Edit tour

Windows Analysis Report
https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2

Overview

General Information

Sample URL:	https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2
Analysis ID:	1430936
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected hidden input values containing email addresses (often used in phishing pages)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2180,i,16645406805787686568,15006377985678471521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	Avira URL Cloud: Label: phishing
Source: https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	Avira URL Cloud: Label: phishing

Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0

HTTP Parser: g.hammerschmidt@viennaairport.com

Source: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	HTTP Parser: Number of links: 0
Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	HTTP Parser: Number of links: 0

Source: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

Source: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	HTTP Parser: Title: Redirecting does not match URL
Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	HTTP Parser: Title: Sign In does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	HTTP Parser: No favicon
Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	HTTP Parser: No favicon

Source: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	HTTP Parser: No <meta name="author".. found
Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	HTTP Parser: No <meta name="copyright".. found
Source: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1Host: www.maultalk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1Host: www.serserijeans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1Host: serserijeans.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1Host: esign.joahelms.designConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1Host: esign.joahelms.designConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JGFoT5="OTg4OGM1ZDUtNTY3OC00ODU2LWI2OTAtNzIzZDczNTVmOWY1OjUyYTQ3M2M3LTZkMWUtNGJkNi05ODVhLTQ0ZTJmNjhmZDE0NQ=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0 HTTP/1.1Host: fs.viennaairport.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/css/style.css?id=36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17 HTTP/1.1Host: fs.viennaairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 HTTP/1.1Host: fs.viennaairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 HTTP/1.1Host: fs.viennaairport.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0 HTTP/1.1Host: fs.viennaairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 HTTP/1.1Host: fs.viennaairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fs.viennaairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 HTTP/1.1Host: fs.viennaairport.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: www.maultalk.com

Source: unknown

HTTP traffic detected: POST /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1Host: esign.joahelms.designConnection: keep-aliveContent-Length: 5537Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://esign.joahelms.designContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=us-asciiServer: Microsoft-HTTPAPI/2.0Date: Wed, 24 Apr 2024 09:50:57 GMTConnection: closeX-FRAME-OPTIONS: SAMEORIGINStrict-Transport-Security: max-age=31536000

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@19/14@22/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2180,i,16645406805787686568,15006377985678471521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2180,i,16645406805787686568,15006377985678471521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	0%	Avira URL Cloud	safe
https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	0%	Virustotal		Browse

Source	Detection	Scanner	Label
https://serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	100%	Avira URL Cloud	phishing
https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t	0%	Avira URL Cloud	safe
https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
fs.viennaairport.com	193.43.158.108	true	false	high
www.maultalk.com	172.67.129.156	true	false	high
esign.joahelms.design	89.187.28.219	true	false	unknown
part-0041.t-0009.t-msedge.net	13.107.213.69	true	false	unknown
serserijeans.com	185.106.211.102	true	false	unknown
www.google.com	142.250.101.105	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
identity.nel.measure.office.net	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high
www.serserijeans.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	false		high
https://fs.viennaairport.com/adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180	false		high
https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	false		high
https://fs.viennaairport.com/adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362	false		high
https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485	false		unknown
https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0	false		high
https://fs.viennaairport.com/favicon.ico	false		high
https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	false	Avira URL Cloud: phishing	unknown
https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0	false		high
https://serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	false	Avira URL Cloud: phishing	unknown
https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t	false	Avira URL Cloud: safe	unknown
https://fs.viennaairport.com/adfs/portal/css/style.css?id=36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.105	www.google.com	United States	15169	GOOGLEUS	false
89.187.28.219	esign.joahelms.design	Ukraine	39810	UA-WICOMWiMAXUkraineAutonomousSystemUA	false
13.107.213.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.129.156	www.maultalk.com	United States	13335	CLOUDFLARENETUS	false
185.106.211.102	serserijeans.com	Turkey	42846	GUZELHOSTINGGNETINTERNETTELEKOMUNIKASYONASTR	false
193.43.158.108	fs.viennaairport.com	Austria	28771	VIE-ASstreetaddressPostfach1AT	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430936
Start date and time:	2024-04-24 11:49:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@19/14@22/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.101, 142.251.2.100, 142.251.2.102, 142.251.2.113, 142.251.2.139, 142.251.2.138, 142.251.2.84, 34.104.35.123, 40.68.123.157, 199.232.214.172, 192.229.211.108, 40.126.62.131, 40.126.62.132, 20.190.190.131, 20.190.190.129, 20.190.190.193, 40.126.62.129, 20.190.190.195, 40.126.62.130, 20.166.126.56, 184.50.26.67, 184.50.26.42, 74.125.137.95, 142.250.101.95, 142.250.141.95, 142.251.2.95, 142.250.101.94, 23.1.234.24, 23.1.234.57, 23.217.118.205, 23.217.118.209
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, ak.privatelink.msidentity.com, a1894.dscb.akamai.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, login.mso.msidentity.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.ak.prd.aadg.akadns.net, ctldl.windowsupdate.com, aadcdn.msauth.net, wu-bg-shim.trafficmanager.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (523), with CRLF line terminators
Category:	downloaded
Size (bytes):	31093
Entropy (8bit):	4.955303456250949
Encrypted:	false
SSDEEP:	384:xIvGjXOmsnslOERMYu+WlB8skn7jobWwUfQ:xICOt6weQ
MD5:	61C93161C51A64EB65A303E5A37E4C06
SHA1:	A4010B77FF61F6774DF92855BDBB02486FDA15BF
SHA-256:	36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17
SHA-512:	3B518915B581A67A0910BCB8680D562C8CFDDFD4E47E44B8E1F33F40FAF551F1E11AD44B62CDB4EC2E2D83E35EE5B27A09DAEC44FD485CAC8EBF8D79389900CD
Malicious:	false
Reputation:	low
URL:	https://fs.viennaairport.com/adfs/portal/css/style.css?id=36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17
Preview:	.* {.. margin: 0px;.. padding: 0px;..}....html, body {.. height: 100%;.. width: 100%;.. background-color: #ffffff;.. color: #000000;.. font-weight: normal;.. font-family: "Segoe UI Webfont",-apple-system,"Helvetica Neue","Lucida Grande","Roboto","Ebrima","Nirmala UI","Gadugi","Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI","Tunga","Lao UI","Raavi","Iskoola Pota","Latha","Leelawadee","Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math";.. -ms-overflow-style: -ms-autohiding-scrollbar;..}....body {.. font-size: 0.9em;..}....#noScript {.. margin: 16px;.. color: Black;..}....:lang(en-GB) {.. quotes: '\2018' '\2019' '\201C' '\201D';..}....:lang(zh) {.. font-family: ....;..}....@-ms-viewport {.. width: device-width;..}....@-moz-viewport {

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1420x946, components 3
Category:	downloaded
Size (bytes):	189015
Entropy (8bit):	7.939289864264776
Encrypted:	false
SSDEEP:	3072:/va2+tuZ4r9Kon/1qq+neXUoYpKfs/HosKXBwCfsKbmM/MqnDh3MC03+c94:0rKodFhCKfs/Ho9BwCHbVUs5MjH94
MD5:	87FDE243FB3B5F3597F455F5C8350159
SHA1:	7E661AEE88588B85CA8D42C3B38EFA1DCB3F219D
SHA-256:	118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180
SHA-512:	173AD39C15B9C8542582F88EEE56D472F489A0DCEFCCFC97A935C957099A0750EA1610B89767D11183775F615D57FDC420151DEFD2B0AD8B6CA327F3A0515360
Malicious:	false
Reputation:	low
URL:	https://fs.viennaairport.com/adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180
Preview:	......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Refer

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.412814895472355
Encrypted:	false
SSDEEP:	3:kYSLZs/pY1CYYn:2LZsxn
MD5:	CE7D9E0DFA301786CBBD8049E6CB80FB
SHA1:	7059D519DF4440ED61677E47E989BD7AD96B7E43
SHA-256:	2DFF3496EF7FF69B607DC523A3D1DACB868DF840F3CC78BFBBC0F8CE446ACA86
SHA-512:	ED6D582AEFA1FB4BFDE14E5FB17A80BC99E27413678897596EE310AB85AC216D4043B9F13DE18703830C5DD26F0F42FE34889A5BF3A36905C89F8F45BECF35FC
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwlLGi3Y-W7UeBIFDQGlaXISBQ1lIZnq?alt=proto
Preview:	ChoKCw0BpWlyGgQIVhgCCgsNZSGZ6hoECEsYAg==

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 383 x 125, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5935
Entropy (8bit):	7.935968032263857
Encrypted:	false
SSDEEP:	96:Wxg07PdtzYA1AoHp8cKTnNsAZTHshJ3/Rq7PG5zCy9TshK7NMh0C1bVN+4gjAl/N:We07wA1Z8cKhsmTMzZrQy9T97NMG54l1
MD5:	A065FFAEA4EDCAF6ED85C183F528418B
SHA1:	FEBB1F6F53DB60BC70203331352EC4AAA39A2A45
SHA-256:	D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362
SHA-512:	D1322B3C6E2296BC57693525921075C66A8D1704DF7459FF8EA8FB69654BBF5C2F25284DBAFDBD6EAFF147E7B21B4E50726D1D2EF59BB17E0001E5B7CDBE8557
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......}.....J.c.....pHYs...........~.....IDATx..Mr.H._.1..9.kN`....>..'0.GD.O`.....~...\|..#........w..(.`..(..?..'Ba....$.....z.....B.Y..7v..!....?!.,..B.Y T....@...!d.P..B....'...B.O.!....B..?...9'J.;.....f....B.Ly........p. .p.......w./...f...AB.l....(.W...\|.(.....?.u...(...B[...V.n........E.Y....L.........(.A.......J.....xe@.....a.{g.~,..#...B......Q..P......@r.._zn..2c8.K.(..P.c..._..Q..BB......oa....Ez'....`..;.g.>..`n.#.....-B.B.....{..Mi......!.>......C..fR.....G.M..Vh..Bze....n.....5}...>.U....y.....AiI..f....J..k.F..b4..#...."mZ..-,.O..E..Nzh{...jW.....x\|...0...`......-..#...f....dn{..K.x..D'..;.$.(...xSL.J,...2...._?.J.$O-..J.m....I.......I.r[..w.9 ..}E....h......J.m ....kf7v.....7.......:..1.V.1R7W...-..>.mH..]>.H3I.o.}./....$.9 L9n0x..~..g.-..C..9.%...d^\..7..m.._.......7.sv.........T?F"...d^\..7.V....P.".a......]..k..-...<'...Cz`....i..4.1..."u..]"c.@o_..<.D'F.i.D...(..(..C(.).[.N.l..-c.SC...B.....5.w(....m5...Ga....

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1420x946, components 3
Category:	dropped
Size (bytes):	189015
Entropy (8bit):	7.939289864264776
Encrypted:	false
SSDEEP:	3072:/va2+tuZ4r9Kon/1qq+neXUoYpKfs/HosKXBwCfsKbmM/MqnDh3MC03+c94:0rKodFhCKfs/Ho9BwCHbVUs5MjH94
MD5:	87FDE243FB3B5F3597F455F5C8350159
SHA1:	7E661AEE88588B85CA8D42C3B38EFA1DCB3F219D
SHA-256:	118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180
SHA-512:	173AD39C15B9C8542582F88EEE56D472F489A0DCEFCCFC97A935C957099A0750EA1610B89767D11183775F615D57FDC420151DEFD2B0AD8B6CA327F3A0515360
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Refer

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.38000372032164
Encrypted:	false
SSDEEP:	6:B8FQtuc4svmo9qvyDPdrKFjKek+q2Q8EevWR0NNEXW0YDBOTieUWFLzR/YNe9zoG:BMQt6o9qvyLYF2ek+q2Q8Eepfd6ieUWx
MD5:	67932D4B695E1D6B19DFC2E3610761FF
SHA1:	A66898B36C94C53766E66C1A7AAEB149447EC083
SHA-256:	CE7127C38E30E92A021ED2BD09287713C6A923DB9FFDB43F126E8965D777FBF0
SHA-512:	97408B30995B72417494DACA4C67488B77E3121A9DB8BB3C2F204B49944457CAA1AF4B75730511B39FC9BABCCA5E1440168C3DBF3377B072866295BD490710FE
Malicious:	false
Reputation:	low
URL:	https://fs.viennaairport.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Found</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>..<BODY><h2>Not Found</h2>..<hr><p>HTTP Error 404. The requested resource is not found.</p>..</BODY></HTML>..

