083 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861700058 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861747980 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861780882 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.861785889 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861795902 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861871958 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.861892939 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.865279913 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.913772106 CEST49717443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.913800955 CEST44349717188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.915380001 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.915407896 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:21.915466070 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.916351080 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:21.916362047 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.375705004 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.376034975 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.376049995 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.376383066 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.376782894 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.376882076 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.376967907 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.420502901 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505172968 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505230904 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505259037 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505285978 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505312920 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505321980 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.505345106 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.505394936 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.505394936 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.505403042 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.509877920 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.509922981 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.509958982 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.509979010 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.509987116 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.510062933 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.510143042 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.510206938 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.510212898 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.558440924 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.592447996 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592545986 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592576981 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592648029 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.592659950 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592756987 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.592799902 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592914104 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.592978001 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.593175888 CEST49718443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.593202114 CEST44349718188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.601584911 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.601619959 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.601701021 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.603491068 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:22.603502989 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:22.669434071 CEST44349705173.222.162.64192.168.2.6
                Aug 31, 2024 00:39:22.669558048 CEST49705443192.168.2.6173.222.162.64
                Aug 31, 2024 00:39:23.081171989 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.121355057 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.311587095 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.311610937 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.312143087 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.313133955 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.313220024 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.313676119 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.360496044 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.416666031 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.416743994 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.416806936 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.427828074 CEST49721443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.427855968 CEST44349721188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.448736906 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.448782921 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.448884010 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.449469090 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.449481010 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.467825890 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:23.467854977 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:23.467916965 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:23.468523979 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:23.468538046 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:23.485349894 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.485373974 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.485435963 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.485881090 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.485893965 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.940185070 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.940630913 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.940642118 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.940978050 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.942051888 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.942122936 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:23.942400932 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:23.951103926 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.982166052 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.982186079 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.983386040 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.983472109 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.984257936 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.984329939 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.984649897 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:23.984658957 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:23.988503933 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:24.033788919 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:24.085066080 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:24.085141897 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:24.085236073 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:24.088716030 CEST49724443192.168.2.6188.114.97.3
                Aug 31, 2024 00:39:24.088738918 CEST44349724188.114.97.3192.168.2.6
                Aug 31, 2024 00:39:24.104569912 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:24.104631901 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:24.104790926 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:24.108026028 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:24.108246088 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:24.108258963 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:24.109357119 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:24.109440088 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:24.111304998 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:24.111373901 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:24.116606951 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.116646051 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.116708040 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.117038012 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.117049932 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.117311954 CEST49722443192.168.2.6188.114.96.3
                Aug 31, 2024 00:39:24.117341042 CEST44349722188.114.96.3192.168.2.6
