Edit tour

Windows Analysis Report
https://ubschf.com/de/receive/79469380

Overview

General Information

Sample URL:	https://ubschf.com/de/receive/79469380
Analysis ID:	1521297
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected BlockedWebSite

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2240,i,309238538998812656,16953579315401975955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ubschf.com/de/receive/79469380" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_44	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 431Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 28 Sep 2024 05:25:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: ExpressX-Robots-Tag: noindex, nofollow, noarchiveCF-Cache-Status: BYPASSSet-Cookie: connect.sid=s%3A%23Europe898177747.Wj%2BaxRhqv9VQHH866ajeFTi36dG0GeIThwIaOd%2BsBko; Path=/; Expires=Sun, 29 Sep 2024 05:25:23 GMT; HttpOnlyReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8ca15000fa006a50-EWR

Source: chromecache_40.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Source: chromecache_40.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.13.1/umd/react-dom.production.min.js
Source: chromecache_40.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react/16.13.1/umd/react.production.min.js
Source: chromecache_40.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/styled-components/3.2.1/styled-components.min.js
Source: chromecache_40.2.dr	String found in binary or memory: https://codepen.io/jh3y/pen/BaNOJWK
Source: chromecache_40.2.dr	String found in binary or memory: https://cpwebassets.codepen.io/assets/common/stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd3
Source: chromecache_40.2.dr	String found in binary or memory: https://cpwebassets.codepen.io/assets/editor/iframe/iframeRefreshCSS-44fe83e49b63affec96918c9af88c0d
Source: chromecache_40.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: chromecache_44.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_44.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@16/9@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2240,i,309238538998812656,16953579315401975955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ubschf.com/de/receive/79469380"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2240,i,309238538998812656,16953579315401975955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ubschf.com/de/receive/79469380	100%	SlashNext	Fraudulent Website type: Phishing & Social usering

Name	IP	Active	Malicious	Reputation
ubschf.com	188.114.97.3	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.185.100	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://ubschf.com/cdn-cgi/styles/cf.errors.css	false	unknown
https://ubschf.com/cdn-cgi/images/icon-exclamation.png?1376755637	false	unknown
https://a.nel.cloudflare.com/report/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb	false	unknown
https://ubschf.com/de/receive/79469380	true	unknown
https://ubschf.com/favicon.ico	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_44.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.13.1/umd/react-dom.production.min.js	chromecache_40.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/styled-components/3.2.1/styled-components.min.js	chromecache_40.2.dr	false	unknown
https://cpwebassets.codepen.io/assets/common/stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd3	chromecache_40.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css	chromecache_40.2.dr	false	unknown
https://cpwebassets.codepen.io/assets/editor/iframe/iframeRefreshCSS-44fe83e49b63affec96918c9af88c0d	chromecache_40.2.dr	false	unknown
https://codepen.io/jh3y/pen/BaNOJWK	chromecache_40.2.dr	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/react/16.13.1/umd/react.production.min.js	chromecache_40.2.dr	false	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_44.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	ubschf.com	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521297
Start date and time:	2024-09-28 07:24:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ubschf.com/de/receive/79469380
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/9@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.181.238, 66.102.1.84, 34.104.35.123, 192.229.221.95, 93.184.221.240, 142.250.186.67
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ubschf.com/de/receive/79469380

Input	Output
URL: https://ubschf.com/de/receive/79469380 Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ubschf.com/de/receive/79469380 Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Learn More", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (932)
Category:	downloaded
Size (bytes):	34168
Entropy (8bit):	4.835240009298136
Encrypted:	false
SSDEEP:	768:XmTnwqwASs7fMYAPCWlRUH3KOILOPaPgBmXFQyL:WTnwqwAh7EYAPHlRUHaOIiio/yL
MD5:	14F28C62B9E716557953470F78F41656
SHA1:	3F517C0576FBF66D3AA74EFD29BB99124539599A
SHA-256:	01C9CA3599777CE5D4225F84BF1A21C31102E1D8B038C25308C689CA54114A66
SHA-512:	850BD678E98766F60A1AD226B2CB4F25B2D9FD3D07E7157DB590E6285E24D6A26E0CB61B450561C39724BF1294156D0F4310DB021FA8391E47A8612154D279C3
Malicious:	false
Reputation:	low
URL:	https://ubschf.com/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en" style="--X: 0.3613569321533924; --Y: -0.11776061776061775;">.<head>. <meta charset="UTF-8">.. <script src="https://cpwebassets.codepen.io/assets/common/stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd302503391ca806e7fcc7b9b87197aec26.js"></script>... <title>404</title>.. <link rel="canonical" href="https://codepen.io/jh3y/pen/BaNOJWK">.. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css">... <style>. @import url("https://fonts.googleapis.com/css?family=Roboto+Mono&display=swap");.. * {. box-sizing: border-box;. }.. :root {. --light: 5;. }.. body {. background: hsl(0, 0%, calc(var(--light) * 1%));. font-family: 'Roboto Mono', monospace;. }.. @media (prefers-color-scheme: dark) {. :root {. --light: 5;. }. }.. @media (prefers-color-sc