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141339
Category:	downloaded
Size (bytes):	49632
Entropy (8bit):	7.995756058904724
Encrypted:	true
SSDEEP:	1536:XOwJxyZ3lV31cfpmHBoep5KvsXS1SbI+o2Rd8yHk0GOmOY:ZJxyZ3lF3HBl5OSo238yE0GOpY
MD5:	DAF955BF2112F74E4F78B2187A8D6BEF
SHA1:	231CE9BE42327A3BC1AA7F48C03ABA46740DC456
SHA-256:	72D3BBFFAAD400572BF853223BFFD96DC0CC6A336CFA7F3452259BF468590A4D
SHA-512:	B4904C83951533E98F38F2040E22794BAADCFE528E86650DE13394195F004DFDEF66C47D8A7E4EA3A4556A535C7A570E7829CE28B38DFEEE66053DAEB0D80A4A
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
Preview:	............[.8.8...+.w..OL..hpp..... .......pw....e .o?u.l.q.}.s....[.R..TUI.?..O.....S.....+.....g..Sx..r.??.;..z......W..DT....W..J.U.`.F.0r..W..7..Ie.....NT.Q.U...2......$\|.T.....Q.\9<5.P....[?..p...wI%...$n.Qm.x.bQ.....w..r.0..I%.#.?.G....?aU.HTb.T.a..q;..B.Zc...1&ph...A.c.(.B....8.A..L.L..Z#....6T.....d....m..v..w0=.....FI=..XD......xT!d....x..@<y..Fn.(W...so#!.E.X.<AE....~....Y..'.t&8.T.....".J.k.....Rm5.[k..F..$..........Qx....C.G.s../.......1....l.-......o...?.a.Ta...W...7.?.N.....2..#lXU./..T.x.....".w.......;.k.\^w.].>..mr.k53r.......k.0.I.<OE......d...#..jhE..jx.].....Y\|W....i...`.. .k.P...@.Uq.\;...T.huu....TK.Y=...I..s.A.en..K.n.;).\|.?.F.....d...\|........`....5.W..._..,$..51Qe...}.^&.J#K......<......8.(r....Y.ZR..G.zc.wc.A.pL.e&w...@<V.!. ..w.:+k..n..4..I.. .....S.....p"....8....v.l.[M.0..q..c;.....0...8.......t.\...n "..km..S...W..]......paJV.(J...g....!.\|........;.zN...5}.....DZ....=q.E.@ .Dv.z...@.d.#tE....

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 383 x 125, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5935
Entropy (8bit):	7.935968032263857
Encrypted:	false
SSDEEP:	96:Wxg07PdtzYA1AoHp8cKTnNsAZTHshJ3/Rq7PG5zCy9TshK7NMh0C1bVN+4gjAl/N:We07wA1Z8cKhsmTMzZrQy9T97NMG54l1
MD5:	A065FFAEA4EDCAF6ED85C183F528418B
SHA1:	FEBB1F6F53DB60BC70203331352EC4AAA39A2A45
SHA-256:	D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362
SHA-512:	D1322B3C6E2296BC57693525921075C66A8D1704DF7459FF8EA8FB69654BBF5C2F25284DBAFDBD6EAFF147E7B21B4E50726D1D2EF59BB17E0001E5B7CDBE8557
Malicious:	false
Reputation:	low
URL:	https://fs.viennaairport.com/adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362
Preview:	.PNG........IHDR.......}.....J.c.....pHYs...........~.....IDATx..Mr.H._.1..9.kN`....>..'0.GD.O`.....~...\|..#........w..(.`..(..?..'Ba....$.....z.....B.Y..7v..!....?!.,..B.Y T....@...!d.P..B....'...B.O.!....B..?...9'J.;.....f....B.Ly........p. .p.......w./...f...AB.l....(.W...\|.(.....?.u...(...B[...V.n........E.Y....L.........(.A.......J.....xe@.....a.{g.~,..#...B......Q..P......@r.._zn..2c8.K.(..P.c..._..Q..BB......oa....Ez'....`..;.g.>..`n.#.....-B.B.....{..Mi......!.>......C..fR.....G.M..Vh..Bze....n.....5}...>.U....y.....AiI..f....J..k.F..b4..#...."mZ..-,.O..E..Nzh{...jW.....x\|...0...`......-..#...f....dn{..K.x..D'..;.$.(...xSL.J,...2...._?.J.$O-..J.m....I.......I.r[..w.9 ..}E....h......J.m ....kf7v.....7.......:..1.V.1R7W...-..>.mH..]>.H3I.o.}./....$.9 L9n0x..~..g.-..C..9.%...d^\..7..m.._.......7.sv.........T?F"...d^\..7.V....P.".a......]..k..-...<'...Cz`....i..4.1..."u..]"c.@o_..<.D'F.i.D...(..(..C(.).[.N.l..-c.SC...B.....5.w(....m5...Ga....

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 11:50:23.025139093 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:23.025154114 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:23.337627888 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:30.072880030 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.072954893 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.073052883 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.073795080 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.073838949 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.073904991 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.074071884 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.074105024 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.074314117 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.074325085 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.419687986 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.420010090 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.420034885 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.420056105 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.420201063 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.420264006 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.421509027 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.421586037 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.421752930 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.421822071 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.422725916 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.422810078 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.422996998 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.423007011 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.423124075 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.423214912 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.463112116 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.463124037 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.463185072 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.510051012 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.959501028 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.959588051 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:30.959705114 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.960510015 CEST	49704	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:30.960529089 CEST	443	49704	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:31.637243032 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:31.637296915 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:31.637403965 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:31.637901068 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:31.637917995 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.227721930 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.227749109 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.227888107 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.228080034 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.228091002 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.359208107 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.359759092 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:32.359812975 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.361458063 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.361568928 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:32.363580942 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:32.363677025 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.364197969 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:32.364214897 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:32.414808989 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:32.588923931 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.592750072 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.592767000 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.594305992 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.594394922 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.596859932 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.596946001 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.634351015 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:32.634368896 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:32.648140907 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.648153067 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:32.697932005 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:32.947371006 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:33.526242018 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:33.526262999 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:33.526345015 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:33.528584003 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:33.528592110 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:33.820066929 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:33.820275068 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:33.820342064 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:33.825911045 CEST	49708	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:33.825948954 CEST	443	49708	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:33.870095968 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:33.870193005 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:33.917241096 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:33.917263985 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:33.918342113 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:33.964554071 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.059714079 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.100150108 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.221226931 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.221312046 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.221395016 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.221848965 CEST	49710	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.221865892 CEST	443	49710	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.298077106 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.298121929 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.298274994 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.298774958 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.298785925 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.358416080 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 24, 2024 11:50:34.358561993 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 24, 2024 11:50:34.377015114 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:34.377087116 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:34.377264023 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:34.377625942 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:34.377659082 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:34.624131918 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.624304056 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.626909971 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.626915932 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.627221107 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.628998995 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.672106981 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.949301958 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.949487925 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.949584961 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.950238943 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.950262070 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:34.950318098 CEST	49711	443	192.168.2.6	23.3.84.131
Apr 24, 2024 11:50:34.950328112 CEST	443	49711	23.3.84.131	192.168.2.6
Apr 24, 2024 11:50:35.090097904 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.090445042 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:35.090500116 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.093871117 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.093951941 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:35.347105026 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:35.347321987 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:35.347332954 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.347490072 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.387365103 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:35.387381077 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:35.429166079 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:36.432702065 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:36.432884932 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:36.433012962 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:36.435647011 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:36.435647011 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:36.435688972 CEST	443	49712	185.106.211.102	192.168.2.6
Apr 24, 2024 11:50:36.437396049 CEST	49712	443	192.168.2.6	185.106.211.102
Apr 24, 2024 11:50:36.630099058 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:36.630160093 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:36.630702972 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:36.631076097 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:36.631097078 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.158588886 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.159380913 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:37.159415007 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.160862923 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.160990953 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:37.163870096 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:37.164064884 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:37.164072990 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.164129972 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.213728905 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:37.213797092 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:37.266360044 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.786533117 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786575079 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786586046 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786633015 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786675930 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786683083 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.786695004 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786731005 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.786751032 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.786794901 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.787224054 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.787235022 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.787275076 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.787297010 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.787309885 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.787317038 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:39.787338018 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:39.787372112 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.045691967 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.045762062 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.045830011 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.045861959 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.045912981 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.045936108 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.045941114 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.046278954 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.046333075 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.046367884 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.046375990 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.046437025 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.046443939 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.046488047 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.062998056 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.063047886 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.063277960 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.063277960 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.063297033 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.063349009 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.306238890 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.306313038 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.306509972 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.306509972 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.306533098 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.306945086 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.306993961 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.307054043 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.307061911 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.307162046 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.307781935 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.307825089 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.307885885 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.307892084 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.307940960 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.308459044 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.308511019 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.308546066 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.308552980 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.308603048 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.309272051 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.309314013 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.309357882 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.309366941 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.309393883 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.312483072 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.312526941 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.312563896 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.312573910 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.312599897 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:40.312743902 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:40.312805891 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:41.077490091 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:41.377454996 CEST	49713	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:41.377492905 CEST	443	49713	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.294719934 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.294783115 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.294869900 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.295064926 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.295162916 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.295238018 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.296253920 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.296291113 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.297214031 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.297235012 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.593625069 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:42.593705893 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:42.593781948 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:42.769649029 CEST	49709	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:50:42.769676924 CEST	443	49709	142.250.101.105	192.168.2.6
Apr 24, 2024 11:50:42.826962948 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.830569029 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.834748030 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.834815025 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.834949017 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.834969997 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.835383892 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.836508036 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.855531931 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.855823040 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.868491888 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.868757963 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.868797064 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.868807077 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:42.868839025 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:42.951330900 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:44.371416092 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:44.371562958 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:44.371655941 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:44.386821985 CEST	49714	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:44.386840105 CEST	443	49714	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:44.391860008 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:44.436120987 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:45.396867037 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:45.397044897 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:45.397121906 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:46.318393946 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:46.319118977 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:46.319253922 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:46.324202061 CEST	49715	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:46.324228048 CEST	443	49715	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:46.453290939 CEST	49705	443	192.168.2.6	172.67.129.156
Apr 24, 2024 11:50:46.453353882 CEST	443	49705	172.67.129.156	192.168.2.6
Apr 24, 2024 11:50:47.853046894 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:47.853096962 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:47.853172064 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:47.853430033 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:47.853461981 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.348910093 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.349222898 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.349248886 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.350131989 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.350203991 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.351398945 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.351470947 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.351824999 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.351841927 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.521178007 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.829482079 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829560995 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829597950 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829617977 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829649925 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.829655886 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829677105 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829706907 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.829706907 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.829737902 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.829739094 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.829775095 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.830452919 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.830472946 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.830513954 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.830533028 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.830534935 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.830555916 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.830584049 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.830614090 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.830635071 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.989526033 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.989581108 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.989631891 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.989670992 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.989708900 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.989732027 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.989743948 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.989829063 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:48.989955902 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.990565062 CEST	49725	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:48.990595102 CEST	443	49725	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.048523903 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.048547983 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.048774958 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.049755096 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.049770117 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.198575974 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.198606014 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.198731899 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.198972940 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.198988914 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.535367966 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.550323009 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.550348043 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.551358938 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.551430941 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.552040100 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.552097082 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.592024088 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.592034101 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:49.634139061 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:49.739768982 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.740245104 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.740262985 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.743917942 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.744041920 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.744461060 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.744543076 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.791484118 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:49.791495085 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:50:49.837114096 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:50:50.931262970 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:50.931292057 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:50.931365967 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:50.931600094 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:50.931612968 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.569622993 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.569993019 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:51.570025921 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.571655035 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.571727037 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:51.572736979 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:51.572832108 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.573076010 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:51.573093891 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:51.620173931 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.297507048 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.297543049 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.297552109 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.297606945 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.297630072 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.339338064 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.608546019 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608572960 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608633041 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.608768940 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608788013 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608828068 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.608855009 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.608863115 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608947039 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.608994007 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609000921 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609078884 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609142065 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609149933 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609333992 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609383106 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609390020 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609431028 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609500885 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.609560013 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609714031 CEST	49732	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.609729052 CEST	443	49732	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.613559961 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.613601923 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.614000082 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.614518881 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.614538908 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.614918947 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.614995956 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:52.615155935 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.615370989 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:52.615405083 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.240537882 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.241031885 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.241058111 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.241437912 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.242053986 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.242116928 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.242733955 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.244426012 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.244687080 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.244740963 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.245260954 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.245779037 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.245878935 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.245929956 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.288110018 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.290663004 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.290683985 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.877749920 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.877770901 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.877860069 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.877881050 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.879692078 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.879726887 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.879765987 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.879798889 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.879823923 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.879899025 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.888421059 CEST	49734	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:53.888458014 CEST	443	49734	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:53.930058956 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.129822969 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.129859924 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.132292032 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.132539988 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.132565022 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.191617012 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.191632032 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.191730976 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.191785097 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192079067 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192171097 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.192189932 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192389965 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192454100 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.192467928 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192519903 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.192568064 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.236172915 CEST	49733	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.236255884 CEST	443	49733	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.266402960 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.266446114 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.266514063 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.267222881 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.267304897 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.267379045 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.267963886 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.267982006 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.268547058 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.268574953 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.369746923 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:54.369838953 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:54.369894028 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:54.744685888 CEST	49728	443	192.168.2.6	13.107.213.69
Apr 24, 2024 11:50:54.744704008 CEST	443	49728	13.107.213.69	192.168.2.6
Apr 24, 2024 11:50:54.765243053 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.765518904 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.765546083 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.769119024 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.769192934 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.769639015 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.769793034 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.769810915 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.821402073 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.821412086 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.869081020 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.894346952 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.894644976 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.894679070 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.895178080 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.895725012 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.895819902 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.895903111 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.895936966 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.899817944 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.900633097 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.900710106 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.901820898 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.902956963 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:54.903141975 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:54.946485996 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.401297092 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.401330948 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.401340961 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.401392937 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.401417971 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.401437044 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.401464939 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.401513100 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.402765989 CEST	49735	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.402781963 CEST	443	49735	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.552531004 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.552567959 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.552643061 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.552674055 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.552736044 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.552788973 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.552798986 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.604623079 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.862734079 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.862750053 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.862809896 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.862857103 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.862879038 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863225937 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863284111 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.863292933 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863367081 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863415956 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.863423109 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863456964 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.863466024 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.865231037 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.890523911 CEST	49736	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.890552998 CEST	443	49736	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.964596033 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.964631081 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:55.964737892 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.964828014 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.965039968 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:55.965054989 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.008131981 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.297154903 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.297178984 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.297183037 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.297252893 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.297276020 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.349267960 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.591092110 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.592869997 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.592881918 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.593230963 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.593576908 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.593642950 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.593936920 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.607618093 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.607633114 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.607656002 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.607692003 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.607728958 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.607741117 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608237982 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608247042 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608295918 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.608304977 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608717918 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608726025 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.608776093 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.608784914 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.636153936 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.651458025 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.918019056 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.918030024 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.918056011 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.918088913 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.918128014 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.919209957 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.919219017 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.919285059 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.919296026 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.921474934 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.921484947 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.921529055 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.921538115 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.921999931 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922035933 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922051907 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.922060013 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922081947 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.922339916 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922398090 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.922405005 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922651052 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.922709942 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:56.922719002 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:56.963956118 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.223217010 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.223347902 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.223416090 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.228300095 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228313923 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228420019 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.228477955 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228838921 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228877068 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228900909 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.228923082 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.228950024 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.229393005 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.229453087 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.229468107 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.229964018 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.230027914 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.230041027 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.232206106 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.232270002 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.232292891 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.232660055 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.232718945 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.232733011 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.233056068 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.233117104 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.233129978 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.233437061 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.233514071 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.233526945 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234034061 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234091043 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.234107018 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234375954 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234435081 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.234448910 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234694958 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.234755039 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.234767914 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.235090017 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.235146999 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.235160112 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.256341934 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.258806944 CEST	49738	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.258821011 CEST	443	49738	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.271517992 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.271604061 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.271619081 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.271673918 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.272038937 CEST	49737	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.272068024 CEST	443	49737	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.313667059 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.313754082 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.313849926 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.314421892 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.314460993 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.940756083 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.941407919 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.941453934 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.941905022 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.943209887 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.943336964 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:57.943784952 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:57.984150887 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.579792976 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.579816103 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.579931021 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:58.579982042 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.632566929 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:58.890254974 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890265942 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890360117 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:58.890428066 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890609980 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890681982 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:58.890701056 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890913010 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.890995979 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:58.891011953 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:58.947238922 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.200673103 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.200685978 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.200726032 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.200773954 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.200846910 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201076984 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201086044 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201144934 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201168060 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201194048 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201385021 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201410055 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201442003 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201461077 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201498985 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201648951 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.201715946 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.201731920 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.202088118 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.202164888 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.202179909 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.202359915 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.202438116 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.202454090 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.242450953 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.511123896 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511137962 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511234045 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.511307955 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511507034 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511544943 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511574030 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.511595011 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511631012 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.511822939 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.511888027 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.511904001 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.512271881 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.512346983 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.512362003 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.512742043 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.512806892 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.512825012 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513092995 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513174057 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.513189077 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513566017 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513636112 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.513650894 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513895035 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.513971090 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.513986111 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.514230013 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.514292955 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.514309883 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.514704943 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.514774084 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.514787912 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.515033007 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.515096903 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.515111923 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.554904938 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.555628061 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.555636883 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.555722952 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.555814028 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.555877924 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.555923939 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.555944920 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.555979013 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.556019068 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:50:59.556076050 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.556751966 CEST	49740	443	192.168.2.6	193.43.158.108
Apr 24, 2024 11:50:59.556785107 CEST	443	49740	193.43.158.108	192.168.2.6
Apr 24, 2024 11:51:32.107708931 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:32.107764959 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.107841969 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:32.108330965 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:32.108344078 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.465502024 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.466042042 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:32.466108084 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.466461897 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.467247963 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:32.467320919 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:32.510180950 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:34.804254055 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:51:34.804265976 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:51:42.487854958 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:42.487943888 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:42.488069057 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:42.825927973 CEST	49743	443	192.168.2.6	142.250.101.105
Apr 24, 2024 11:51:42.825977087 CEST	443	49743	142.250.101.105	192.168.2.6
Apr 24, 2024 11:51:49.733428001 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:51:49.733536005 CEST	443	49729	89.187.28.219	192.168.2.6
Apr 24, 2024 11:51:49.733720064 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:51:49.933410883 CEST	49729	443	192.168.2.6	89.187.28.219
Apr 24, 2024 11:51:49.933437109 CEST	443	49729	89.187.28.219	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 11:50:28.132118940 CEST	53	53024	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:28.419879913 CEST	53	50732	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:29.393816948 CEST	53	55784	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:29.866559029 CEST	61522	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:29.866733074 CEST	62094	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:30.071657896 CEST	53	62094	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:30.071738005 CEST	53	61522	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:30.967747927 CEST	49170	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:30.967951059 CEST	54684	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:31.571064949 CEST	53	49170	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:32.058746099 CEST	64653	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:32.059046984 CEST	59508	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:32.105740070 CEST	53	54684	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:32.211992979 CEST	53	64653	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:32.212326050 CEST	53	59508	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:33.832427025 CEST	49234	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:33.833342075 CEST	52594	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:34.051827908 CEST	53	52594	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:34.376188040 CEST	53	49234	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:36.437395096 CEST	52278	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:36.440411091 CEST	58893	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:36.629168987 CEST	53	52278	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:36.629220009 CEST	53	58893	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:46.454082012 CEST	63867	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:46.454540968 CEST	57200	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:47.098196983 CEST	53	52395	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:49.043308973 CEST	53527	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:49.043637991 CEST	62524	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:49.196779966 CEST	53	53527	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:49.197410107 CEST	53	62524	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:49.920994043 CEST	63262	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:49.921170950 CEST	55392	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:50.231071949 CEST	59949	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:50.231230974 CEST	52104	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:50.930502892 CEST	53	52104	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:50.930530071 CEST	53	59949	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:53.895544052 CEST	53782	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:53.895742893 CEST	58371	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:50:54.048907995 CEST	53	58371	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:54.049417019 CEST	53	53782	1.1.1.1	192.168.2.6
Apr 24, 2024 11:50:56.117846966 CEST	53	63800	1.1.1.1	192.168.2.6
Apr 24, 2024 11:51:06.178970098 CEST	53	49458	1.1.1.1	192.168.2.6
Apr 24, 2024 11:51:27.760073900 CEST	53	59632	1.1.1.1	192.168.2.6
Apr 24, 2024 11:51:29.461589098 CEST	53	56842	1.1.1.1	192.168.2.6
Apr 24, 2024 11:51:50.583437920 CEST	65141	53	192.168.2.6	1.1.1.1
Apr 24, 2024 11:51:50.583578110 CEST	59054	53	192.168.2.6	1.1.1.1