                Aug 31, 2024 00:39:24.165292025 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:24.165308952 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:24.211965084 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:24.585794926 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.586242914 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.586268902 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.587476015 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.587552071 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.650441885 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:24.650463104 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:24.650624037 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:24.652693987 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:24.652705908 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:24.954488039 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:24.954736948 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:24.954854965 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.000499010 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.008852005 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.008873940 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.055730104 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.078315020 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.078437090 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.078499079 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.079157114 CEST49725443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.079174042 CEST4434972535.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.080871105 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.080913067 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.080996037 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.081470013 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.081482887 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.291999102 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:25.292087078 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:25.318586111 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:25.318598986 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:25.318861008 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:25.368225098 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:25.556183100 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.602601051 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.616774082 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.616781950 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.617264032 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.666331053 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.673161030 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.673305988 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.679790974 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.724498987 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.809662104 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.809731007 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:25.809835911 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.831682920 CEST49729443192.168.2.635.190.80.1
                Aug 31, 2024 00:39:25.831696987 CEST4434972935.190.80.1192.168.2.6
                Aug 31, 2024 00:39:26.041739941 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.084506035 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.226768017 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.226833105 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.226888895 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.227550030 CEST49728443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.227566957 CEST44349728184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.289016962 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.289057970 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.289134026 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.293104887 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.293121099 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.938184977 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.938287973 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.941649914 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.941663027 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.941937923 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:26.951186895 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:26.992506981 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:27.216134071 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:27.216264009 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:27.216327906 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:27.218600035 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:27.218600035 CEST49730443192.168.2.6184.28.90.27
                Aug 31, 2024 00:39:27.218610048 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:27.218620062 CEST44349730184.28.90.27192.168.2.6
                Aug 31, 2024 00:39:27.586858034 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:27.586894989 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:27.587045908 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:27.588460922 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:27.588486910 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.373444080 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.373557091 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.423041105 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.423063040 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.423353910 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.426264048 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.426318884 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.426323891 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.426496029 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.472510099 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.605334044 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.605485916 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:28.605571985 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.679867029 CEST49731443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:28.679891109 CEST4434973140.115.3.253192.168.2.6
                Aug 31, 2024 00:39:31.199987888 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:31.200042009 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:31.200107098 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:31.200695038 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:31.200710058 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.019093990 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.019172907 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.021161079 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.021176100 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.021452904 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.022701025 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.022753954 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.022761106 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.022846937 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.064503908 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.198677063 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.198772907 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:32.198827982 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.198956013 CEST49732443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:32.198965073 CEST4434973240.115.3.253192.168.2.6
                Aug 31, 2024 00:39:34.065210104 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:34.065267086 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:34.065515995 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:34.275830984 CEST49723443192.168.2.6142.250.185.100
                Aug 31, 2024 00:39:34.275857925 CEST44349723142.250.185.100192.168.2.6