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://ubschf.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://ubschf.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4413
Entropy (8bit):	5.090620414699022
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisIdcA2ZLimOrR49PaQxJbGD:1j9jhjYjIK/Vo+tsIdQZOmOrO9ieJGD
MD5:	1A597A1AD5758E63EBB941143ADC85F1
SHA1:	3A7F428D16EEAC5E8B8014431238E7D66710FED6
SHA-256:	71A85D11759E024168A621DF87809F56D04FE4F1CDB7870E2DB53C48B54E1C56
SHA-512:	7B259436B02AEE2ED11C152A724DE39E0D0CB2860944B593D8B6CA735D55480BFF8F05E615C926DA293244D624F1C1530FF1819019C44DB2771EB5ABA34AC3B8
Malicious:	false
Reputation:	low
URL:	https://ubschf.com/de/receive/79469380
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 07:25:12.972124100 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:12.972124100 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:13.300214052 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:19.149322033 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.149357080 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.149594069 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.150135040 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.150146961 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.941301107 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.941430092 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.946398020 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.946417093 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.946695089 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.948487043 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.948546886 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.948555946 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:19.948693037 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:19.991401911 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:20.120095968 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:20.120346069 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:20.120405912 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:20.120651960 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:20.120671034 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:20.656429052 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.656485081 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:20.656657934 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.656730890 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.656790972 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:20.656850100 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.656964064 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.656977892 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:20.657119989 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:20.657135010 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.138060093 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.138339043 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.138365984 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.139342070 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.139405012 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.140093088 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.140419960 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.140444040 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.141917944 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.141979933 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.148590088 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.148771048 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.149127007 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.149307966 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.149594069 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.149605036 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.189773083 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.190074921 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.190098047 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.238122940 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.274859905 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.274931908 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.274967909 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.274997950 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.275002003 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.275024891 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.275051117 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.275132895 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.275188923 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.276019096 CEST	49717	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.276036978 CEST	443	49717	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.289505005 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.335408926 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389751911 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389796972 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389821053 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389844894 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389868975 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389890909 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389908075 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.389918089 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389930010 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.389972925 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.389972925 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.390110970 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.394496918 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.394517899 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.394690037 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.394706964 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.394762039 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.480180025 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480227947 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480247974 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480267048 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480288982 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480309010 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.480317116 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480329037 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480355024 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.480355024 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.480426073 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.480499029 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.481327057 CEST	49716	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.481358051 CEST	443	49716	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.486932039 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.486972094 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.487040997 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.487476110 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.487490892 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.945419073 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.973917961 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:21.973964930 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:21.974674940 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.002069950 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.002269030 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.032615900 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.079406023 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.130103111 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.130192041 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.130249977 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.134462118 CEST	49720	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.134491920 CEST	443	49720	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.159559965 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.159641981 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.159706116 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.165847063 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.165870905 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.197380066 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.197422981 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.197489023 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.198007107 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.198024035 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.438705921 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.438774109 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.438839912 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.439362049 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.439378023 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.579377890 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:22.579377890 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:22.618227959 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.618751049 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.618788004 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.619085073 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.619647980 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.619724989 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.619985104 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:22.667422056 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:22.855601072 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.856189966 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.856216908 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.857871056 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.857939959 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.860117912 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.860207081 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.901436090 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.901936054 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.901962996 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.903624058 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.903687954 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.905910015 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.905993938 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.906172037 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906178951 CEST	443	49724	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.906254053 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906269073 CEST	49724	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906532049 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906579018 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.906634092 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906882048 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:22.906898022 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:22.907500029 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:22.907517910 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:22.907541990 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:22.954372883 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:23.244292021 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:23.244335890 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:23.244438887 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:23.246062994 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:23.246093988 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:23.338790894 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.338834047 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.338865042 