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 24, 2024 11:50:32.109488010 CEST	192.168.2.6	1.1.1.1	c243	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 11:50:29.866559029 CEST	192.168.2.6	1.1.1.1	0x66de	Standard query (0)	www.maultalk.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:29.866733074 CEST	192.168.2.6	1.1.1.1	0xf003	Standard query (0)	www.maultalk.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:30.967747927 CEST	192.168.2.6	1.1.1.1	0x6040	Standard query (0)	www.serserijeans.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:30.967951059 CEST	192.168.2.6	1.1.1.1	0xdf45	Standard query (0)	www.serserijeans.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:32.058746099 CEST	192.168.2.6	1.1.1.1	0x5bc4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.059046984 CEST	192.168.2.6	1.1.1.1	0xcfcd	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:33.832427025 CEST	192.168.2.6	1.1.1.1	0x39e3	Standard query (0)	serserijeans.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:33.833342075 CEST	192.168.2.6	1.1.1.1	0xf3e0	Standard query (0)	serserijeans.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:36.437395096 CEST	192.168.2.6	1.1.1.1	0x8942	Standard query (0)	esign.joahelms.design	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:36.440411091 CEST	192.168.2.6	1.1.1.1	0x5314	Standard query (0)	esign.joahelms.design	65	IN (0x0001)	false
Apr 24, 2024 11:50:46.454082012 CEST	192.168.2.6	1.1.1.1	0x712b	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:46.454540968 CEST	192.168.2.6	1.1.1.1	0xc2f	Standard query (0)	login.microsoftonline.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:49.043308973 CEST	192.168.2.6	1.1.1.1	0x26b1	Standard query (0)	esign.joahelms.design	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:49.043637991 CEST	192.168.2.6	1.1.1.1	0x299f	Standard query (0)	esign.joahelms.design	65	IN (0x0001)	false
Apr 24, 2024 11:50:49.920994043 CEST	192.168.2.6	1.1.1.1	0x8181	Standard query (0)	identity.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:49.921170950 CEST	192.168.2.6	1.1.1.1	0xce5c	Standard query (0)	identity.nel.measure.office.net	65	IN (0x0001)	false
Apr 24, 2024 11:50:50.231071949 CEST	192.168.2.6	1.1.1.1	0xaff9	Standard query (0)	fs.viennaairport.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:50.231230974 CEST	192.168.2.6	1.1.1.1	0xc38a	Standard query (0)	fs.viennaairport.com	65	IN (0x0001)	false
Apr 24, 2024 11:50:53.895544052 CEST	192.168.2.6	1.1.1.1	0x5499	Standard query (0)	fs.viennaairport.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:53.895742893 CEST	192.168.2.6	1.1.1.1	0xb284	Standard query (0)	fs.viennaairport.com	65	IN (0x0001)	false
Apr 24, 2024 11:51:50.583437920 CEST	192.168.2.6	1.1.1.1	0x3b0f	Standard query (0)	identity.nel.measure.office.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:51:50.583578110 CEST	192.168.2.6	1.1.1.1	0xe57f	Standard query (0)	identity.nel.measure.office.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 11:50:30.071657896 CEST	1.1.1.1	192.168.2.6	0xf003	No error (0)	www.maultalk.com			65	IN (0x0001)	false
Apr 24, 2024 11:50:30.071738005 CEST	1.1.1.1	192.168.2.6	0x66de	No error (0)	www.maultalk.com		172.67.129.156	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:30.071738005 CEST	1.1.1.1	192.168.2.6	0x66de	No error (0)	www.maultalk.com		104.21.2.200	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:31.571064949 CEST	1.1.1.1	192.168.2.6	0x6040	No error (0)	www.serserijeans.com	serserijeans.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:31.571064949 CEST	1.1.1.1	192.168.2.6	0x6040	No error (0)	serserijeans.com		185.106.211.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.105740070 CEST	1.1.1.1	192.168.2.6	0xdf45	No error (0)	www.serserijeans.com	serserijeans.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.211992979 CEST	1.1.1.1	192.168.2.6	0x5bc4	No error (0)	www.google.com		142.250.101.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:32.212326050 CEST	1.1.1.1	192.168.2.6	0xcfcd	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 11:50:34.376188040 CEST	1.1.1.1	192.168.2.6	0x39e3	No error (0)	serserijeans.com		185.106.211.102	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:36.629168987 CEST	1.1.1.1	192.168.2.6	0x8942	No error (0)	esign.joahelms.design		89.187.28.219	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:44.234687090 CEST	1.1.1.1	192.168.2.6	0x76bc	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:44.234687090 CEST	1.1.1.1	192.168.2.6	0x76bc	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:44.999640942 CEST	1.1.1.1	192.168.2.6	0x5f3c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:44.999640942 CEST	1.1.1.1	192.168.2.6	0x5f3c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:46.607812881 CEST	1.1.1.1	192.168.2.6	0x712b	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:46.608079910 CEST	1.1.1.1	192.168.2.6	0xc2f	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:47.852190971 CEST	1.1.1.1	192.168.2.6	0x180	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:47.852190971 CEST	1.1.1.1	192.168.2.6	0x180	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:47.852190971 CEST	1.1.1.1	192.168.2.6	0x180	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:49.196779966 CEST	1.1.1.1	192.168.2.6	0x26b1	No error (0)	esign.joahelms.design		89.187.28.219	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:50.074335098 CEST	1.1.1.1	192.168.2.6	0x8181	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:50.074755907 CEST	1.1.1.1	192.168.2.6	0xce5c	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:50.930530071 CEST	1.1.1.1	192.168.2.6	0xaff9	No error (0)	fs.viennaairport.com		193.43.158.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:54.049417019 CEST	1.1.1.1	192.168.2.6	0x5499	No error (0)	fs.viennaairport.com		193.43.158.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:50:59.263768911 CEST	1.1.1.1	192.168.2.6	0x1977	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:50:59.263768911 CEST	1.1.1.1	192.168.2.6	0x1977	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:51:22.055785894 CEST	1.1.1.1	192.168.2.6	0xc6a3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:51:22.055785894 CEST	1.1.1.1	192.168.2.6	0xc6a3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 24, 2024 11:51:50.737572908 CEST	1.1.1.1	192.168.2.6	0xe57f	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 11:51:50.743993998 CEST	1.1.1.1	192.168.2.6	0x3b0f	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

www.maultalk.com

www.serserijeans.com

fs.microsoft.com

serserijeans.com

esign.joahelms.design

https:

aadcdn.msauth.net

fs.viennaairport.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49704	172.67.129.156	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:30 UTC	768	OUT	GET /url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1 Host: www.maultalk.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:30 UTC	677	IN	HTTP/1.1 302 Found Date: Wed, 24 Apr 2024 09:50:30 GMT Content-Type: text/html; charset=cp1251 Content-Length: 0 Connection: close Location: https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQ1m%2FF1hOiv6xZxnsqZgPrWp9nyaqV13vQ%2FEzYHCxnKXUFxBDOLYKSsNVtS0S91IRBlt2M4RrQMnw5lPgIo0IkdW2aD8pqu9w58L2IUVMNnSKX%2FPSHlJcQLasd17o8KKzdju"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87953081cee02b52-LAX alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49708	185.106.211.102	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:32 UTC	732	OUT	GET /gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1 Host: www.serserijeans.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:33 UTC	620	IN	HTTP/1.1 301 Moved Permanently Connection: close x-powered-by: PHP/7.4.33 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 x-redirect-by: WordPress location: https://serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 content-length: 3 date: Wed, 24 Apr 2024 09:40:57 GMT server: LiteSpeed vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 09:50:33 UTC	3	IN	Data Raw: ef bb bf Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49710	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:34 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 09:50:34 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=249151 Date: Wed, 24 Apr 2024 09:50:34 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49711	23.3.84.131	443