                Aug 31, 2024 00:39:42.038633108 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.038686991 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.038969040 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.039887905 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.039913893 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.852153063 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.852232933 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.855756998 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.855762005 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.856055975 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.857712030 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.857790947 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.857795000 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:42.858046055 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:42.904495955 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:43.040316105 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:43.040523052 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:43.040582895 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:43.041462898 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:43.041487932 CEST4434973740.115.3.253192.168.2.6
                Aug 31, 2024 00:39:43.041501999 CEST49737443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.061041117 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.061110973 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.061188936 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.061903000 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.061922073 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.857008934 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.857105970 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.866275072 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.866306067 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.866695881 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.869971991 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.870230913 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.870235920 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:54.870690107 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:54.912503958 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:55.175916910 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:55.175997972 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:55.176105022 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:55.176393032 CEST49738443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:55.176413059 CEST4434973840.115.3.253192.168.2.6
                Aug 31, 2024 00:39:56.526076078 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:56.526135921 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:56.526271105 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:56.527221918 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:56.527241945 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.326741934 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.326821089 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.329420090 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.329431057 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.329694033 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.332887888 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.333213091 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.333219051 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.333475113 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.380511999 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.514085054 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.514370918 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:39:57.514477968 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.514801979 CEST49739443192.168.2.640.115.3.253
                Aug 31, 2024 00:39:57.514822960 CEST4434973940.115.3.253192.168.2.6
                Aug 31, 2024 00:40:02.505584002 CEST8049704178.79.238.0192.168.2.6
                Aug 31, 2024 00:40:02.505721092 CEST4970480192.168.2.6178.79.238.0
                Aug 31, 2024 00:40:02.505844116 CEST4970480192.168.2.6178.79.238.0
                Aug 31, 2024 00:40:02.510615110 CEST8049704178.79.238.0192.168.2.6
                Aug 31, 2024 00:40:15.581756115 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:15.581799030 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:15.581865072 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:15.582523108 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:15.582532883 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.393757105 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.393887997 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.397145033 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.397171974 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.397464991 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.399254084 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.399585962 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.399597883 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.399739981 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.444500923 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.579560041 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.579749107 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:16.579799891 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.580229044 CEST49741443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:16.580256939 CEST4434974140.115.3.253192.168.2.6
                Aug 31, 2024 00:40:19.284301043 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:19.284358025 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:19.284440994 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:19.285550117 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:19.285571098 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:20.998724937 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:20.998809099 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.001091003 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.001101971 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.001351118 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.003320932 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.003474951 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.003480911 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.007512093 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.048504114 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.180000067 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.180083036 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:21.180193901 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.180732965 CEST49743443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:21.180752039 CEST4434974340.115.3.253192.168.2.6
                Aug 31, 2024 00:40:23.504600048 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:23.504652023 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:23.504733086 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:23.505392075 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:23.505410910 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:24.156270027 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:24.156696081 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:24.156719923 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:24.157120943 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:24.157468081 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:24.157547951 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:24.196899891 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:34.075139999 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:34.075218916 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:34.075388908 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:34.277684927 CEST49744443192.168.2.6142.250.185.100
                Aug 31, 2024 00:40:34.277725935 CEST44349744142.250.185.100192.168.2.6
                Aug 31, 2024 00:40:38.345586061 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:38.345601082 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:38.345710039 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:38.347212076 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:38.347222090 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.141030073 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.141118050 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.144208908 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.144229889 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.144568920 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.147953987 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.148003101 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.148009062 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.148222923 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.188513994 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.320977926 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.321079969 CEST4434974540.115.3.253192.168.2.6