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.338893890 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.338931084 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.338968039 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.339001894 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.339521885 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.339596987 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.339621067 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.339622974 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.339633942 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.340354919 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.340363979 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.344050884 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.344408989 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.344427109 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.363867998 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.364262104 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.364284992 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.365760088 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.365874052 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.366189957 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.366285086 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.366636992 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.366645098 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.391904116 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.423182011 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.424753904 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.424851894 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.424887896 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.424913883 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.424932957 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.424945116 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.424968004 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425009966 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.425060987 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.425775051 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425806999 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425868034 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425885916 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425903082 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.425911903 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.425928116 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.426075935 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.426700115 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.426801920 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.428587914 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.428587914 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.497831106 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.497920990 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.498547077 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.498709917 CEST	49725	443	192.168.2.6	188.114.96.3
Sep 28, 2024 07:25:23.498727083 CEST	443	49725	188.114.96.3	192.168.2.6
Sep 28, 2024 07:25:23.526743889 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:23.526768923 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:23.526896000 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:23.528429985 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:23.528440952 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:23.735697985 CEST	49722	443	192.168.2.6	188.114.97.3
Sep 28, 2024 07:25:23.735733032 CEST	443	49722	188.114.97.3	192.168.2.6
Sep 28, 2024 07:25:23.893271923 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:23.893449068 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:23.922816038 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:23.922835112 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:23.923985004 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:23.970046997 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.014534950 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.021143913 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.021974087 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.021987915 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.023026943 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.023139000 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.026618004 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.026694059 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.027103901 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.027116060 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.067399025 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.079372883 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.155157089 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.155406952 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.155464888 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.156276941 CEST	49727	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.156297922 CEST	443	49727	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.157283068 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.157319069 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.157388926 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.169053078 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.169068098 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.206329107 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.206392050 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.206439972 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.436676025 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.436714888 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.627062082 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.634999037 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.635011911 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.635354996 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.639847040 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.640049934 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.640511036 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.643757105 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.643785000 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.643860102 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.644865036 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:24.644875050 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:24.683406115 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.686681032 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 28, 2024 07:25:24.686813116 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 28, 2024 07:25:24.768079996 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.768264055 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:24.768320084 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.770540953 CEST	49728	443	192.168.2.6	35.190.80.1
Sep 28, 2024 07:25:24.770550966 CEST	443	49728	35.190.80.1	192.168.2.6
Sep 28, 2024 07:25:25.278748989 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.278831005 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.280350924 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.280359983 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.280597925 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.281801939 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.327408075 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.554392099 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.554454088 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.554548979 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.556257963 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.556283951 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:25.556293964 CEST	49729	443	192.168.2.6	184.28.90.27
Sep 28, 2024 07:25:25.556298971 CEST	443	49729	184.28.90.27	192.168.2.6
Sep 28, 2024 07:25:26.920573950 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:26.920624018 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:26.920697927 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:26.921946049 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:26.921961069 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.704488039 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.704607964 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.770271063 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.770303011 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.771251917 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.773066998 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.773129940 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.773137093 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.773293018 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.815411091 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.944025040 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.944164991 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:27.944247007 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.944654942 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:27.944674015 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:32.745475054 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:32.745672941 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:32.745738029 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:32.904124022 CEST	49723	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:25:32.904161930 CEST	443	49723	142.250.185.100	192.168.2.6
Sep 28, 2024 07:25:33.139769077 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.139847994 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:33.139997005 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.141184092 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.141216993 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:33.842175961 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:33.842272997 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.843996048 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.844026089 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:33.844614029 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:33.884624958 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:33.960288048 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.007406950 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187400103 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187460899 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187482119 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187520981 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187555075 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.187562943 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187614918 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187649012 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.187649012 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.187680006 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.187715054 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187788010 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.187802076 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187926054 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.187988043 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.199831009 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.199850082 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:34.199865103 CEST	49731	443	192.168.2.6	52.165.165.26
Sep 28, 2024 07:25:34.199872017 CEST	443	49731	52.165.165.26	192.168.2.6