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 09:50:34 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=249138 Date: Wed, 24 Apr 2024 09:50:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 09:50:34 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49712	185.106.211.102	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:35 UTC	728	OUT	GET /gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2 HTTP/1.1 Host: serserijeans.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:36 UTC	783	IN	HTTP/1.1 302 Found Connection: close x-powered-by: PHP/7.4.33 expires: Wed, 11 Jan 1984 05:00:00 GMT cache-control: no-cache, no-store, must-revalidate, max-age=0 content-type: text/html; charset=UTF-8 link: <https://serserijeans.com/wp-json/>; rel="https://api.w.org/" location: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t#/common/authorize?document=0.71510277768369-0ff1-0.88917616609911&auth=10.66378078081821-0.23214203409485 content-length: 3 date: Wed, 24 Apr 2024 09:41:00 GMT server: LiteSpeed vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-24 09:50:36 UTC	3	IN	Data Raw: ef bb bf Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49713	89.187.28.219	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:37 UTC	744	OUT	GET /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1 Host: esign.joahelms.design Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:39 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 09:50:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-04-24 09:50:39 UTC	14340	IN	Data Raw: 33 37 66 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 79 28 71 2c 4f 29 7b 76 61 72 20 43 3d 61 30 54 28 29 3b 72 65 74 75 72 6e 20 61 30 79 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 54 29 7b 46 3d 46 2d 30 78 31 61 36 3b 76 61 72 20 79 3d 43 5b 46 5d 3b 72 65 74 75 72 6e 20 79 3b 7d 2c 61 30 79 28 71 2c 4f 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 61 30 54 28 29 7b 76 61 72 20 72 41 3d 5b 27 63 6c 61 73 73 4c 69 73 74 27 2c 27 27 2c 27 27 2c 27 77 68 69 74 65 53 70 61 63 65 27 2c 27 5a 70 54 4b 43 27 2c 27 68 61 73 4f 77 6e 50 72 6f 70 65 Data Ascii: 37fc<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0y(q,O){var C=a0T();return a0y=function(F,T){F=F-0x1a6;var y=C[F];return y;},a0y(q,O);}function a0T(){var rA=['classList','','','whiteSpace','ZpTKC','hasOwnPrope
2024-04-24 09:50:39 UTC	16384	IN	Data Raw: 33 66 66 39 0d 0a 27 2c 27 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 27 2c 27 61 5b 68 72 65 66 5e 3d 5c 78 32 32 2f 75 72 6c 2f 5c 78 32 32 5d 27 2c 27 6d 61 78 27 2c 27 69 62 6f 7a 6e 27 2c 27 32 30 38 30 36 30 38 61 68 58 73 56 7a 27 2c 27 62 69 6e 64 27 2c 27 2e 77 69 64 67 65 74 61 64 76 27 2c 27 27 2c 27 73 65 6e 74 27 2c 27 5c 78 30 61 60 60 60 27 2c 27 6d 61 54 48 69 27 2c 27 5b 6f 62 6a 65 63 74 5c 78 32 30 7a 5d 27 2c 27 77 65 62 6b 69 74 52 65 71 75 65 73 74 46 75 6c 6c 73 63 72 65 65 6e 27 2c 27 4a 55 45 74 62 27 2c 27 55 49 53 4d 64 27 2c 27 28 6d 61 78 2d 6d 6f 6e 6f 63 68 72 6f 6d 65 3a 5c 78 32 30 27 2c 27 72 65 64 75 63 65 27 2c 27 41 72 67 75 6d 65 6e 74 73 27 2c 27 70 61 72 73 65 27 2c 27 46 50 66 46 69 27 2c 27 74 65 78 74 43 6f 6e 74 Data Ascii: 3ff9','defineProperty','a[href^=\x22/url/\x22]','max','ibozn','2080608ahXsVz','bind','.widgetadv','','sent','\x0a```','maTHi','[object\x20z]','webkitRequestFullscreen','JUEtb','UISMd','(max-monochrome:\x20','reduce','Arguments','parse','FPfFi','textCont
2024-04-24 09:50:40 UTC	16384	IN	Data Raw: 0a 34 30 30 30 0d 0a 46 6f 72 6d 45 6c 65 6d 65 6e 74 27 3a 30 78 30 2c 27 48 54 4d 4c 53 65 6c 65 63 74 45 6c 65 6d 65 6e 74 27 3a 30 78 30 2c 27 4d 65 64 69 61 4c 69 73 74 27 3a 30 78 30 2c 27 4d 69 6d 65 54 79 70 65 41 72 72 61 79 27 3a 30 78 30 2c 27 4e 61 6d 65 64 4e 6f 64 65 4d 61 70 27 3a 30 78 30 2c 27 4e 6f 64 65 4c 69 73 74 27 3a 30 78 31 2c 27 50 61 69 6e 74 52 65 71 75 65 73 74 4c 69 73 74 27 3a 30 78 30 2c 27 50 6c 75 67 69 6e 27 3a 30 78 30 2c 27 50 6c 75 67 69 6e 41 72 72 61 79 27 3a 30 78 30 2c 27 53 56 47 4c 65 6e 67 74 68 4c 69 73 74 27 3a 30 78 30 2c 27 53 56 47 4e 75 6d 62 65 72 4c 69 73 74 27 3a 30 78 30 2c 27 53 56 47 50 61 74 68 53 65 67 4c 69 73 74 27 3a 30 78 30 2c 27 53 56 47 50 6f 69 6e 74 4c 69 73 74 27 3a 30 78 30 2c 27 53 56 Data Ascii: 4000FormElement':0x0,'HTMLSelectElement':0x0,'MediaList':0x0,'MimeTypeArray':0x0,'NamedNodeMap':0x0,'NodeList':0x1,'PaintRequestList':0x0,'Plugin':0x0,'PluginArray':0x0,'SVGLengthList':0x0,'SVGNumberList':0x0,'SVGPathSegList':0x0,'SVGPointList':0x0,'SV
2024-04-24 09:50:40 UTC	9	IN	Data Raw: 33 66 66 29 2c 71 43 0d 0a Data Ascii: 3ff),qC
2024-04-24 09:50:40 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 29 3b 7d 69 66 28 79 52 28 30 78 32 31 31 29 3d 3d 74 79 70 65 6f 66 20 58 26 26 58 26 26 5a 28 51 2c 58 29 29 72 65 74 75 72 6e 20 58 3b 7d 72 65 74 75 72 6e 20 6e 65 77 20 7a 28 21 30 78 31 29 3b 7d 7d 3b 7d 2c 30 78 31 61 34 31 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 79 65 3d 61 30 79 3b 69 66 28 79 65 28 30 78 33 37 36 29 21 3d 3d 79 65 28 30 78 33 37 36 29 29 74 72 79 7b 72 65 74 75 72 6e 20 54 5b 79 5d 3b 7d 63 61 74 63 68 28 78 29 7b 7d 65 6c 73 65 7b 76 61 72 20 62 3d 4a 28 30 78 37 30 66 29 2c 68 3d 4a 28 30 78 38 66 35 29 2c 75 3d 4a 28 30 78 61 30 34 29 3b 4c 5b 79 65 28 30 78 33 33 62 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 78 2c 6b 2c 57 29 7b 76 61 72 20 79 70 3d 79 65 2c 70 2c 42 3b 68 28 78 29 3b 74 72 Data Ascii: 4000);}if(yR(0x211)==typeof X&&X&&Z(Q,X))return X;}return new z(!0x1);}};},0x1a41:function(L,G,J){var ye=a0y;if(ye(0x376)!==ye(0x376))try{return T[y];}catch(x){}else{var b=J(0x70f),h=J(0x8f5),u=J(0xa04);L[ye(0x33b)]=function(x,k,W){var yp=ye,p,B;h(x);tr
2024-04-24 09:50:40 UTC	8	IN	Data Raw: 72 28 71 37 3d 30 0d 0a Data Ascii: r(q7=0
2024-04-24 09:50:40 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 78 31 3b 71 37 3c 61 72 67 75 6d 65 6e 74 73 5b 73 6d 28 30 78 34 64 39 29 5d 2d 30 78 32 3b 71 37 2b 2b 29 76 6f 69 64 20 30 78 30 3d 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 71 37 5d 26 26 28 71 36 5b 71 37 5d 3d 76 6f 69 64 20 30 78 30 29 3b 7d 29 2c 71 36 26 26 71 54 29 7b 66 6f 72 28 71 36 5b 73 64 28 30 78 33 31 33 29 5d 3d 71 38 3d 7a 28 6e 75 6c 6c 29 2c 71 37 3d 30 78 30 3b 71 37 3c 71 54 5b 73 64 28 30 78 34 64 39 29 5d 3b 71 37 2b 2b 29 71 38 5b 28 71 39 3d 71 54 5b 71 37 5d 29 5b 30 78 30 5d 5d 3d 71 36 5b 71 39 5b 30 78 31 5d 5d 3b 7d 72 65 74 75 72 6e 20 71 36 3b 7d 29 2c 47 5b 27 65 78 70 6f 72 74 73 27 5d 3d 44 3b 7d 2c 30 78 31 39 66 64 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 6f 29 7b 76 61 72 20 73 77 3d 61 30 79 3b 69 66 Data Ascii: 4000x1;q7<arguments[sm(0x4d9)]-0x2;q7++)void 0x0===arguments[q7]&&(q6[q7]=void 0x0);}),q6&&qT){for(q6[sd(0x313)]=q8=z(null),q7=0x0;q7<qT[sd(0x4d9)];q7++)q8[(q9=qT[q7])[0x0]]=q6[q9[0x1]];}return q6;}),G['exports']=D;},0x19fd:function(L,G,o){var sw=a0y;if
2024-04-24 09:50:40 UTC	14644	IN	Data Raw: 77 7c 7c 76 6f 69 0d 0a 33 39 32 34 0d 0a 64 20 30 78 30 3d 3d 3d 4e 29 29 72 65 74 75 72 6e 20 4d 28 45 2c 48 2c 55 29 3b 66 6f 72 28 50 3d 6e 65 77 28 76 6f 69 64 20 30 78 30 3d 3d 3d 4e 3f 77 3a 4e 29 28 41 28 55 2d 48 2c 30 78 30 29 29 2c 44 3d 30 78 30 3b 48 3c 55 3b 48 2b 2b 2c 44 2b 2b 29 48 20 69 6e 20 45 26 26 6a 28 50 2c 44 2c 45 5b 48 5d 29 3b 72 65 74 75 72 6e 20 50 5b 47 36 28 30 78 34 64 39 29 5d 3d 44 2c 50 3b 7d 7d 29 3b 7d 2c 30 78 32 36 33 35 3a 66 75 6e 63 74 69 6f 6e 28 4c 2c 47 2c 4a 29 7b 76 61 72 20 47 37 3d 61 30 79 2c 62 3d 4a 28 30 78 32 31 61 34 29 2c 68 3d 4a 28 30 78 32 31 31 39 29 2c 75 3d 4a 28 30 78 39 32 62 29 2c 52 3d 4a 28 30 78 39 33 33 29 3b 62 28 7b 27 74 61 72 67 65 74 27 3a 47 37 28 30 78 32 66 66 29 2c 27 70 72 6f Data Ascii: w\|\|voi3924d 0x0===N))return M(E,H,U);for(P=new(void 0x0===N?w:N)(A(U-H,0x0)),D=0x0;H<U;H++,D++)H in E&&j(P,D,E[H]);return P[G6(0x4d9)]=D,P;}});},0x2635:function(L,G,J){var G7=a0y,b=J(0x21a4),h=J(0x2119),u=J(0x92b),R=J(0x933);b({'target':G7(0x2ff),'pro
2024-04-24 09:50:40 UTC	16384	IN	Data Raw: 33 66 66 61 0d 0a 30 78 34 64 39 29 5d 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 41 28 71 4f 2c 71 36 29 3f 5b 71 36 5d 3a 5b 5d 3b 66 6f 72 28 76 61 72 20 71 46 3d 30 78 30 2c 71 54 3d 30 78 30 2c 71 79 3d 5b 5d 3b 71 54 3c 71 36 5b 6f 36 28 30 78 34 64 39 29 5d 3b 29 7b 69 66 28 27 6e 47 49 67 54 27 21 3d 3d 6f 36 28 30 78 32 37 38 29 29 7b 66 6f 72 28 76 61 72 20 71 4a 3d 30 78 30 2c 71 62 3d 71 5b 27 6c 65 6e 67 74 68 27 5d 3b 71 4a 3c 71 62 3b 2b 2b 71 4a 29 69 66 28 54 5b 71 4a 5d 3d 3d 3d 50 29 72 65 74 75 72 6e 21 30 78 30 3b 72 65 74 75 72 6e 21 30 78 31 3b 7d 65 6c 73 65 7b 71 4f 5b 6f 36 28 30 78 34 62 39 29 5d 3d 50 3f 30 78 30 3a 71 54 3b 76 61 72 20 71 73 2c 71 4c 3d 41 28 71 4f 2c 50 3f 4b 28 71 36 2c 71 54 29 3a 71 36 29 3b 69 66 28 6e Data Ascii: 3ffa0x4d9)])return null===A(qO,q6)?[q6]:[];for(var qF=0x0,qT=0x0,qy=[];qT<q6[o6(0x4d9)];){if('nGIgT'!==o6(0x278)){for(var qJ=0x0,qb=q['length'];qJ<qb;++qJ)if(T[qJ]===P)return!0x0;return!0x1;}else{qO[o6(0x4b9)]=P?0x0:qT;var qs,qL=A(qO,P?K(q6,qT):q6);if(n