                Aug 31, 2024 00:40:39.321134090 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.321608067 CEST49745443192.168.2.640.115.3.253
                Aug 31, 2024 00:40:39.321630001 CEST4434974540.115.3.253192.168.2.6

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 31, 2024 00:39:19.327411890 CEST53630671.1.1.1192.168.2.6
                Aug 31, 2024 00:39:19.666696072 CEST53609511.1.1.1192.168.2.6
                Aug 31, 2024 00:39:20.846329927 CEST53574981.1.1.1192.168.2.6
                Aug 31, 2024 00:39:21.223907948 CEST6270453192.168.2.61.1.1.1
                Aug 31, 2024 00:39:21.224282026 CEST5188753192.168.2.61.1.1.1
                Aug 31, 2024 00:39:21.244726896 CEST53627041.1.1.1192.168.2.6
                Aug 31, 2024 00:39:21.244946003 CEST53518871.1.1.1192.168.2.6
                Aug 31, 2024 00:39:21.248239040 CEST5544853192.168.2.61.1.1.1
                Aug 31, 2024 00:39:21.248399973 CEST5681853192.168.2.61.1.1.1
                Aug 31, 2024 00:39:21.260004044 CEST53554481.1.1.1192.168.2.6
                Aug 31, 2024 00:39:21.260019064 CEST53568181.1.1.1192.168.2.6
                Aug 31, 2024 00:39:23.454190016 CEST5479153192.168.2.61.1.1.1
                Aug 31, 2024 00:39:23.455034971 CEST5881253192.168.2.61.1.1.1
                Aug 31, 2024 00:39:23.463105917 CEST53547911.1.1.1192.168.2.6
                Aug 31, 2024 00:39:23.463912010 CEST53588121.1.1.1192.168.2.6
                Aug 31, 2024 00:39:23.470001936 CEST5710753192.168.2.61.1.1.1
                Aug 31, 2024 00:39:23.470630884 CEST5429653192.168.2.61.1.1.1
                Aug 31, 2024 00:39:23.482414961 CEST53571071.1.1.1192.168.2.6
                Aug 31, 2024 00:39:23.484435081 CEST53542961.1.1.1192.168.2.6
                Aug 31, 2024 00:39:24.107223988 CEST6410653192.168.2.61.1.1.1
                Aug 31, 2024 00:39:24.107877016 CEST5475853192.168.2.61.1.1.1
                Aug 31, 2024 00:39:24.114480972 CEST53641061.1.1.1192.168.2.6
                Aug 31, 2024 00:39:24.114739895 CEST53547581.1.1.1192.168.2.6
                Aug 31, 2024 00:39:38.211843967 CEST53570801.1.1.1192.168.2.6
                Aug 31, 2024 00:39:57.073957920 CEST53561021.1.1.1192.168.2.6
                Aug 31, 2024 00:40:18.982872009 CEST53536851.1.1.1192.168.2.6
                Aug 31, 2024 00:40:20.824533939 CEST53507171.1.1.1192.168.2.6

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Aug 31, 2024 00:39:21.223907948 CEST192.168.2.61.1.1.10x5912Standard query (0)chanf-trojan.pages.devA (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.224282026 CEST192.168.2.61.1.1.10x58d7Standard query (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:21.248239040 CEST192.168.2.61.1.1.10x4dbaStandard query (0)chanf-trojan.pages.devA (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.248399973 CEST192.168.2.61.1.1.10xac8cStandard query (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:23.454190016 CEST192.168.2.61.1.1.10x2c42Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:23.455034971 CEST192.168.2.61.1.1.10x9419Standard query (0)www.google.com65IN (0x0001)false
                Aug 31, 2024 00:39:23.470001936 CEST192.168.2.61.1.1.10xc742Standard query (0)chanf-trojan.pages.devA (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:23.470630884 CEST192.168.2.61.1.1.10xf1eaStandard query (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:24.107223988 CEST192.168.2.61.1.1.10xab83Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:24.107877016 CEST192.168.2.61.1.1.10x5816Standard query (0)a.nel.cloudflare.com65IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Aug 31, 2024 00:39:21.244726896 CEST1.1.1.1192.168.2.60x5912No error (0)chanf-trojan.pages.dev188.114.96.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.244726896 CEST1.1.1.1192.168.2.60x5912No error (0)chanf-trojan.pages.dev188.114.97.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.244946003 CEST1.1.1.1192.168.2.60x58d7No error (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:21.260004044 CEST1.1.1.1192.168.2.60x4dbaNo error (0)chanf-trojan.pages.dev188.114.96.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.260004044 CEST1.1.1.1192.168.2.60x4dbaNo error (0)chanf-trojan.pages.dev188.114.97.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:21.260019064 CEST1.1.1.1192.168.2.60xac8cNo error (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:23.463105917 CEST1.1.1.1192.168.2.60x2c42No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:23.463912010 CEST1.1.1.1192.168.2.60x9419No error (0)www.google.com65IN (0x0001)false
                Aug 31, 2024 00:39:23.482414961 CEST1.1.1.1192.168.2.60xc742No error (0)chanf-trojan.pages.dev188.114.97.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:23.482414961 CEST1.1.1.1192.168.2.60xc742No error (0)chanf-trojan.pages.dev188.114.96.3A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:23.484435081 CEST1.1.1.1192.168.2.60xf1eaNo error (0)chanf-trojan.pages.dev65IN (0x0001)false
                Aug 31, 2024 00:39:24.114480972 CEST1.1.1.1192.168.2.60xab83No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                Aug 31, 2024 00:39:31.831017017 CEST1.1.1.1192.168.2.60x6410No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                Aug 31, 2024 00:39:31.831017017 CEST1.1.1.1192.168.2.60x6410No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • chanf-trojan.pages.dev
                • https:
                • a.nel.cloudflare.com
                • fs.microsoft.com

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination Port
                0192.168.2.64970940.113.110.67443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 47 33 52 6a 54 78 6a 4c 6b 61 64 70 32 50 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 37 31 61 36 66 66 32 66 65 39 33 36 32 30 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: TG3RjTxjLkadp2PG.1Context: 5971a6ff2fe93620
                2024-08-30 22:39:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:09 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 47 33 52 6a 54 78 6a 4c 6b 61 64 70 32 50 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 37 31 61 36 66 66 32 66 65 39 33 36 32 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TG3RjTxjLkadp2PG.2Context: 5971a6ff2fe93620<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:09 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 54 47 33 52 6a 54 78 6a 4c 6b 61 64 70 32 50 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 37 31 61 36 66 66 32 66 65 39 33 36 32 30 0d 0a 0d 0a
                Data Ascii: BND 3 CON\QOS 56MS-CV: TG3RjTxjLkadp2PG.3Context: 5971a6ff2fe93620
                2024-08-30 22:39:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 70 67 72 52 33 65 73 35 75 6b 57 35 64 6a 4e 73 43 4a 47 2f 50 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: pgrR3es5ukW5djNsCJG/Pw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                1192.168.2.64971040.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:18 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 79 45 4e 6e 76 75 47 5a 6b 43 76 30 52 76 74 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 63 35 31 34 62 66 30 32 63 37 39 61 37 34 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: MyENnvuGZkCv0Rvt.1Context: e9c514bf02c79a74
                2024-08-30 22:39:18 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:18 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 79 45 4e 6e 76 75 47 5a 6b 43 76 30 52 76 74 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 63 35 31 34 62 66 30 32 63 37 39 61 37 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MyENnvuGZkCv0Rvt.2Context: e9c514bf02c79a74<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:18 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4d 79 45 4e 6e 76 75 47 5a 6b 43 76 30 52 76 74 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 63 35 31 34 62 66 30 32 63 37 39 61 37 34 0d 0a 0d 0a
                Data Ascii: BND 3 CON\QOS 56MS-CV: MyENnvuGZkCv0Rvt.3Context: e9c514bf02c79a74