Sep 28, 2024 07:25:38.870605946 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:38.870651960 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:38.870734930 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:38.871344090 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:38.871361017 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.670576096 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.670744896 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.679719925 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.679788113 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.680116892 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.682895899 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.683135986 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.683147907 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.683451891 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.731393099 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.854887962 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.855142117 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.856503010 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.856503010 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:39.856559038 CEST	443	49734	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:39.856627941 CEST	49734	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:56.808274984 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:56.808337927 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:56.808443069 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:56.809248924 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:56.809267044 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.603008032 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.603135109 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.617849112 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.617897987 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.618783951 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.621759892 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.621836901 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.621845007 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.622016907 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.667412996 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.793680906 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.793991089 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.794076920 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.794403076 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:25:57.794431925 CEST	443	49735	40.113.110.67	192.168.2.6
Sep 28, 2024 07:25:57.794450045 CEST	49735	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:10.595340967 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:10.595372915 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:10.595469952 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:10.595951080 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:10.595967054 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.398767948 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.398839951 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.400470018 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.400482893 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.400825024 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.409599066 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.451406002 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739571095 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739608049 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739655018 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739690065 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.739696980 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739748001 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739753008 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.739804029 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.739804029 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.739809990 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.739897013 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.740487099 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.740560055 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.740605116 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.744570017 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.744570017 CEST	49736	443	192.168.2.6	4.175.87.197
Sep 28, 2024 07:26:11.744585037 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:11.744594097 CEST	443	49736	4.175.87.197	192.168.2.6
Sep 28, 2024 07:26:18.751533985 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:18.751602888 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:18.751698971 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:18.752335072 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:18.752347946 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.552423954 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.552525997 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.554471016 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.554491043 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.555306911 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.557265043 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.557377100 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.557389021 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.557574034 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.603401899 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.729182959 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.729290962 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:19.729350090 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.729492903 CEST	49738	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:19.729517937 CEST	443	49738	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:22.246061087 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:22.246165037 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.246232033 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:22.246999025 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:22.247025967 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.902580023 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.902904987 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:22.902945995 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.904162884 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.904691935 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:22.904959917 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:22.955200911 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:32.815504074 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:32.815686941 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:32.815773010 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:32.899950027 CEST	49739	443	192.168.2.6	142.250.185.100
Sep 28, 2024 07:26:32.899981976 CEST	443	49739	142.250.185.100	192.168.2.6
Sep 28, 2024 07:26:46.557482958 CEST	49740	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:46.557523966 CEST	443	49740	40.113.110.67	192.168.2.6
Sep 28, 2024 07:26:46.557691097 CEST	49740	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:46.558263063 CEST	49740	443	192.168.2.6	40.113.110.67
Sep 28, 2024 07:26:46.558278084 CEST	443	49740	40.113.110.67	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 07:25:18.561687946 CEST	53	61540	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:18.721112013 CEST	53	61446	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:19.718489885 CEST	53	59686	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:20.601572037 CEST	58770	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:20.601703882 CEST	63366	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:20.636495113 CEST	53	58770	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:20.844242096 CEST	53	63366	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:22.185302019 CEST	63909	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:22.185770035 CEST	49866	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:22.187112093 CEST	56837	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:22.187602043 CEST	50520	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:22.195800066 CEST	53	50520	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:22.195818901 CEST	53	56837	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:22.431859970 CEST	53	63909	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:22.436553001 CEST	53	49866	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:23.517988920 CEST	58888	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:23.517988920 CEST	55609	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:25:23.525613070 CEST	53	58888	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:23.525639057 CEST	53	55609	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:36.791532993 CEST	53	59724	1.1.1.1	192.168.2.6
Sep 28, 2024 07:25:55.666528940 CEST	53	62445	1.1.1.1	192.168.2.6
Sep 28, 2024 07:26:18.006403923 CEST	53	53319	1.1.1.1	192.168.2.6
Sep 28, 2024 07:26:18.666627884 CEST	53	53249	1.1.1.1	192.168.2.6
Sep 28, 2024 07:26:22.236527920 CEST	51050	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:26:22.236970901 CEST	56370	53	192.168.2.6	1.1.1.1
Sep 28, 2024 07:26:22.243555069 CEST	53	51050	1.1.1.1	192.168.2.6
Sep 28, 2024 07:26:22.243830919 CEST	53	56370	1.1.1.1	192.168.2.6
Sep 28, 2024 07:26:45.588402987 CEST	53	65146	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 07:25:20.847155094 CEST	192.168.2.6	1.1.1.1	c276	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 07:25:20.601572037 CEST	192.168.2.6	1.1.1.1	0xe945	Standard query (0)	ubschf.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:20.601703882 CEST	192.168.2.6	1.1.1.1	0xfea6	Standard query (0)	ubschf.com	65	IN (0x0001)	false
Sep 28, 2024 07:25:22.185302019 CEST	192.168.2.6	1.1.1.1	0xd8cd	Standard query (0)	ubschf.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:22.185770035 CEST	192.168.2.6	1.1.1.1	0xba1b	Standard query (0)	ubschf.com	65	IN (0x0001)	false
Sep 28, 2024 07:25:22.187112093 CEST	192.168.2.6	1.1.1.1	0x280c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:22.187602043 CEST	192.168.2.6	1.1.1.1	0x196d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 07:25:23.517988920 CEST	192.168.2.6	1.1.1.1	0x9b5f	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:23.517988920 CEST	192.168.2.6	1.1.1.1	0xa025	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Sep 28, 2024 07:26:22.236527920 CEST	192.168.2.6	1.1.1.1	0xd99b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:26:22.236970901 CEST	192.168.2.6	1.1.1.1	0xf01d	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 07:25:20.636495113 CEST	1.1.1.1	192.168.2.6	0xe945	No error (0)	ubschf.com	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:20.636495113 CEST	1.1.1.1	192.168.2.6	0xe945	No error (0)	ubschf.com	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:20.844242096 CEST	1.1.1.1	192.168.2.6	0xfea6	No error (0)	ubschf.com		65	IN (0x0001)	false
Sep 28, 2024 07:25:22.195800066 CEST	1.1.1.1	192.168.2.6	0x196d	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 28, 2024 07:25:22.195818901 CEST	1.1.1.1	192.168.2.6	0x280c	No error (0)	www.google.com	142.250.185.100	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:22.431859970 CEST	1.1.1.1	192.168.2.6	0xd8cd	No error (0)	ubschf.com	188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:22.431859970 CEST	1.1.1.1	192.168.2.6	0xd8cd	No error (0)	ubschf.com	188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:25:22.436553001 CEST	1.1.1.1	192.168.2.6	0xba1b	No error (0)	ubschf.com		65	IN (0x0001)	false
Sep 28, 2024 07:25:23.525613070 CEST	1.1.1.1	192.168.2.6	0x9b5f	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:26:22.243555069 CEST	1.1.1.1	192.168.2.6	0xd99b	No error (0)	www.google.com	142.250.185.100	A (IP address)	IN (0x0001)	false
Sep 28, 2024 07:26:22.243830919 CEST	1.1.1.1	192.168.2.6	0xf01d	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