2024-04-24 09:50:40 UTC	16384	IN	Data Raw: 0d 0a 34 30 30 30 0d 0a 30 5d 3d 30 78 30 2c 43 78 5b 30 78 31 5d 3d 30 78 30 2c 43 6b 5b 30 78 30 5d 3d 30 78 30 2c 43 6b 5b 30 78 31 5d 3d 30 78 30 3b 76 61 72 20 43 57 3d 5b 30 78 30 2c 30 78 30 5d 3b 73 77 69 74 63 68 28 43 72 29 7b 63 61 73 65 20 30 78 66 3a 43 57 5b 30 78 31 5d 3d 43 6f 5b 43 4a 2b 30 78 65 5d 2c 71 6f 28 43 57 2c 30 78 33 30 29 2c 71 4a 28 43 6b 2c 43 57 29 3b 63 61 73 65 20 30 78 65 3a 43 57 5b 30 78 31 5d 3d 43 6f 5b 43 4a 2b 30 78 64 5d 2c 71 6f 28 43 57 2c 30 78 32 38 29 2c 71 4a 28 43 6b 2c 43 57 29 3b 63 61 73 65 20 30 78 64 3a 43 57 5b 30 78 31 5d 3d 43 6f 5b 43 4a 2b 30 78 63 5d 2c 71 6f 28 43 57 2c 30 78 32 30 29 2c 71 4a 28 43 6b 2c 43 57 29 3b 63 61 73 65 20 30 78 63 3a 43 57 5b 30 78 31 5d 3d 43 6f 5b 43 4a 2b 30 78 62 Data Ascii: 40000]=0x0,Cx[0x1]=0x0,Ck[0x0]=0x0,Ck[0x1]=0x0;var CW=[0x0,0x0];switch(Cr){case 0xf:CW[0x1]=Co[CJ+0xe],qo(CW,0x30),qJ(Ck,CW);case 0xe:CW[0x1]=Co[CJ+0xd],qo(CW,0x28),qJ(Ck,CW);case 0xd:CW[0x1]=Co[CJ+0xc],qo(CW,0x20),qJ(Ck,CW);case 0xc:CW[0x1]=Co[CJ+0xb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49714	89.187.28.219	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:42 UTC	989	OUT	POST /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1 Host: esign.joahelms.design Connection: keep-alive Content-Length: 5537 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://esign.joahelms.design Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:42 UTC	5537	OUT	Data Raw: 71 63 65 38 7a 6a 62 30 7a 37 3d 25 35 42 25 35 42 25 32 32 37 61 36 64 33 39 33 39 36 39 37 36 32 35 33 37 34 33 37 30 37 30 34 36 37 25 32 32 25 32 43 25 32 32 30 32 35 33 33 34 35 32 35 33 33 34 35 36 39 33 34 32 35 33 33 34 31 36 66 25 32 32 25 32 43 25 32 32 32 35 33 37 34 36 33 38 34 31 32 35 33 33 34 32 37 34 34 31 32 35 33 33 34 25 32 32 25 32 43 25 32 32 33 36 62 32 35 33 33 34 35 33 34 33 37 33 34 33 35 33 39 33 32 33 38 33 33 25 32 32 25 32 43 25 32 32 33 34 33 32 33 38 33 33 33 34 33 37 33 37 33 31 33 35 25 32 32 25 35 44 25 32 43 25 32 32 34 37 34 35 39 32 38 33 34 32 25 32 32 25 32 43 25 32 32 39 31 36 35 37 30 34 25 32 32 25 32 43 37 25 35 44 26 61 6e 31 34 66 62 39 76 6b 62 3d 25 35 42 25 35 42 25 32 32 37 32 32 35 33 33 34 34 32 35 33 37 Data Ascii: qce8zjb0z7=%5B%5B%227a6d393969762537437070467%22%2C%22025334525334569342533416f%22%2C%222537463841253342744125334%22%2C%2236b2533453437343539323833%22%2C%22343238333437373135%22%5D%2C%224745928342%22%2C%229165704%22%2C7%5D&an14fb9vkb=%5B%5B%22722533442537
2024-04-24 09:50:44 UTC	471	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 24 Apr 2024 09:50:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t set-cookie: JGFoT5="OTg4OGM1ZDUtNTY3OC00ODU2LWI2OTAtNzIzZDczNTVmOWY1OjUyYTQ3M2M3LTZkMWUtNGJkNi05ODVhLTQ0ZTJmNjhmZDE0NQ=="; Domain=joahelms.design; HttpOnly; Path=/; SameSite=None; Secure
2024-04-24 09:50:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49715	89.187.28.219	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:44 UTC	997	OUT	GET /?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t HTTP/1.1 Host: esign.joahelms.design Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://esign.joahelms.design/?organisation=viennaairport.com&dse=Zy5oYW1tZXJzY2htaWR0QHZpZW5uYWFpcnBvcnQuY29t Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JGFoT5="OTg4OGM1ZDUtNTY3OC00ODU2LWI2OTAtNzIzZDczNTVmOWY1OjUyYTQ3M2M3LTZkMWUtNGJkNi05ODVhLTQ0ZTJmNjhmZDE0NQ=="
2024-04-24 09:50:46 UTC	313	IN	HTTP/1.1 302 Found Server: nginx Date: Wed, 24 Apr 2024 09:50:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close referrer-policy: no-referrer location: https://login.microsoftonline.com/?organisation=viennaairport.com&username=g.hammerschmidt%40viennaairport.com
2024-04-24 09:50:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49725	13.107.213.69	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:48 UTC	633	OUT	GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:48 UTC	791	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 09:50:48 GMT Content-Type: application/x-javascript Content-Length: 49632 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 26 Mar 2024 18:07:05 GMT ETag: 0x8DC4DBF8B990C6B x-ms-request-id: f21077f9-d01e-0027-21fd-91a5a3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T095048Z-168bb8d798br6ffjy1urgskzmg000000088000000000117p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 09:50:48 UTC	15593	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e4 bd eb 5b e3 38 d2 38 fa fd fd 2b 82 77 0f 13 4f 4c c8 05 68 70 70 e7 97 06 ba 9b 19 20 0c 81 e9 99 05 96 c7 89 15 70 77 b0 b3 b6 c3 65 20 e7 6f 3f 75 91 6c d9 71 e8 9e 7d cf 73 be 9c b9 04 5b 2a c9 52 a9 aa 54 55 2a 49 eb 3f af fc 4f e5 e7 ca da 8f ff 53 19 9c f7 ce ce 2b fd 8f 95 f3 cf 87 67 fb 95 53 78 fb b3 72 d2 3f 3f dc 3b f8 f1 7a f0 a3 f8 ff f9 9d 1f 57 c6 fe 44 54 e0 ef d0 8d 85 57 09 83 4a 18 55 fc 60 14 46 d3 30 72 13 11 57 ee e1 37 f2 dd 49 65 1c 85 f7 95 e4 4e 54 a6 51 f8 55 8c 92 b8 32 f1 e3 04 0a 0d c5 24 7c ac 54 a1 ba c8 ab 9c ba 51 f2 5c 39 3c 35 eb 50 bf 80 da fc 5b 3f 80 d2 a3 70 fa 0c cf 77 49 25 08 13 7f 24 2a 6e e0 51 6d 13 78 09 62 51 99 05 9e 88 2a 8f 77 fe e8 ae 72 ec 8f a2 30 0e c7 49 25 12 23 e1 Data Ascii: [88+wOLhpp pwe o?ulq}s[RTUI?OS+gSxr??;zWDTWJU`F0rW7IeNTQU2$\|TQ\9<5P[?pwI%$nQmxbQwr0I%#
2024-04-24 09:50:48 UTC	16384	IN	Data Raw: 67 aa e2 65 f5 9d a0 4e c7 2f 5d 04 77 80 5e 40 f9 c1 13 9e 67 01 b0 7d 30 45 bf 32 2d e7 8e d4 14 97 06 1d e8 63 5c 57 4b 8e 64 14 1d bc 32 11 50 05 56 47 38 e6 d3 ca e8 2c 7b ed ec b2 f4 5b 15 79 84 6b 25 52 5f b2 2b 46 0d cf 3d 8c 85 d2 50 b4 8f 98 2f f2 a4 a8 b9 69 35 e8 72 02 40 5c e9 8d 73 0b c7 bf 69 17 8a 45 5a 8d a1 e5 e3 dd 08 e9 3d 72 55 d3 ac a3 e8 a4 8c 65 8d 08 f1 fc 7e 13 af f3 31 cd 37 70 bb 69 5a 74 f6 49 03 8f 15 c7 d3 c0 2c 97 31 9e 9d 25 99 a2 0d 4f 16 c7 83 51 66 8e 8f e7 b4 90 86 4f 07 20 f3 81 fb 7c 28 bc 35 a2 8b e8 eb 63 66 0e 36 ca 51 41 b9 47 b7 25 e6 f8 9c 06 f2 84 0e 99 b1 f8 8c a8 ec 83 9e 76 1c 67 fe 76 bb 89 3a cd 6b 72 29 ae e5 31 8b 13 cb 8d 6e e9 7c ac 18 fa a9 ee 39 3c 0a 5d b9 74 0c a2 7e 84 37 0f 32 f6 9d c5 83 a3 10 Data Ascii: geN/]w^@g}0E2-c\WKd2PVG8,{[yk%R_+F=P/i5r@\siEZ=rUe~17piZtI,1%OQfO \|(5cf6QAG%vgv:kr)1n\|9<]t~72
2024-04-24 09:50:48 UTC	16384	IN	Data Raw: bc f5 47 2b a9 c4 5e 81 a5 ae 45 36 4e 76 6d 11 53 b1 a3 55 23 dd 42 e2 1b ac 4b a9 8e 07 0c 6e ab 98 b7 cc 38 3a f1 5b 07 51 fd a0 2f 55 68 5d c6 7a d6 6b 16 2c 47 3a d3 a6 ce 95 39 69 e8 96 da 4f 03 4e 42 db 60 15 1b 66 45 59 20 1d bf 69 a0 6f fd 6b 95 16 c9 84 23 1d f4 85 6b 5f 79 ee b1 29 d6 9a 96 a4 47 2f c0 39 9f 7f 8f e1 54 ec 28 93 bb 73 22 31 36 d6 0d 92 85 85 fc 07 89 eb bc 2f 89 ae a8 2f f8 83 e9 0a 7c fe e0 c9 cb 67 8a 70 21 4f 14 08 1e 28 3c 48 63 d5 b4 6c 76 cd 24 99 d6 21 76 28 a1 76 41 47 26 4b 62 d7 f5 b6 00 61 32 b0 f4 dd 7c ab 3b 59 3f e0 f7 8c 8f a6 55 11 89 2d 90 a4 11 aa 9e cf 05 76 78 98 76 92 1a d4 0d e1 76 a0 63 3a 7d a6 fe 3a a3 aa 45 9c 80 4d 88 4c 35 ed d3 c7 7d 11 b1 8c 7c 61 01 3f 8e 56 59 4f ef 0c 5d c3 e7 14 99 71 f5 1b cf Data Ascii: G+^E6NvmSU#BKn8:[Q/Uh]zk,G:9iONB`fEY iok#k_y)G/9T(s"16//\|gp!O(<Hclv$!v(vAG&Kba2\|;Y?U-vxvvc:}:EML5}\|a?VYO]q
2024-04-24 09:50:48 UTC	1271	IN	Data Raw: f2 c5 95 32 0f ac 16 0c f7 e9 05 a9 ed 10 12 2b 87 10 71 c9 25 6e 4c d0 b4 d8 26 e3 b3 13 af d7 74 bb 7d 57 d3 95 83 db 5b 37 ea 39 ca bb f7 00 bc c7 7d 71 70 80 36 07 87 17 11 46 47 79 ad 8b 01 fd 00 09 4b 55 8e 3a 38 8f 1e 84 6f dc b5 0c 51 d0 bb ee cc 84 05 26 25 92 1e 94 cd 46 8d dc 13 3a 77 0e ea ae 3c 71 25 c3 84 72 72 e7 c4 a4 e1 cd 68 9e 16 65 c5 b1 5d e3 6c ec 81 f7 8c 45 1d 0f a2 72 ff be b3 5c 66 d3 6c 99 e4 8b b3 8b 74 76 96 9c 5d 4c 2f a6 1f 2f cf 17 d4 96 7c 99 7e 4c 1d 76 b6 c7 4b 70 03 a2 1f c8 6f 23 8e 6b 12 b1 97 79 ed ef b0 ef 8e 02 df b7 67 c5 79 95 1b c7 9c 86 93 8e 72 77 64 cf 6d b8 1a 8e 1c a5 d9 35 ce 2c b6 af 91 eb 98 05 3b 82 33 5d d2 9e 83 f7 65 3d 01 03 53 96 f3 aa 0d 52 2c d2 a4 11 45 7c 6a ad bc 7f d3 51 9c 8a 2f 26 6e b3 15 Data Ascii: 2+q%nL&t}W[79}qp6FGyKU:8oQ&%F:w<q%rrhe]lEr\fltv]L//\|~LvKpo#kygyrwdm5,;3]e=SR,E\|jQ/&n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49732	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:51 UTC	1314	OUT	GET /adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:52 UTC	586	IN	HTTP/1.1 200 OK Cache-Control: no-cache,no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; X-Frame-Options: DENY Date: Wed, 24 Apr 2024 09:50:52 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:52 UTC	7606	IN	Data Raw: 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f Data Ascii: <!DOCTYPE html><html lang="en-US"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=1"/> <meta http-equiv="content-type" co