                2024-08-30 22:39:18 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:18 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 31 71 4e 67 61 4f 37 30 6b 79 52 39 51 69 67 37 72 38 4b 43 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: 81qNgaO70kyR9Qig7r8KCg.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                2192.168.2.64971140.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:19 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 35 45 52 44 57 58 50 71 55 61 63 2b 4a 67 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 33 35 35 31 63 64 64 36 39 38 63 39 36 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: 15ERDWXPqUac+Jg8.1Context: b053551cdd698c96
                2024-08-30 22:39:19 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:19 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 31 35 45 52 44 57 58 50 71 55 61 63 2b 4a 67 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 33 35 35 31 63 64 64 36 39 38 63 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 15ERDWXPqUac+Jg8.2Context: b053551cdd698c96<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:19 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 35 45 52 44 57 58 50 71 55 61 63 2b 4a 67 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 35 33 35 35 31 63 64 64 36 39 38 63 39 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: 15ERDWXPqUac+Jg8.3Context: b053551cdd698c96<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:39:19 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:19 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 6a 64 76 49 4d 6b 48 6a 45 65 70 52 75 4b 48 6b 35 53 2f 44 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: KjdvIMkHjEepRuKHk5S/DQ.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                3192.168.2.649717188.114.96.34434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:21 UTC665OUTGET / HTTP/1.1
                Host: chanf-trojan.pages.dev
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:21 UTC551INHTTP/1.1 200 OK
                Date: Fri, 30 Aug 2024 22:39:21 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                X-Frame-Options: SAMEORIGIN
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3TxTSGpfR1K1TYDzBFy1fQca0SWYTU6rPKxp7oW58HewmOJV8e4vQe6sqrSOi8y22%2F%2Bi3LcocnqMxStVXMlGaMPAW3VeTCP0aAtHtrb6Y3m4iRQMppnjd7lh1idTiqnudVnGsQQCDoHl"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                Server: cloudflare
                CF-RAY: 8bb846c15d6c7c96-EWR
                2024-08-30 22:39:21 UTC818INData Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                2024-08-30 22:39:21 UTC1369INData Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b
                Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
                2024-08-30 22:39:21 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 33 53 5a 5a 64 4a 37 63 63 69 31 59 49 51 4a 79 4b 6c 79 68 41 46 4c 62 61 79 62 31 59 39 47 6b 47 38 4e 4e 64 79 64 66 6a 74 6b 2d 31 37 32 35 30 35 37 35 36 31 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65
                Data Ascii: <input type="hidden" name="atok" value="3SZZdJ7cci1YIQJyKlyhAFLbayb1Y9GkG8NNdydfjtk-1725057561-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style
                2024-08-30 22:39:21 UTC846INData Raw: 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 3e 3c 2f
                Data Ascii: idden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></
                2024-08-30 22:39:21 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                4192.168.2.649718188.114.96.34434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:22 UTC571OUTGET /cdn-cgi/styles/cf.errors.css HTTP/1.1
                Host: chanf-trojan.pages.dev
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: text/css,*/*;q=0.1
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: style
                Referer: https://chanf-trojan.pages.dev/
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:22 UTC411INHTTP/1.1 200 OK
                Date: Fri, 30 Aug 2024 22:39:22 GMT
                Content-Type: text/css
                Content-Length: 24051
                Connection: close
                Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT
                ETag: "66ce249e-5df3"
                Server: cloudflare
                CF-RAY: 8bb846c55b014273-EWR
                X-Frame-Options: DENY
                X-Content-Type-Options: nosniff
                Expires: Sat, 31 Aug 2024 00:39:22 GMT
                Cache-Control: max-age=7200
                Cache-Control: public
                Accept-Ranges: bytes
                2024-08-30 22:39:22 UTC958INData Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70
                Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
                2024-08-30 22:39:22 UTC1369INData Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f
                Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
                2024-08-30 22:39:22 UTC1369INData Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d
                Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
                2024-08-30 22:39:22 UTC1369INData Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69
                Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
                2024-08-30 22:39:22 UTC1369INData Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73
                Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
                2024-08-30 22:39:22 UTC1369INData Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65
                Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
                2024-08-30 22:39:22 UTC1369INData Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c
                Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
                2024-08-30 22:39:22 UTC1369INData Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23
                Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
                2024-08-30 22:39:22 UTC1369INData Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e
                Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
                2024-08-30 22:39:22 UTC1369INData Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e
                Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                5192.168.2.649721188.114.96.34434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:23 UTC663OUTGET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
                Host: chanf-trojan.pages.dev
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://chanf-trojan.pages.dev/cdn-cgi/styles/cf.errors.css
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:23 UTC409INHTTP/1.1 200 OK
                Date: Fri, 30 Aug 2024 22:39:23 GMT
                Content-Type: image/png
                Content-Length: 452
                Connection: close
                Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT
                ETag: "66ce249e-1c4"
                Server: cloudflare
                CF-RAY: 8bb846cb0fc4c439-EWR
                X-Frame-Options: DENY
                X-Content-Type-Options: nosniff
                Expires: Sat, 31 Aug 2024 00:39:23 GMT
                Cache-Control: max-age=7200
                Cache-Control: public
                Accept-Ranges: bytes
                2024-08-30 22:39:23 UTC452INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65
                Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~|:t5mfpi/e%%nPe


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                6192.168.2.649722188.114.96.34434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:23 UTC600OUTGET /favicon.ico HTTP/1.1
                Host: chanf-trojan.pages.dev
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://chanf-trojan.pages.dev/
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:24 UTC555INHTTP/1.1 404 Not Found
                Date: Fri, 30 Aug 2024 22:39:24 GMT
                Content-Type: text/plain;charset=UTF-8
                Content-Length: 21
                Connection: close
                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ"}],"group":"cf-nel","max_age":604800}
                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                Server: cloudflare
                CF-RAY: 8bb846cf2a1043a7-EWR
                alt-svc: h3=":443"; ma=86400
                2024-08-30 22:39:24 UTC21INData Raw: 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 21 21 21
                Data Ascii: Incorrect password!!!