ubschf.com

https:

a.nel.cloudflare.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 2f 2f 45 6b 35 38 4f 34 55 71 7a 6d 64 73 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 36 35 61 37 66 33 39 64 33 30 63 32 33 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: O//Ek58O4UqzmdsQ.1Context: 1e65a7f39d30c236
2024-09-28 05:25:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:25:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 2f 2f 45 6b 35 38 4f 34 55 71 7a 6d 64 73 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 36 35 61 37 66 33 39 64 33 30 63 32 33 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: O//Ek58O4UqzmdsQ.2Context: 1e65a7f39d30c236<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:25:19 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 2f 2f 45 6b 35 38 4f 34 55 71 7a 6d 64 73 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 36 35 61 37 66 33 39 64 33 30 63 32 33 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: O//Ek58O4UqzmdsQ.3Context: 1e65a7f39d30c236<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:25:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:25:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 57 4d 66 5a 73 47 4c 72 6b 61 52 49 6b 75 55 4a 76 4d 37 77 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vWMfZsGLrkaRIkuUJvM7ww.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49717	188.114.97.3	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:21 UTC	672	OUT	GET /de/receive/79469380 HTTP/1.1 Host: ubschf.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:21 UTC	582	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:25:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbtMhU2lPiZ%2BTIXQYiGu28pqZY9hRjVNDPCbLGELPLUb6ltelSI2A30ARD2LnunozV7VaM%2BiiD8Mp1Rqn04h3EtxQSKz92U7Qced9ebR0vsa%2BRXuFDTj1TZUQ0IO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca14ff79e39c32c-EWR
2024-09-28 05:25:21 UTC	787	IN	Data Raw: 31 31 33 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 113d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 Data Ascii: -ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 79 78 4a 73 62 37 74 62 78 69 6b 37 70 50 6f 70 79 33 5f 75 58 4f 71 72 41 65 42 75 4b 5f 52 5a 37 50 35 53 2e 7a 43 5f 48 7a 59 2d 31 37 32 37 35 30 31 31 32 31 2d 30 2e 30 2e 31 2e 31 2d 2f 64 65 2f 72 65 63 65 69 76 65 2f 37 39 34 36 39 33 38 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 Data Ascii: GET" enctype="text/plain"> <input type="hidden" name="atok" value="yxJsb7tbxik7pPopy3_uXOqrAeBuK_RZ7P5S.zC_HzY-1727501121-0.0.1.1-/de/receive/79469380"> <a href="https://www.cloudflare.com/learning/access
2024-09-28 05:25:21 UTC	896	IN	Data Raw: 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 Data Ascii: /span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing
2024-09-28 05:25:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49716	188.114.97.3	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:21 UTC	566	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: ubschf.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://ubschf.com/de/receive/79469380 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:21 UTC	411	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:25:21 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8ca14ff86b4b42e4-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sat, 28 Sep 2024 07:25:21 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-28 05:25:21 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-09-28 05:25:21 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49720	188.114.97.3	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:22 UTC	639	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: ubschf.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ubschf.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:22 UTC	409	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:25:22 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca14ffd0b4d42b0-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sat, 28 Sep 2024 07:25:22 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-28 05:25:22 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49722	188.114.97.3	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:22 UTC	595	OUT	GET /favicon.ico HTTP/1.1 Host: ubschf.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ubschf.com/de/receive/79469380 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:23 UTC	805	IN	HTTP/1.1 404 Not Found Date: Sat, 28 Sep 2024 05:25:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close X-Powered-By: Express X-Robots-Tag: noindex, nofollow, noarchive CF-Cache-Status: BYPASS Set-Cookie: connect.sid=s%3A%23Europe898177747.Wj%2BaxRhqv9VQHH866ajeFTi36dG0GeIThwIaOd%2BsBko; Path=/; Expires=Sun, 29 Sep 2024 05:25:23 GMT; HttpOnly Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca15000fa006a50-EWR
2024-09-28 05:25:23 UTC	564	IN	Data Raw: 37 63 37 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 2d 2d 58 3a 20 30 2e 33 36 31 33 35 36 39 33 32 31 35 33 33 39 32 34 3b 20 2d 2d 59 3a 20 2d 30 2e 31 31 37 37 36 30 36 31 37 37 36 30 36 31 37 37 35 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 70 77 65 62 61 73 73 65 74 73 2e 63 6f 64 65 70 65 6e 2e 69 6f 2f 61 73 73 65 74 73 2f 63 6f 6d 6d 6f 6e 2f 73 74 6f 70 45 78 65 63 75 74 69 6f 6e 4f 6e 54 69 6d 65 6f 75 74 2d 32 63 37 38 33 31 62 62 34 34 66 39 38 63 31 33 39 31 64 36 61 34 66 66 64 61 30 65 31 66 64 33 30 32 35 30 Data Ascii: 7c79<!DOCTYPE html><html lang="en" style="--X: 0.3613569321533924; --Y: -0.11776061776061775;"><head> <meta charset="UTF-8"> <script src="https://cpwebassets.codepen.io/assets/common/stopExecutionOnTimeout-2c7831bb44f98c1391d6a4ffda0e1fd30250
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 2b 4d 6f 6e 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 29 3b 0a 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 6c 69 67 68 74 3a 20 35 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 68 73 6c 28 30 2c 20 30 25 2c 20 63 61 6c 63 28 76 61 72 28 2d 2d 6c 69 67 68 74 29 20 2a 20 31 25 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 Data Ascii: om/css?family=Roboto+Mono&display=swap"); * { box-sizing: border-box; } :root { --light: 5; } body { background: hsl(0, 0%, calc(var(--light) * 1%)); font-family: '