2024-04-24 09:50:52 UTC	7696	IN	Data Raw: 61 72 61 6d 20 3d 20 63 75 72 72 65 6e 74 52 65 71 75 65 73 74 49 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 71 75 65 73 74 49 64 50 61 72 61 6d 20 3d 20 53 53 4f 55 74 69 6c 2e 63 72 65 61 74 65 47 75 69 64 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 75 72 69 20 3d 20 75 72 69 20 2b 20 27 26 72 69 64 3d 27 20 2b 20 72 65 71 75 65 73 74 49 64 50 61 72 61 6d 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 75 6c 6c 53 74 61 72 74 54 69 6d 65 20 3d 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 6d 73 4c 61 75 6e 63 68 55 72 69 54 69 6d 65 6f 75 74 49 64 3b 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 Data Ascii: aram = currentRequestId; } else { requestIdParam = SSOUtil.createGuid(); } uri = uri + '&rid=' + requestIdParam; var pullStartTime = new Date().getTime(); var msLaunchUriTimeoutId;
2024-04-24 09:50:52 UTC	8192	IN	Data Raw: 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 23 66 6c 6f 61 74 69 6e 67 43 69 72 63 6c 65 73 47 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 Data Ascii: <style> #floatingCirclesG { position: relative; width: 125px; height: 125px; margin: auto; transform: scale(0.4); -o-transform: scale(0.4); -ms-transform:
2024-04-24 09:50:52 UTC	1956	IN	Data Raw: 69 65 6e 74 2d 72 65 71 75 65 73 74 2d 69 64 3d 65 34 36 36 31 39 30 34 2d 63 38 66 31 2d 34 34 30 64 2d 39 38 65 31 2d 37 31 37 65 35 62 62 37 36 35 37 65 26 75 73 65 72 6e 61 6d 65 3d 67 2e 68 61 6d 6d 65 72 73 63 68 6d 69 64 74 25 34 30 76 69 65 6e 6e 61 61 69 72 70 6f 72 74 2e 63 6f 6d 26 77 61 3d 77 73 69 67 6e 69 6e 31 2e 30 26 77 74 72 65 61 6c 6d 3d 75 72 6e 25 33 61 66 65 64 65 72 61 74 69 6f 6e 25 33 61 4d 69 63 72 6f 73 6f 66 74 4f 6e 6c 69 6e 65 26 77 63 74 78 3d 65 73 74 73 72 65 64 69 72 65 63 74 25 33 64 32 25 32 36 65 73 74 73 72 65 71 75 65 73 74 25 33 64 72 51 51 49 41 52 41 41 34 32 4b 77 30 73 6b 6f 4b 53 6b 6f 74 74 4c 58 4c 38 67 76 4b 6b 6e 4d 30 63 76 4e 54 43 37 4b 4c 38 35 50 4b 38 6e 50 79 38 6e 4d 53 39 56 4c 7a 73 5f 56 79 79 Data Ascii: ient-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy
2024-04-24 09:50:52 UTC	8192	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 0d 0a 2f 2f 3c 21 5b 43 44 41 54 41 5b 0d 0a 2f 2f 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0d 0a 0d 0a 2f 2f 20 54 68 69 73 20 66 69 6c 65 20 63 6f 6e 74 61 69 6e 73 20 73 65 76 65 72 61 6c 20 77 6f 72 6b 61 72 6f 75 6e 64 73 20 6f 6e 20 69 6e 63 6f 6e 73 69 73 74 65 6e 74 20 62 72 6f 77 73 65 72 20 62 65 68 61 76 69 6f 72 73 20 74 68 61 74 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 73 20 6d 61 79 20 63 75 73 74 6f 6d 69 7a 65 2e 0d 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 0d 0a 0d 0a 2f 2f 20 69 50 68 6f 6e 65 20 65 6d 61 69 6c Data Ascii: <script type='text/javascript'>//<![CDATA[// Copyright (c) Microsoft Corporation. All rights reserved.// This file contains several workarounds on inconsistent browser behaviors that administrators may customize."use strict";// iPhone email
2024-04-24 09:50:52 UTC	3260	IN	Data Raw: 75 73 65 72 4e 61 6d 65 2e 76 61 6c 75 65 2e 6d 61 74 63 68 28 27 5b 40 5d 27 29 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 61 74 63 68 72 65 73 75 6c 74 20 3d 20 75 73 65 72 4e 61 6d 65 2e 76 61 6c 75 65 2e 6d 61 74 63 68 28 27 5b 40 5d 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 66 69 72 73 74 61 74 20 3d 20 6d 61 74 63 68 72 65 73 75 6c 74 5b 30 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 70 6c 69 74 72 65 73 75 6c 74 20 3d 20 75 73 65 72 4e 61 6d 65 2e 76 61 6c 75 65 2e 73 70 6c 69 74 28 66 69 72 73 74 61 74 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 72 4e 61 6d 65 56 61 6c 75 65 20 3d 20 27 76 69 65 2d 69 2e 6c 6f 63 61 6c 5c 5c 27 20 2b 20 73 70 6c 69 74 72 65 73 75 6c 74 5b Data Ascii: userName.value.match('[@]')) { var matchresult = userName.value.match('[@]'); var firstat = matchresult[0]; var splitresult = userName.value.split(firstat); userNameValue = 'vie-i.local\\' + splitresult[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49733	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:53 UTC	1252	OUT	GET /adfs/portal/css/style.css?id=36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:53 UTC	594	IN	HTTP/1.1 200 OK Content-Type: text/css Expires: Fri, 24 May 2024 09:50:53 GMT ETag: 36478A6D134BE3AAFBB086EE217D3815A49AC0E7AA0A3FD8DA2403A595467E17 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; Date: Wed, 24 Apr 2024 09:50:53 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:53 UTC	7598	IN	Data Raw: ef bb bf 2a 20 7b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 53 65 67 6f 65 20 55 49 20 57 65 62 66 6f 6e 74 22 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 22 4c 75 63 69 64 61 20 Data Ascii: * { margin: 0px; padding: 0px;}html, body { height: 100%; width: 100%; background-color: #ffffff; color: #000000; font-weight: normal; font-family: "Segoe UI Webfont",-apple-system,"Helvetica Neue","Lucida
2024-04-24 09:50:54 UTC	8192	IN	Data Raw: 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 43 6f 6d 6d 6f 6e 20 63 6f 6e 74 65 6e 74 20 73 74 79 6c 65 73 20 2a 2f 0d 0a 0d 0a 2e 63 6c 65 61 72 20 7b 0d 0a 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0d 0a 7d 0d Data Ascii: ght: normal; height: 28px; line-height: 28px; margin-left: 0px; margin-right: 0px; text-align: left; text-size-adjust: 100%; text-decoration: underline;}/* Common content styles */.clear { clear: both;}
2024-04-24 09:50:54 UTC	62	IN	Data Raw: 67 62 28 30 2c 20 31 30 33 2c 20 31 38 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: gb(0, 103, 184); border-right-style: solid;
2024-04-24 09:50:54 UTC	8192	IN	Data Raw: 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 20 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 30 2c 20 31 30 33 2c 20 31 38 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 20 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 72 67 62 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 29 3b 0d 0a 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 72 65 63 74 69 6f 6e 3a 20 6c 74 72 3b Data Ascii: border-right-width: 1px; border-top-color: rgb(0, 103, 184); border-top-style: solid; border-top-width: 1px; box-sizing: border-box; color: rgb(255, 255, 255); cursor: pointer; direction: ltr;
2024-04-24 09:50:54 UTC	7049	IN	Data Raw: 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 38 29 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 20 31 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 2d 63 6f 6c 6f 72 3a 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 38 29 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 20 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 Data Ascii: border-bottom-color: rgba(0, 0, 0, 0.8); border-bottom-style: solid; border-bottom-width: 1px; border-left-color: rgba(0, 0, 0, 0.8); border-left-style: solid; border-left-width: 0px; border-righ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49734	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:53 UTC	1298	OUT	GET /adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:53 UTC	617	IN	HTTP/1.1 200 OK Content-Length: 5935 Content-Type: image/png Expires: Fri, 24 May 2024 09:50:53 GMT ETag: D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; Date: Wed, 24 Apr 2024 09:50:53 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:53 UTC	5935	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 7f 00 00 00 7d 08 06 00 00 00 4a fb 63 d8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 16 e1 49 44 41 54 78 9c ed 9d 4d 72 db 48 d2 86 5f 7f 31 0b ec a4 39 81 6b 4e 60 f5 1e 11 8d 3e 81 d5 27 30 bd 47 44 ab 4f 60 fa 04 a3 8e e0 7e a8 13 8c 7c 82 06 23 b8 1f e9 06 e0 0d cc 1d 77 fe 16 28 c8 60 a1 8a 28 a0 12 3f 04 de 27 42 61 03 04 b2 0a 24 90 95 c8 cc ca 7a f7 e3 c7 0f 10 42 08 59 16 ff 37 76 07 08 21 84 0c 0f 95 3f 21 84 2c 10 2a 7f 42 08 59 20 54 fe 84 10 b2 40 a8 fc 09 21 64 81 50 f9 13 42 c8 02 a1 f2 27 84 90 05 42 e5 4f 08 21 0b 84 ca 9f 10 42 16 c8 3f c6 ee 00 39 27 4a e3 3b 00 b7 00 f2 d3 66 9f 8f dc 1d 42 c8 4c 79 c7 f2 0e e3 11 a5 b1 02 70 0f 20 01 70 07 e0 bd e5 b0 Data Ascii: PNGIHDR}JcpHYs~IDATxMrH_19kN`>'0GDO`~\|#w(`(?'Ba$zBY7v!?!,*BY T@!dPB'BO!B?9'J;fBLyp p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49735	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:54 UTC	437	OUT	GET /adfs/portal/logo/logo.png?id=D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:55 UTC	617	IN	HTTP/1.1 200 OK Content-Length: 5935 Content-Type: image/png Expires: Fri, 24 May 2024 09:50:55 GMT ETag: D116A9A391AA333DE42BBDB7F41A6EE30B0FEB4A9E4F4B333B5655A8428A5362 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; Date: Wed, 24 Apr 2024 09:50:55 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:55 UTC	5935	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 7f 00 00 00 7d 08 06 00 00 00 4a fb 63 d8 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 16 e1 49 44 41 54 78 9c ed 9d 4d 72 db 48 d2 86 5f 7f 31 0b ec a4 39 81 6b 4e 60 f5 1e 11 8d 3e 81 d5 27 30 bd 47 44 ab 4f 60 fa 04 a3 8e e0 7e a8 13 8c 7c 82 06 23 b8 1f e9 06 e0 0d cc 1d 77 fe 16 28 c8 60 a1 8a 28 a0 12 3f 04 de 27 42 61 03 04 b2 0a 24 90 95 c8 cc ca 7a f7 e3 c7 0f 10 42 08 59 16 ff 37 76 07 08 21 84 0c 0f 95 3f 21 84 2c 10 2a 7f 42 08 59 20 54 fe 84 10 b2 40 a8 fc 09 21 64 81 50 f9 13 42 c8 02 a1 f2 27 84 90 05 42 e5 4f 08 21 0b 84 ca 9f 10 42 16 c8 3f c6 ee 00 39 27 4a e3 3b 00 b7 00 f2 d3 66 9f 8f dc 1d 42 c8 4c 79 c7 f2 0e e3 11 a5 b1 02 70 0f 20 01 70 07 e0 bd e5 b0 Data Ascii: PNGIHDR}JcpHYs~IDATxMrH_19kN`>'0GDO`~\|#w(`(?'Ba$zBY7v!?!,*BY T@!dPB'BO!B?9'J;fBLyp p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49736	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:54 UTC	1943	OUT	GET /adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:55 UTC	586	IN	HTTP/1.1 200 OK Cache-Control: no-cache,no-store Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; X-Frame-Options: DENY Date: Wed, 24 Apr 2024 09:50:55 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:55 UTC	7606	IN	Data Raw: 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f Data Ascii: <!DOCTYPE html><html lang="en-US"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=1"/> <meta http-equiv="content-type" co