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                7192.168.2.649724188.114.97.34434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:23 UTC392OUTGET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
                Host: chanf-trojan.pages.dev
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: */*
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:24 UTC409INHTTP/1.1 200 OK
                Date: Fri, 30 Aug 2024 22:39:24 GMT
                Content-Type: image/png
                Content-Length: 452
                Connection: close
                Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT
                ETag: "66ce249e-1c4"
                Server: cloudflare
                CF-RAY: 8bb846cf3c9e0c9e-EWR
                X-Frame-Options: DENY
                X-Content-Type-Options: nosniff
                Expires: Sat, 31 Aug 2024 00:39:24 GMT
                Cache-Control: max-age=7200
                Cache-Control: public
                Accept-Ranges: bytes
                2024-08-30 22:39:24 UTC452INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65
                Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~|:t5mfpi/e%%nPe


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                8192.168.2.64972535.190.80.14434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:24 UTC551OUTOPTIONS /report/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ HTTP/1.1
                Host: a.nel.cloudflare.com
                Connection: keep-alive
                Origin: https://chanf-trojan.pages.dev
                Access-Control-Request-Method: POST
                Access-Control-Request-Headers: content-type
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:25 UTC336INHTTP/1.1 200 OK
                Content-Length: 0
                access-control-max-age: 86400
                access-control-allow-methods: OPTIONS, POST
                access-control-allow-origin: *
                access-control-allow-headers: content-type, content-length
                date: Fri, 30 Aug 2024 22:39:24 GMT
                Via: 1.1 google
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Connection: close


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                9192.168.2.64972935.190.80.14434512C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:25 UTC486OUTPOST /report/v4?s=2jSR0XqSZPyoCV9lR1JTYyxNdq2yp1vzdZk%2BQxYlKPhG70PPrazhsVr98S3P7rnkm8grudyBkesrs1LHugy6by%2F5DatK4H%2BRfwKogTe8QscKui5j5p7J3HgCcP%2BNNPb5ARA9o94YghnJ HTTP/1.1
                Host: a.nel.cloudflare.com
                Connection: keep-alive
                Content-Length: 433
                Content-Type: application/reports+json
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-08-30 22:39:25 UTC433OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 35 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 68 61 6e 66 2d 74 72 6f 6a 61 6e 2e 70 61 67 65 73 2e 64 65 76 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22
                Data Ascii: [{"age":0,"body":{"elapsed_time":659,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://chanf-trojan.pages.dev/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","
                2024-08-30 22:39:25 UTC168INHTTP/1.1 200 OK
                Content-Length: 0
                date: Fri, 30 Aug 2024 22:39:25 GMT
                Via: 1.1 google
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Connection: close


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                10192.168.2.649728184.28.90.27443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:26 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-08-30 22:39:26 UTC466INHTTP/1.1 200 OK
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                Content-Type: application/octet-stream
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (lpl/EF06)
                X-CID: 11
                X-Ms-ApiVersion: Distribute 1.2
                X-Ms-Region: prod-weu-z1
                Cache-Control: public, max-age=39447
                Date: Fri, 30 Aug 2024 22:39:26 GMT
                Connection: close
                X-CID: 2


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                11192.168.2.649730184.28.90.27443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:26 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                Range: bytes=0-2147483646
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-08-30 22:39:27 UTC514INHTTP/1.1 200 OK
                ApiVersion: Distribute 1.1
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                Content-Type: application/octet-stream
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (lpl/EF06)
                X-CID: 11
                X-Ms-ApiVersion: Distribute 1.2
                X-Ms-Region: prod-weu-z1
                Cache-Control: public, max-age=39399
                Date: Fri, 30 Aug 2024 22:39:27 GMT
                Content-Length: 55
                Connection: close
                X-CID: 2
                2024-08-30 22:39:27 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                Session IDSource IPSource PortDestination IPDestination Port
                12192.168.2.64973140.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 70 43 66 72 42 62 5a 55 45 79 6a 4b 73 58 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 31 62 38 61 66 33 63 33 63 66 30 31 63 34 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: bpCfrBbZUEyjKsXD.1Context: fe1b8af3c3cf01c4