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 30 2e 32 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 20 30 2e 32 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 20 30 2e 32 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 61 63 6b 77 61 72 64 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 61 63 6b 77 61 72 64 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 20 73 74 65 70 73 28 31 29 3b 0a 20 20 20 20 20 Data Ascii: on-duration: 0.2s; -webkit-animation-delay: 0.2s; animation-delay: 0.2s; -webkit-animation-fill-mode: backwards; animation-fill-mode: backwards; -webkit-animation-timing-function: steps(1);
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3a 20 68 73 6c 61 28 32 30 30 2c 20 31 30 30 25 2c 20 37 35 25 2c 20 63 61 6c 63 28 76 61 72 28 2d 2d 62 65 61 72 2d 74 65 61 72 73 2c 20 30 29 20 2d 20 30 2e 35 29 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 62 65 61 72 2d 6c 6f 67 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 32 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 72 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 72 65 74 75 72 6e 2d 6c 69 6e 6b 3a 68 6f 76 65 Data Ascii: fill: hsla(200, 100%, 75%, calc(var(--bear-tears, 0) - 0.5)); } @media (min-width: 768px) { .bear-logo { height: 12rem; width: 12rem; } } .return-link:hove
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 73 63 61 6c 65 58 3a 20 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 73 63 61 6c 65 59 3a 20 2d 32 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 33 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 73 63 61 6c 65 58 3a 20 2d 32 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 73 63 61 6c 65 59 3a 20 35 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 34 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 2d 73 63 61 6c 65 58 3a 20 2d 33 30 3b Data Ascii: --scaleX: 30; --scaleY: -20; } .four-oh-four__code span:nth-of-type(3) { --scaleX: -20; --scaleY: 50; } .four-oh-four__code span:nth-of-type(4) { --scaleX: -30;
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 33 29 3a 61 66 74 65 72 2c 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 34 29 3a 61 66 74 65 72 2c 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 2d 6d 65 73 73 61 67 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 32 29 3a 61 66 74 65 72 2c 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 6f 64 65 2d 6d 65 73 73 61 67 65 20 73 70 61 6e 3a 6e 74 68 2d 6f 66 2d 74 79 70 65 28 33 29 3a 61 66 74 65 72 2c 0a 20 20 20 20 20 20 20 20 2e 66 6f 75 72 2d 6f 68 2d 66 6f 75 72 5f 5f 63 Data Ascii: .four-oh-four__code span:nth-of-type(3):after, .four-oh-four__code span:nth-of-type(4):after, .four-oh-four__code-message span:nth-of-type(2):after, .four-oh-four__code-message span:nth-of-type(3):after, .four-oh-four__c
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 37 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 76 61 72 28 2d 2d 63 68 61 72 2d 37 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 38 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 76 61 72 28 2d 2d 63 68 61 72 2d 38 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 39 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 76 61 72 28 2d 2d 63 68 61 72 2d 39 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 Data Ascii: } 70% { content: var(--char-7); } 80% { content: var(--char-8); } 90% { content: var(--char-9); } 100% { c
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 22 20 72 65 6c 3d 22 6e 6f 72 65 66 65 72 72 65 72 20 6e 6f 6f 70 65 6e 65 72 22 3e 52 65 74 75 72 6e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 20 68 61 70 70 69 6e 65 73 73 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 63 6c 61 73 73 3d 22 62 65 61 72 2d 6c 6f 67 6f 20 62 65 61 72 2d 6c 6f 67 6f 2d 2d 74 65 61 72 73 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 33 30 30 20 33 30 30 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 31 2e 33 34 31 30 35 20 30 20 30 20 31 2e 33 34 31 30 35 20 2d 35 31 2e 31 35 37 20 2d 31 30 34 39 2e 36 39 34 29 22 3e Data Ascii: " rel="noreferrer noopener">Return to happiness</a> <svg class="bear-logo bear-logo--tears" viewBox="0 0 300 300" xmlns="http://www.w3.org/2000/svg"> <g transform="matrix(1.34105 0 0 1.34105 -51.157 -1049.694)">
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 20 20 20 20 3c 65 6c 6c 69 70 73 65 20 74 72 61 6e 73 66 6f 72 6d 3d 22 73 63 61 6c 65 28 2d 31 20 31 29 22 20 63 78 3d 22 2d 32 33 31 2e 32 34 33 22 20 63 79 3d 22 38 32 37 2e 36 38 32 22 20 72 78 3d 22 32 33 2e 37 36 32 22 20 72 79 3d 22 32 33 2e 31 31 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 38 30 33 33 30 30 22 3e 3c 2f 65 6c 6c 69 70 73 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 32 31 34 2e 37 36 34 20 38 32 36 2e 33 31 37 61 31 36 2e 35 34 39 20 31 36 2e 30 39 35 20 30 20 30 31 31 36 2e 34 38 2d 31 34 2e 37 33 31 20 31 36 2e 35 34 39 20 31 36 2e 30 39 35 20 30 20 30 31 31 36 2e 35 34 38 20 31 36 2e 30 39 35 20 31 36 2e Data Ascii: <ellipse transform="scale(-1 1)" cx="-231.243" cy="827.682" rx="23.762" ry="23.111" fill="#803300"></ellipse> <path d="M214.764 826.317a16.549 16.095 0 0116.48-14.731 16.549 16.095 0 0116.548 16.095 16.
2024-09-28 05:25:23 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 65 61 72 5f 5f 74 65 61 72 2d 73 74 72 65 61 6d 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 39 30 2e 36 36 35 20 38 39 33 2e 33 33 36 76 39 36 2e 32 32 31 63 38 2e 32 34 2d 34 2e 34 33 20 31 35 2e 37 36 31 2d 31 30 2e 31 35 20 32 32 2e 33 37 2d 31 36 2e 39 37 31 76 2d 37 39 2e 32 35 68 2d 32 32 2e 33 37 7a 4d 38 36 2e 30 35 36 20 38 39 33 2e 33 33 36 76 38 30 2e 33 39 39 63 36 2e 35 34 36 20 36 2e 38 38 35 20 31 34 2e 30 35 36 20 31 32 2e 35 39 32 20 32 32 2e 33 37 20 31 36 2e 39 32 76 2d 39 37 2e 33 32 68 2d 32 32 2e 33 37 7a 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 Data Ascii: <path class="bear__tear-stream" d="M190.665 893.336v96.221c8.24-4.43 15.761-10.15 22.37-16.971v-79.25h-22.37zM86.056 893.336v80.399c6.546 6.885 14.056 12.592 22.37 16.92v-97.32h-22.37z"></path> <p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49725	188.114.96.3	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:23 UTC	380	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: ubschf.