2024-04-24 09:50:55 UTC	4405	IN	Data Raw: 65 72 73 63 68 6d 69 64 74 25 34 30 76 69 65 6e 6e 61 61 69 72 70 6f 72 74 2e 63 6f 6d 26 77 61 3d 77 73 69 67 6e 69 6e 31 2e 30 26 77 74 72 65 61 6c 6d 3d 75 72 6e 25 33 61 66 65 64 65 72 61 74 69 6f 6e 25 33 61 4d 69 63 72 6f 73 6f 66 74 4f 6e 6c 69 6e 65 26 77 63 74 78 3d 65 73 74 73 72 65 64 69 72 65 63 74 25 33 64 32 25 32 36 65 73 74 73 72 65 71 75 65 73 74 25 33 64 72 51 51 49 41 52 41 41 34 32 4b 77 30 73 6b 6f 4b 53 6b 6f 74 74 4c 58 4c 38 67 76 4b 6b 6e 4d 30 63 76 4e 54 43 37 4b 4c 38 35 50 4b 38 6e 50 79 38 6e 4d 53 39 56 4c 7a 73 5f 56 79 79 39 4b 7a 30 77 42 73 59 71 45 75 41 52 59 4a 4e 4f 65 66 44 7a 42 36 7a 4c 6a 59 57 46 64 39 50 62 55 75 6c 57 4d 79 6f 53 4e 30 4c 5f 41 79 50 69 43 6b 58 45 53 6b 32 4b 36 58 6b 5a 69 62 6d 35 71 55 58 Data Ascii: erschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUX
2024-04-24 09:50:55 UTC	8192	IN	Data Raw: 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 23 66 6c 6f 61 74 69 6e 67 43 69 72 63 6c 65 73 47 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 34 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 Data Ascii: <style> #floatingCirclesG { position: relative; width: 125px; height: 125px; margin: auto; transform: scale(0.4); -o-transform: scale(0.4); -ms-transform:
2024-04-24 09:50:55 UTC	8192	IN	Data Raw: 64 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 22 5c 22 20 6b 65 79 2c 20 75 73 65 20 72 65 67 75 6c 61 72 20 6b 65 79 62 6f 61 72 64 20 69 6e 73 74 65 61 64 2e 0d 0a 2f 2f 20 4e 6f 74 65 20 63 68 61 6e 67 65 20 69 6e 70 75 74 20 74 79 70 65 20 64 6f 65 73 20 6e 6f 74 20 77 6f 72 6b 20 6f 6e 20 61 6c 6c 20 76 65 72 73 69 6f 6e 73 20 6f 66 20 61 6c 6c 20 62 72 6f 77 73 65 72 73 2e 0d 0a 69 66 20 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 6d 61 74 63 68 28 2f 69 50 68 6f 6e 65 2f 69 29 20 21 3d 20 6e 75 6c 6c 29 20 7b 0d 0a 20 20 20 20 76 61 72 20 65 6d 61 69 6c 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 69 6e 70 75 74 5b 74 79 70 65 3d 27 65 6d 61 69 6c 27 5d 22 29 3b 0d 0a 20 Data Ascii: d does not include "\" key, use regular keyboard instead.// Note change input type does not work on all versions of all browsers.if (navigator.userAgent.match(/iPhone/i) != null) { var emails = document.querySelectorAll("input[type='email']");
2024-04-24 09:50:55 UTC	2988	IN	Data Raw: 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 27 75 70 64 61 74 65 50 61 73 73 77 6f 72 64 46 6f 72 6d 27 5d 2e 55 73 65 72 4e 61 6d 65 2e 76 61 6c 75 65 20 3d 20 75 73 65 72 4e 61 6d 65 56 61 6c 75 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 21 6f 6c 64 50 61 73 73 77 6f 72 64 2e 76 61 6c 75 65 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 2e 73 65 74 45 72 72 6f 72 28 6f 6c 64 50 61 73 73 77 6f 72 64 2c 20 65 2e 6f 6c 64 50 61 73 73 77 6f 72 64 45 6d 70 74 79 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 6f 6c 64 50 61 73 73 77 6f 72 64 2e 76 61 6c 75 65 2e 6c 65 6e 67 74 68 20 3e 20 6d 61 78 50 Data Ascii: document.forms['updatePasswordForm'].UserName.value = userNameValue; } if (!oldPassword.value) { u.setError(oldPassword, e.oldPasswordEmpty); return false; } if (oldPassword.value.length > maxP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49737	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:55 UTC	1327	OUT	GET /adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:56 UTC	620	IN	HTTP/1.1 200 OK Content-Length: 189015 Content-Type: image/jpeg Expires: Fri, 24 May 2024 09:50:56 GMT ETag: 118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; Date: Wed, 24 Apr 2024 09:50:55 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:56 UTC	7572	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff ed 00 2c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 03 ed 00 00 00 00 00 10 00 48 00 00 00 01 00 01 00 48 00 00 00 01 00 01 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 Data Ascii: JFIFHH,Photoshop 3.08BIMHHXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkp
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: fe d4 c0 95 8a a5 68 69 5f c0 f7 ed 8a 1c b3 84 f0 5f 7a ee 7d b0 d2 38 80 44 35 c8 24 0a 0a 7e af a7 e8 c8 d3 2b 44 ab 28 e9 5a 81 b7 6f bf e8 c0 97 43 37 02 37 ae f5 3f 4f df 89 0a 0a 3d 6e 39 0f 8a b5 fe 1f 3c 85 32 b5 f5 67 db a8 03 7f 0a 62 95 e0 82 49 1b f1 ff 00 3d b1 42 a1 02 40 69 bd 3a 6d 81 92 f5 8f 80 1b 78 93 b7 f9 8f d7 82 d5 75 43 a8 a0 a5 3b 7f 9f 4c 79 2b 41 99 be 9f f3 fe 18 50 d2 86 55 04 52 bf c3 c7 15 53 90 07 1b 8e 9f 7e 21 4a d8 68 a6 80 57 fa 61 28 0d 98 d8 ef d6 9f 71 c6 d3 4e 08 63 23 6a 53 be 3c d5 6c 89 e9 f6 23 71 53 86 d8 91 4a a2 a4 50 77 ef b6 04 b8 23 52 a2 bb d3 a7 b6 36 b4 a6 4f a3 5a d7 c3 0f 34 72 44 a8 0f 4a f4 ed 5f f3 df 23 c9 92 de 55 ab 1e bf 80 c5 6d 50 37 23 41 f8 e3 4b 6d 32 55 76 1f 33 f2 c5 69 6a d5 76 07 6f Data Ascii: hi__z}8D5$~+D(ZoC77?O=n9<2gbI=B@i:mxuC;Ly+APURS~!JhWa(qNc#jS<l#qSJPw#R6OZ4rDJ_#UmP7#AKm2Uv3ijvo
2024-04-24 09:50:56 UTC	94	IN	Data Raw: 55 04 d5 79 00 1a a4 ee b5 23 d9 49 e2 7a ef d4 8c 87 11 e2 1b 8e a9 a1 c2 76 3f c3 fa 7c 91 51 e9 56 f3 c6 1a 66 91 7f bb 71 bf 84 95 ea 07 4f 82 a7 b5 0d 30 64 ca 79 0a ee fc 7c d1 86 14 41 37 f8 bf d4 85 8a 35 98 13 1b fd 91 5f 8a 83 6f 98 24 0f a6 99 7c a7 c3 cd a6 31 be 45 a4 Data Ascii: Uy#Izv?\|QVfqO0dy\|A75_o$\|1E
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: 6a ef fd 32 6c 55 8a 86 15 fa 70 32 6c c6 2b ed ef 8d a9 55 0c 69 d7 a7 e1 81 95 aa 86 a7 7f f3 ed 81 36 be 9c 7e 12 06 fe 1d 71 42 e2 0e c4 6f 4e d8 a1 51 47 26 de a3 03 24 47 1a 0a 50 e4 59 29 b3 02 47 6c 2c 6d be 6e a7 73 8a da fe 7c 8e 34 95 ea d5 06 95 c1 49 0e 28 54 8e fe f8 a1 61 1c 8d 4f 4d f0 a3 9b b8 91 8a 57 a1 af da 3d 30 15 73 8e 20 ee 77 fb ba ff 00 9e f8 aa e0 fc 7b 62 aa 9c d5 9b e1 df 05 2d af 54 a5 37 27 e5 81 92 de 22 95 ea 6b db 0a 29 50 a9 71 5d b0 72 4a f6 35 3b 8a 90 7d b0 04 da ee 04 01 e3 f8 63 6a a0 cb 4f 9e 49 89 43 49 16 ff 00 67 f0 c9 02 c0 a1 d9 4f 5c 92 14 c2 9e b8 a0 38 9c 2a a8 bf 76 04 b4 17 15 6b 8d 31 56 80 a5 71 43 86 d8 54 2e a7 cf 02 57 05 dc 62 b4 be 98 12 d9 5c 0b 4d 11 be 15 75 36 c5 5c 05 71 42 ea 0c 52 d1 14 c5 Data Ascii: j2lUp2l+Ui6~qBoNQG&$GPY)Gl,mns\|4I(TaOMW=0s w{b-T7'"k)Pq]rJ5;}cjOICIgO\8*vk1VqCT.Wb\Mu6\qBR
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: 5a e3 8a b7 c7 15 71 5c 56 9b a6 d8 a5 d4 ae f8 a1 70 a5 71 4a e0 bb 57 05 a5 b2 31 55 c0 57 02 5a a5 71 42 e0 a4 9d b1 57 05 18 a5 70 5d fa 60 57 04 27 ae 15 a5 e1 32 36 95 dc 0e 29 6f 89 ef 81 5b 45 ae 25 43 5c 41 c5 5a e0 7b e1 b4 37 c0 9c 55 75 2b 81 2b 82 e0 4b 65 2b 8d ab 82 54 6f 8a af f4 f9 0f a7 b6 0b 4d 2d 64 c3 68 a7 15 04 e2 95 c6 94 c0 aa 7d 0e 15 68 d3 02 ad 03 0a ba 95 eb 8a bb 8e 2a da 8a e0 50 bb 86 04 b7 c4 e2 a1 b0 b4 3b e2 96 c9 a0 db 14 2d 20 61 42 d0 29 8a 57 85 f6 c0 96 8e 28 68 ef d7 15 77 12 c7 1b 4b 45 38 9d f1 b4 10 b2 9b 61 50 dd 30 25 be 3f ab 02 b8 8c 2a d0 18 15 dc 46 29 77 1c 09 77 0d b1 5a 75 31 56 c2 1c 28 5c 22 23 c7 05 a6 9b 31 ef 8a 69 dc 06 0b 5a 7c 5a 07 e1 9b d7 56 d9 d8 62 a5 70 db 0b 15 40 2b 81 57 85 c5 57 d0 d3 Data Ascii: Zq\VpqJW1UWZqBWp]`W'26)o[E%C\AZ{7Uu++Ke+ToM-dh}hP;- aB)W(hwKE8aP0%?F)wwZu1V(\"#1iZ\|ZVbp@+WW
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: ab 74 07 e7 8a 14 8a 1e df af 0a 29 a1 0b 75 24 ed 8d ad 34 f1 0a 76 c4 14 10 a2 22 27 be 4a d8 d2 a0 8f 8f 6c 16 ca 9d e9 91 d7 15 a5 e9 01 24 d3 05 a4 45 b3 6c 69 b1 c6 d7 85 56 3b 60 76 c0 4b 21 15 61 67 dc 8f bf 05 b2 11 6f d3 20 f4 38 da d2 b2 40 3a 91 82 d9 00 a8 b0 a7 2d fc 30 5a d2 a0 68 e3 04 53 02 5d cb 8f 41 8a bb d6 20 74 df 0d 2d b6 24 60 37 1e f8 29 6d 61 1c b7 38 aa e0 84 1c 56 91 51 2d 0f 4c 05 90 47 2a 9a 6d d7 20 cd 69 66 14 df 0a 1d f5 9f 4d 6b 5c 69 6d 41 af 50 1e ff 00 46 1e 14 71 28 3d f0 1b 0a fb e1 e1 47 12 c3 a9 30 df 6c 78 51 c6 81 96 f1 e4 c9 00 c4 c9 08 cc cd 4a e4 98 95 22 e3 0b 1b 5a 69 81 2b 09 18 58 ad 3b e2 ab 42 9c 36 c6 9b 18 12 d6 2a e2 71 4b 7d 31 43 45 6b 8a 56 9a e1 41 71 c5 5d da b8 15 d4 c5 5c 57 14 d3 5c 6b b6 2b Data Ascii: t)u$4v"'Jl$EliV;`vK!ago 8@:-0ZhS]A t-$`7)ma8VQ-LGm ifMk\imAPFq(=G0lxQJ"Zi+X;B6qK}1CEkVAq]\W\k+