                2024-08-30 22:39:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 70 43 66 72 42 62 5a 55 45 79 6a 4b 73 58 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 31 62 38 61 66 33 63 33 63 66 30 31 63 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bpCfrBbZUEyjKsXD.2Context: fe1b8af3c3cf01c4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:28 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 70 43 66 72 42 62 5a 55 45 79 6a 4b 73 58 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 31 62 38 61 66 33 63 33 63 66 30 31 63 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: bpCfrBbZUEyjKsXD.3Context: fe1b8af3c3cf01c4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:39:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 39 48 4d 4c 2f 2b 49 65 69 45 69 79 6f 52 36 77 69 42 47 66 75 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: 9HML/+IeiEiyoR6wiBGfuQ.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                13192.168.2.64973240.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:32 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 67 6c 58 64 70 66 59 70 6b 43 59 34 33 70 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 35 30 31 63 64 32 36 36 63 62 31 34 62 66 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: zglXdpfYpkCY43pR.1Context: 29501cd266cb14bf
                2024-08-30 22:39:32 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:32 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 67 6c 58 64 70 66 59 70 6b 43 59 34 33 70 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 35 30 31 63 64 32 36 36 63 62 31 34 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zglXdpfYpkCY43pR.2Context: 29501cd266cb14bf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:32 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 7a 67 6c 58 64 70 66 59 70 6b 43 59 34 33 70 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 39 35 30 31 63 64 32 36 36 63 62 31 34 62 66 0d 0a 0d 0a
                Data Ascii: BND 3 CON\QOS 56MS-CV: zglXdpfYpkCY43pR.3Context: 29501cd266cb14bf
                2024-08-30 22:39:32 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:32 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4d 72 61 61 75 53 65 32 37 30 71 42 53 74 58 50 64 69 50 71 44 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: MraauSe270qBStXPdiPqDg.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                14192.168.2.64973740.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:42 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 45 2f 64 6b 6b 4e 34 35 6b 61 71 2f 70 6b 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 32 61 62 37 63 62 33 66 63 65 35 31 30 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: 3E/dkkN45kaq/pkA.1Context: 3ae2ab7cb3fce510
                2024-08-30 22:39:42 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:42 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 45 2f 64 6b 6b 4e 34 35 6b 61 71 2f 70 6b 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 32 61 62 37 63 62 33 66 63 65 35 31 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 3E/dkkN45kaq/pkA.2Context: 3ae2ab7cb3fce510<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:42 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 45 2f 64 6b 6b 4e 34 35 6b 61 71 2f 70 6b 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 32 61 62 37 63 62 33 66 63 65 35 31 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: 3E/dkkN45kaq/pkA.3Context: 3ae2ab7cb3fce510<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:39:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 41 35 6d 54 38 6a 7a 4e 4c 30 57 55 78 45 79 71 4b 31 72 47 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: A5mT8jzNL0WUxEyqK1rGOw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                15192.168.2.64973840.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:54 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 49 74 41 42 67 55 32 50 6b 75 36 2f 46 54 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 64 33 36 64 31 31 30 37 31 37 37 62 35 65 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: sItABgU2Pku6/FT7.1Context: 19d36d1107177b5e
                2024-08-30 22:39:54 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:54 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 49 74 41 42 67 55 32 50 6b 75 36 2f 46 54 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 64 33 36 64 31 31 30 37 31 37 37 62 35 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: sItABgU2Pku6/FT7.2Context: 19d36d1107177b5e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:54 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 49 74 41 42 67 55 32 50 6b 75 36 2f 46 54 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 64 33 36 64 31 31 30 37 31 37 37 62 35 65 0d 0a 0d 0a
                Data Ascii: BND 3 CON\QOS 56MS-CV: sItABgU2Pku6/FT7.3Context: 19d36d1107177b5e
                2024-08-30 22:39:55 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:55 UTC58INData Raw: 4d 53 2d 43 56 3a 20 56 4a 58 62 59 73 6b 6d 31 55 79 72 75 4f 57 64 2b 6b 66 41 6c 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: VJXbYskm1UyruOWd+kfAlw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                16192.168.2.64973940.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:39:57 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 31 4c 45 57 74 69 57 63 30 6d 6a 43 5a 65 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 65 33 63 38 62 33 35 66 37 64 31 32 62 35 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: l1LEWtiWc0mjCZeG.1Context: 82e3c8b35f7d12b5
                2024-08-30 22:39:57 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:39:57 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 31 4c 45 57 74 69 57 63 30 6d 6a 43 5a 65 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 65 33 63 38 62 33 35 66 37 64 31 32 62 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: l1LEWtiWc0mjCZeG.2Context: 82e3c8b35f7d12b5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:39:57 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 31 4c 45 57 74 69 57 63 30 6d 6a 43 5a 65 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 65 33 63 38 62 33 35 66 37 64 31 32 62 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: l1LEWtiWc0mjCZeG.3Context: 82e3c8b35f7d12b5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:39:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:39:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 4f 64 39 65 6d 53 57 55 6b 69 30 72 47 59 7a 2b 48 71 6b 50 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: DOd9emSWUki0rGYz+HqkPw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                17192.168.2.64974140.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:40:16 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 57 77 43 6f 30 62 70 41 71 6b 43 46 58 70 69 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 32 39 63 36 38 63 37 66 33 63 66 34 32 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 304MS-CV: WwCo0bpAqkCFXpiY.1Context: 8729c68c7f3cf42