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:23 UTC	409	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 05:25:23 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca1500599ab0cc8-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sat, 28 Sep 2024 07:25:23 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-28 05:25:23 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49726	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 05:25:24 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=213578 Date: Sat, 28 Sep 2024 05:25:24 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49727	35.190.80.1	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:24 UTC	523	OUT	OPTIONS /report/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://ubschf.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:24 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sat, 28 Sep 2024 05:25:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49728	35.190.80.1	443	7092	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:24 UTC	470	OUT	POST /report/v4?s=T5aONeaANxQDoXxyJgtiIQb%2FQj9rq7TyA2AzKrAtdS1t9rWF0O%2BdOYog4kP%2Bc6B95F141Jlm16484rkQBhbbee74WK29xbgDoxEnhe%2FfFLwNsNmu1ajzmsGdNTDb HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 431 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 05:25:24 UTC	431	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 37 36 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 38 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 75 62 73 63 68 66 2e 63 6f 6d 2f 64 65 2f 72 65 63 65 69 76 65 2f 37 39 34 36 39 33 38 30 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 37 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 Data Ascii: [{"age":176,"body":{"elapsed_time":1180,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://ubschf.com/de/receive/79469380","sampling_fraction":1.0,"server_ip":"188.114.97.3","status_code":404,"type":"http.error"},"type":"networ
2024-09-28 05:25:24 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 28 Sep 2024 05:25:24 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 05:25:25 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=213607 Date: Sat, 28 Sep 2024 05:25:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 05:25:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49730	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 4f 77 62 30 41 72 33 62 45 43 46 6e 4f 68 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 39 65 65 31 62 38 30 35 34 62 62 66 38 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: iOwb0Ar3bECFnOhx.1Context: 129ee1b8054bbf8e
2024-09-28 05:25:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:25:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 4f 77 62 30 41 72 33 62 45 43 46 6e 4f 68 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 39 65 65 31 62 38 30 35 34 62 62 66 38 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: iOwb0Ar3bECFnOhx.2Context: 129ee1b8054bbf8e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:25:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 4f 77 62 30 41 72 33 62 45 43 46 6e 4f 68 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 39 65 65 31 62 38 30 35 34 62 62 66 38 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: iOwb0Ar3bECFnOhx.3Context: 129ee1b8054bbf8e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:25:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:25:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 4b 2b 56 4f 47 57 58 38 30 47 47 46 36 42 47 62 61 4b 6c 56 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YK+VOGWX80GGF6BGbaKlVQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49731	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:33 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G9PPCT7B+duUFbv&MD=l7ZwHmed HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 05:25:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 3881a3bc-21be-4cc8-8755-16ee43fa594b MS-RequestId: 4511f2e3-efa6-4462-8393-039868b828ff MS-CV: h/Db8FwOo0y2gmjp.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 05:25:33 GMT Connection: close Content-Length: 24490
2024-09-28 05:25:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-28 05:25:34 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49734	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 69 43 45 36 49 77 44 76 55 6d 47 78 7a 4c 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 38 63 39 38 65 33 33 30 63 32 32 34 62 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BiCE6IwDvUmGxzLQ.1Context: b08c98e330c224b5
2024-09-28 05:25:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:25:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 69 43 45 36 49 77 44 76 55 6d 47 78 7a 4c 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 38 63 39 38 65 33 33 30 63 32 32 34 62 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BiCE6IwDvUmGxzLQ.2Context: b08c98e330c224b5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:25:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 69 43 45 36 49 77 44 76 55 6d 47 78 7a 4c 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 30 38 63 39 38 65 33 33 30 63 32 32 34 62 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: BiCE6IwDvUmGxzLQ.3Context: b08c98e330c224b5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:25:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:25:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 53 4d 41 6d 74 6f 52 72 6b 4b 4e 43 37 6d 53 45 73 6a 4b 42 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qSMAmtoRrkKNC7mSEsjKBA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49735	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:25:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 66 36 6e 30 79 56 4d 41 6b 4b 52 56 33 33 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 37 64 32 63 35 32 30 32 37 63 66 36 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Nf6n0yVMAkKRV33e.1Context: a2d7d2c52027cf6a
2024-09-28 05:25:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:25:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 66 36 6e 30 79 56 4d 41 6b 4b 52 56 33 33 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 37 64 32 63 35 32 30 32 37 63 66 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Nf6n0yVMAkKRV33e.2Context: a2d7d2c52027cf6a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:25:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 66 36 6e 30 79 56 4d 41 6b 4b 52 56 33 33 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 64 37 64 32 63 35 32 30 32 37 63 66 36 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Nf6n0yVMAkKRV33e.3Context: a2d7d2c52027cf6a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:25:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:25:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 57 4c 64 5a 41 34 4c 54 4a 30 2b 78 7a 55 6a 6d 35 6b 73 57 31 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: WLdZA4LTJ0+xzUjm5ksW1Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49736	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:26:11 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G9PPCT7B+duUFbv&MD=l7ZwHmed HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-28 05:26:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 9d25d956-d502-4777-b97f-ea9919d7022f MS-RequestId: 6a8e9cce-da50-4376-b3c3-bcfb5d199096 MS-CV: kF8RWmaAmEuBtsk9.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 28 Sep 2024 05:26:11 GMT Connection: close Content-Length: 30005
2024-09-28 05:26:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-28 05:26:11 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49738	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:26:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 44 63 70 38 38 2b 47 74 45 61 6e 47 55 64 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 61 66 38 31 65 32 64 66 36 61 33 34 30 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: eDcp88+GtEanGUdv.1Context: 9daf81e2df6a3403
2024-09-28 05:26:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:26:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 44 63 70 38 38 2b 47 74 45 61 6e 47 55 64 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 61 66 38 31 65 32 64 66 36 61 33 34 30 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: eDcp88+GtEanGUdv.2Context: 9daf81e2df6a3403<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:26:19 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 44 63 70 38 38 2b 47 74 45 61 6e 47 55 64 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 61 66 38 31 65 32 64 66 36 61 33 34 30 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: eDcp88+GtEanGUdv.3Context: 9daf81e2df6a3403<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:26:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:26:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 6d 44 69 61 79 47 62 32 55 75 68 49 4d 67 2f 5a 66 75 6d 46 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2mDiayGb2UuhIMg/ZfumFA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49740	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 05:26:47 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 6d 2f 6d 5a 6e 51 75 64 30 47 31 6b 37 61 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 66 32 61 62 31 62 38 33 36 61 37 38 65 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Wm/mZnQud0G1k7a2.1Context: 4df2ab1b836a78e0
2024-09-28 05:26:47 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-28 05:26:47 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 6d 2f 6d 5a 6e 51 75 64 30 47 31 6b 37 61 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 66 32 61 62 31 62 38 33 36 61 37 38 65 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 41 61 34 4b 53 6b 36 63 76 63 42 4a 4c 73 56 35 61 4a 67 6a 43 59 43 54 36 43 64 2f 37 72 6b 47 35 68 35 43 44 55 55 38 30 74 4e 41 41 36 6c 63 6b 43 56 72 54 6e 62 4c 6f 50 54 4a 76 62 54 7a 4c 78 48 67 57 70 2b 5a 4a 77 7a 6a 47 30 6c 53 48 2f 70 45 34 4f 5a 32 78 54 33 44 71 51 50 4d 36 4d 47 55 4c 5a 6a 30 46 6d 51 39 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Wm/mZnQud0G1k7a2.2Context: 4df2ab1b836a78e0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAeAa4KSk6cvcBJLsV5aJgjCYCT6Cd/7rkG5h5CDUU80tNAA6lckCVrTnbLoPTJvbTzLxHgWp+ZJwzjG0lSH/pE4OZ2xT3DqQPM6MGULZj0FmQ9
2024-09-28 05:26:47 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 6d 2f 6d 5a 6e 51 75 64 30 47 31 6b 37 61 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 66 32 61 62 31 62 38 33 36 61 37 38 65 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Wm/mZnQud0G1k7a2.3Context: 4df2ab1b836a78e0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-28 05:26:47 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-28 05:26:47 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2f 4c 33 54 62 48 51 45 2b 45 36 38 67 41 39 77 2f 50 42 52 73 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: /L3TbHQE+E68gA9w/PBRsg.0Payload parsing failed.

Target ID:	0
Start time:	01:25:14
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:25:16
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2240,i,309238538998812656,16953579315401975955,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	01:25:19
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ubschf.com/de/receive/79469380"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_44, type: DROPPED

Source: https://ubschf.com/de/receive/79469380	HTTP Parser: No favicon
Source: https://ubschf.com/de/receive/79469380	HTTP Parser: No favicon

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197

Source: global traffic	HTTP traffic detected: GET /de/receive/79469380 HTTP/1.1Host: ubschf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: ubschf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ubschf.com/de/receive/79469380Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: ubschf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ubschf.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ubschf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ubschf.com/de/receive/79469380Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: ubschf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G9PPCT7B+duUFbv&MD=l7ZwHmed HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=G9PPCT7B+duUFbv&MD=l7ZwHmed HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ubschf.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ubschf.com/de/receive/79469380

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5640, Parent PID: 5924

General

Chronological Activities

Analysis Process: chrome.exePID: 7092, Parent PID: 5640

General

Windows Analysis Report
https://ubschf.com/de/receive/79469380