                2024-08-30 22:40:16 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:40:16 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 57 77 43 6f 30 62 70 41 71 6b 43 46 58 70 69 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 32 39 63 36 38 63 37 66 33 63 66 34 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d 6b
                Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: WwCo0bpAqkCFXpiY.2Context: 8729c68c7f3cf42<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAMk
                2024-08-30 22:40:16 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 57 77 43 6f 30 62 70 41 71 6b 43 46 58 70 69 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 32 39 63 36 38 63 37 66 33 63 66 34 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 196MS-CV: WwCo0bpAqkCFXpiY.3Context: 8729c68c7f3cf42<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:40:16 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:40:16 UTC58INData Raw: 4d 53 2d 43 56 3a 20 41 73 2b 37 50 74 6b 6c 34 45 75 44 59 66 64 64 62 4c 74 59 5a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: As+7Ptkl4EuDYfddbLtYZQ.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                18192.168.2.64974340.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:40:20 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 43 77 66 64 51 46 64 36 48 45 47 49 55 44 37 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 66 36 66 35 32 64 64 37 39 37 62 36 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 304MS-CV: CwfdQFd6HEGIUD74.1Context: 3a9f6f52dd797b6
                2024-08-30 22:40:20 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:40:20 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 43 77 66 64 51 46 64 36 48 45 47 49 55 44 37 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 66 36 66 35 32 64 64 37 39 37 62 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d 6b
                Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: CwfdQFd6HEGIUD74.2Context: 3a9f6f52dd797b6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAMk
                2024-08-30 22:40:21 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 43 77 66 64 51 46 64 36 48 45 47 49 55 44 37 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 39 66 36 66 35 32 64 64 37 39 37 62 36 0d 0a 0d 0a
                Data Ascii: BND 3 CON\QOS 55MS-CV: CwfdQFd6HEGIUD74.3Context: 3a9f6f52dd797b6
                2024-08-30 22:40:21 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:40:21 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 32 43 45 57 75 32 79 79 55 36 72 38 63 57 50 6f 57 42 71 75 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: L2CEWu2yyU6r8cWPoWBquQ.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                19192.168.2.64974540.115.3.253443
                TimestampBytes transferredDirectionData
                2024-08-30 22:40:39 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 59 48 38 43 4c 61 77 73 45 36 70 53 2f 58 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 35 30 33 35 39 31 64 65 61 35 39 62 63 65 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: JYH8CLawsE6pS/Xx.1Context: d2503591dea59bce
                2024-08-30 22:40:39 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2024-08-30 22:40:39 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 59 48 38 43 4c 61 77 73 45 36 70 53 2f 58 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 35 30 33 35 39 31 64 65 61 35 39 62 63 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 34 57 39 39 6d 6c 4a 78 54 2f 63 75 53 4a 4d 72 32 41 70 48 36 6e 79 71 53 51 4d 51 66 51 49 2f 57 61 62 51 75 6d 74 51 70 79 41 74 4d 6c 68 68 64 4b 2f 6c 47 38 42 63 6d 50 34 71 44 7a 6f 37 31 52 72 55 5a 6c 39 65 6d 44 36 32 6b 4b 52 51 49 72 4d 4b 41 45 5a 59 52 75 50 52 6b 35 6c 51 38 4f 48 6b 61 56 31 55 78 7a 41 4d
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: JYH8CLawsE6pS/Xx.2Context: d2503591dea59bce<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAa4W99mlJxT/cuSJMr2ApH6nyqSQMQfQI/WabQumtQpyAtMlhhdK/lG8BcmP4qDzo71RrUZl9emD62kKRQIrMKAEZYRuPRk5lQ8OHkaV1UxzAM
                2024-08-30 22:40:39 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 59 48 38 43 4c 61 77 73 45 36 70 53 2f 58 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 35 30 33 35 39 31 64 65 61 35 39 62 63 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: JYH8CLawsE6pS/Xx.3Context: d2503591dea59bce<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2024-08-30 22:40:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2024-08-30 22:40:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 58 72 4d 34 78 53 56 67 55 4f 76 4b 72 2f 51 6b 44 34 7a 31 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: /XrM4xSVgUOvKr/QkD4z1g.0Payload parsing failed.


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:18:39:14
                Start date:30/08/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:2
                Start time:18:39:17
                Start date:30/08/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2000,i,10204124167721552774,6881573130457901008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:3
                Start time:18:39:20
                Start date:30/08/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://chanf-trojan.pages.dev/"
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                Disassembly

                No disassembly