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: d9 05 a7 fc e5 6d 9d dc a8 17 4f 62 54 f2 3f bd ed ff 00 03 ef 80 eb 22 7a 30 1d 8d 28 ff 00 10 ee e5 fb 59 60 ff 00 9c a3 d3 1e 26 0f a7 ca 2a 08 1c 64 53 db e4 30 fe 6a 3e 6d 3f c9 33 ef 8f da c8 6c bf e7 2f 7c 9c 15 56 58 6e 10 80 01 d9 0e fd fb 8c ac 65 8f 7b 6c fb 3b 2d d8 00 fc 7f 63 31 d0 ff 00 e7 2c 7f 2f 95 19 66 b8 9a 32 58 b0 ac 40 d4 1e fb 36 46 52 12 3c c2 fe 4f 20 15 c3 f7 33 bd 1b fe 72 67 f2 e2 6b a2 df a4 f8 a9 8c 0a b4 32 ec 6b d0 d1 4e 57 21 c5 dd f3 51 8a 70 bb 89 e8 f4 5b 5f cf 2f 20 5e 4b 09 4d 6e d7 fb c1 b3 16 5e c7 af 25 19 49 81 fc 53 64 41 1b d1 f9 17 a4 db fe 60 79 5f 50 8c fa 1a ad 9b 93 e1 71 17 7f 6e 55 ca 25 13 dc 5b 71 cb 71 ef 7a 64 54 96 3a c6 dc 85 29 55 dc 7d e3 2b 12 6e 35 ba 7f e6 85 ff 00 70 b6 7f 24 ff 00 88 64 74 Data Ascii: mObT?"z0(Y`&*dS0j>m?3l/\|VXne{l;-c1,/f2X@6FR<O 3rgk2kNW!Qp[_/ ^KMn^%ISdA`y_PqnU%[qqzdT:)U}+n5p$dt
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: 8a b5 81 2d 62 ad 11 8a b8 8c 55 a2 31 55 b4 c5 0d 52 b8 55 aa 60 4b ba 62 ab 71 42 da 61 57 53 02 1f 1f 00 2b e3 9b 97 4e bc 2d 4e 29 a5 61 5e d8 12 b8 12 09 c5 08 95 94 0e bd f2 29 b5 55 9b a7 61 d3 1a 5b 44 87 2c 7e 1d c7 f9 f8 e0 55 65 70 4f 2d c7 f9 f8 e2 94 4a c6 0f 52 45 7b d4 01 fa f2 2c 83 46 0a ef f7 ff 00 9f be 1b 45 37 c0 28 f0 dc ed b6 28 57 8a 36 a1 de a7 6a 57 ad 30 12 ca 91 6b 6c d4 2c 37 1d 32 36 ca 95 41 75 6a 76 c0 a8 98 c3 f7 ec 2b 80 b2 08 c8 c3 0d ce c7 20 52 11 9e 88 3b 57 7f 0e ff 00 4e 42 d9 d3 85 b0 34 a5 0e fe f5 3f 46 1e 24 70 b6 c8 63 22 84 d4 ff 00 9f e1 88 2a 42 b0 a8 3f 10 23 6f bf f8 60 54 72 ce 57 a7 f9 ef e3 90 21 b0 14 c6 27 53 56 e9 fa f2 14 d8 0a 2a 29 e9 de a4 ed b6 46 93 69 84 77 a0 d7 c3 b9 f7 c8 f0 b3 12 45 c7 74 Data Ascii: -bU1URU`KbqBaWS+N-N)a^)Ua[D,~UepO-JRE{,FE7((W6jW0kl,726Aujv+ R;WNB4?F$pc"B?#o`TrW!'SV)FiwEt
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: ad 2b d3 1e 14 78 85 0f a3 f9 2a c6 e1 9a 50 8d 4e 0a c6 8d 40 09 34 ad 30 70 a4 e4 a6 47 07 90 74 e7 02 bc 89 ad 77 0a 7e 8e 98 7c 36 3e 32 1a ef f2 d7 4e 20 b7 00 77 e8 41 e9 fe c4 8c 22 0c 4e 67 cd d3 79 79 9e cb eb 31 b0 50 cf 27 15 ab 1a 01 23 0d c9 3b f4 c4 c5 cc 13 17 4c eb f2 67 4a 6d 4b 58 8a de 65 a8 64 94 83 c8 d6 a9 2c 78 39 31 cb b8 3f 0f d2 fa cb 58 fc 9a b7 9e e2 15 b4 9e 4b 76 e3 23 d4 51 c6 dc 45 08 6f f5 b2 1c 6e 30 78 ae ab 6f 79 65 a8 1d 3a 45 0d 24 6e 50 14 fd a3 e2 3a 76 cb c7 7b 55 21 06 87 a8 5d fa 8a b1 f1 28 c5 1b 91 0b 43 de b5 c9 55 ad 81 cd fa 69 e5 8f 2b 5e ea be 53 d3 2f 34 f8 42 db 18 23 40 5e a1 41 40 11 94 50 12 58 30 22 8a 37 39 8f 2c e2 26 ba b6 8d 39 9d 93 b0 3c 98 46 9d f9 5f e5 e9 f5 db 3d 47 55 86 43 35 dc 77 12 3d Data Ascii: +x*PN@40pGtw~\|6>2N wA"Ngyy1P'#;LgJmKXed,x91?XKv#QEon0xoye:E$nP:v{U!](CUi+^S/4B#@^A@PX0"79,&9<F_=GUC5w=
2024-04-24 09:50:56 UTC	8192	IN	Data Raw: 6d b1 55 41 be 04 ae e5 85 5c dd 29 8a 0b c8 2e 85 1c 8f 73 99 21 d7 c9 8b ce c4 d7 2c 0c 0a 5b 21 c2 84 11 a6 f8 a5 2f 9d 30 d2 a5 52 8a dc 20 ff 00 24 9f c4 63 4b 68 b0 b4 38 29 51 b1 a1 a6 05 4d 21 43 8d 2d a6 90 c7 5c 8a 53 68 96 98 19 26 28 0d 32 2c 91 b1 e0 4a 36 2c 8b 20 99 45 be 45 90 4e e0 8a b9 51 6d 01 37 b6 8b 2b 25 b0 04 e2 08 69 95 96 c0 13 58 63 ca cb 68 4d 22 8f 20 cd 31 8a 3c 81 4a 61 0c 63 22 59 84 ce 18 f2 b2 cc 27 76 d0 8c ac 96 61 3e 82 3a 65 65 98 4c d1 68 32 0c de 17 e6 46 2b aa 5c 0e dc f3 79 87 e9 0e b7 27 32 94 87 ae 5a c1 55 58 9c 09 5f 4f 0c 55 0c e8 41 c2 85 26 4a e1 b4 3b d3 c6 d5 77 0c 16 95 a6 32 30 da b5 c3 1b 57 71 ae 28 5a 13 1b 56 bd 3a d7 0d ad 34 23 c6 d6 97 85 c0 ad d2 98 a5 d8 ab 54 c5 0d 8a e2 ab 81 c0 95 c0 9c 55 Data Ascii: mUA\).s!,[!/0R $cKh8)QM!C-\Sh&(2,J6, EENQm7+%iXchM" 1<Jac"Y'va>:eeLh2F+\y'2ZUX_OUA&J;w20Wq(ZV:4#TU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49738	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:56 UTC	1229	OUT	GET /favicon.ico HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fs.viennaairport.com/adfs/ls/?login_hint=g.hammerschmidt%40viennaairport.com&client-request-id=e4661904-c8f1-440d-98e1-717e5bb7657e&username=g.hammerschmidt%40viennaairport.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuARYJNOefDzB6zLjYWFd9PbUulWMyoSN0L_AyPiCkXESk2K6XkZibm5qUXFyRm5mSolDWWZqXl5iYmYRSDNI6S0mQf-idM-U8GK31JTUosSSzPy8R8yE9V1gEXjFwmPAbMXBwSXAIMGgwPCDhXERK9DFQt_0z6ZbrfbqKP_Q-fiNCMMpVn1PV98I_bzE4mxfx4giE9PS4KCo5Aojv_Jy_wxDp6ycYssk7cSgZJ_ULM9IWwMrwwlsQhPYmE6xMXxgY-xgZ5jFznCAk_EAL8MPviv9nesPdMx857FBgAEA0&pullStatus=0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:57 UTC	231	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Wed, 24 Apr 2024 09:50:57 GMT Connection: close X-FRAME-OPTIONS: SAMEORIGIN Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:57 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49740	193.43.158.108	443	6268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-24 09:50:57 UTC	453	OUT	GET /adfs/portal/illustration/illustration.jpg?id=118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 HTTP/1.1 Host: fs.viennaairport.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 09:50:58 UTC	620	IN	HTTP/1.1 200 OK Content-Length: 189015 Content-Type: image/jpeg Expires: Fri, 24 May 2024 09:50:58 GMT ETag: 118FB0D9D56244BD5AFE03D3F85A97AA9AF77AACF57B15DC95B46DC287C2C180 Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' vie-i.local *.vie-i.local; Date: Wed, 24 Apr 2024 09:50:58 GMT X-FRAME-OPTIONS: SAMEORIGIN Connection: close Strict-Transport-Security: max-age=31536000
2024-04-24 09:50:58 UTC	7572	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff ed 00 2c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 03 ed 00 00 00 00 00 10 00 48 00 00 00 01 00 01 00 48 00 00 00 01 00 01 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 Data Ascii: JFIFHH,Photoshop 3.08BIMHHXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkp
2024-04-24 09:50:58 UTC	8192	IN	Data Raw: fe d4 c0 95 8a a5 68 69 5f c0 f7 ed 8a 1c b3 84 f0 5f 7a ee 7d b0 d2 38 80 44 35 c8 24 0a 0a 7e af a7 e8 c8 d3 2b 44 ab 28 e9 5a 81 b7 6f bf e8 c0 97 43 37 02 37 ae f5 3f 4f df 89 0a 0a 3d 6e 39 0f 8a b5 fe 1f 3c 85 32 b5 f5 67 db a8 03 7f 0a 62 95 e0 82 49 1b f1 ff 00 3d b1 42 a1 02 40 69 bd 3a 6d 81 92 f5 8f 80 1b 78 93 b7 f9 8f d7 82 d5 75 43 a8 a0 a5 3b 7f 9f 4c 79 2b 41 99 be 9f f3 fe 18 50 d2 86 55 04 52 bf c3 c7 15 53 90 07 1b 8e 9f 7e 21 4a d8 68 a6 80 57 fa 61 28 0d 98 d8 ef d6 9f 71 c6 d3 4e 08 63 23 6a 53 be 3c d5 6c 89 e9 f6 23 71 53 86 d8 91 4a a2 a4 50 77 ef b6 04 b8 23 52 a2 bb d3 a7 b6 36 b4 a6 4f a3 5a d7 c3 0f 34 72 44 a8 0f 4a f4 ed 5f f3 df 23 c9 92 de 55 ab 1e bf 80 c5 6d 50 37 23 41 f8 e3 4b 6d 32 55 76 1f 33 f2 c5 69 6a d5 76 07 6f Data Ascii: hi__z}8D5$~+D(ZoC77?O=n9<2gbI=B@i:mxuC;Ly+APURS~!JhWa(qNc#jS<l#qSJPw#R6OZ4rDJ_#UmP7#AKm2Uv3ijvo
2024-04-24 09:50:58 UTC	94	IN	Data Raw: 55 04 d5 79 00 1a a4 ee b5 23 d9 49 e2 7a ef d4 8c 87 11 e2 1b 8e a9 a1 c2 76 3f c3 fa 7c 91 51 e9 56 f3 c6 1a 66 91 7f bb 71 bf 84 95 ea 07 4f 82 a7 b5 0d 30 64 ca 79 0a ee fc 7c d1 86 14 41 37 f8 bf d4 85 8a 35 98 13 1b fd 91 5f 8a 83 6f 98 24 0f a6 99 7c a7 c3 cd a6 31 be 45 a4 Data Ascii: Uy#Izv?\|QVfqO0dy\|A75_o$\|1E
2024-04-24 09:50:58 UTC	8192	IN	Data Raw: 6a ef fd 32 6c 55 8a 86 15 fa 70 32 6c c6 2b ed ef 8d a9 55 0c 69 d7 a7 e1 81 95 aa 86 a7 7f f3 ed 81 36 be 9c 7e 12 06 fe 1d 71 42 e2 0e c4 6f 4e d8 a1 51 47 26 de a3 03 24 47 1a 0a 50 e4 59 29 b3 02 47 6c 2c 6d be 6e a7 73 8a da fe 7c 8e 34 95 ea d5 06 95 c1 49 0e 28 54 8e fe f8 a1 61 1c 8d 4f 4d f0 a3 9b b8 91 8a 57 a1 af da 3d 30 15 73 8e 20 ee 77 fb ba ff 00 9e f8 aa e0 fc 7b 62 aa 9c d5 9b e1 df 05 2d af 54 a5 37 27 e5 81 92 de 22 95 ea 6b db 0a 29 50 a9 71 5d b0 72 4a f6 35 3b 8a 90 7d b0 04 da ee 04 01 e3 f8 63 6a a0 cb 4f 9e 49 89 43 49 16 ff 00 67 f0 c9 02 c0 a1 d9 4f 5c 92 14 c2 9e b8 a0 38 9c 2a a8 bf 76 04 b4 17 15 6b 8d 31 56 80 a5 71 43 86 d8 54 2e a7 cf 02 57 05 dc 62 b4 be 98 12 d9 5c 0b 4d 11 be 15 75 36 c5 5c 05 71 42 ea 0c 52 d1 14 c5 Data Ascii: j2lUp2l+Ui6~qBoNQG&$GPY)Gl,mns\|4I(TaOMW=0s w{b-T7'"k)Pq]rJ5;}cjOICIgO\8*vk1VqCT.Wb\Mu6\qBR
2024-04-24 09:50:58 UTC	8192	IN	Data Raw: 5a e3 8a b7 c7 15 71 5c 56 9b a6 d8 a5 d4 ae f8 a1 70 a5 71 4a e0 bb 57 05 a5 b2 31 55 c0 57 02 5a a5 71 42 e0 a4 9d b1 57 05 18 a5 70 5d fa 60 57 04 27 ae 15 a5 e1 32 36 95 dc 0e 29 6f 89 ef 81 5b 45 ae 25 43 5c 41 c5 5a e0 7b e1 b4 37 c0 9c 55 75 2b 81 2b 82 e0 4b 65 2b 8d ab 82 54 6f 8a af f4 f9 0f a7 b6 0b 4d 2d 64 c3 68 a7 15 04 e2 95 c6 94 c0 aa 7d 0e 15 68 d3 02 ad 03 0a ba 95 eb 8a bb 8e 2a da 8a e0 50 bb 86 04 b7 c4 e2 a1 b0 b4 3b e2 96 c9 a0 db 14 2d 20 61 42 d0 29 8a 57 85 f6 c0 96 8e 28 68 ef d7 15 77 12 c7 1b 4b 45 38 9d f1 b4 10 b2 9b 61 50 dd 30 25 be 3f ab 02 b8 8c 2a d0 18 15 dc 46 29 77 1c 09 77 0d b1 5a 75 31 56 c2 1c 28 5c 22 23 c7 05 a6 9b 31 ef 8a 69 dc 06 0b 5a 7c 5a 07 e1 9b d7 56 d9 d8 62 a5 70 db 0b 15 40 2b 81 57 85 c5 57 d0 d3 Data Ascii: Zq\VpqJW1UWZqBWp]`W'26)o[E%C\AZ{7Uu++Ke+ToM-dh}hP;- aB)W(hwKE8aP0%?F)wwZu1V(\"#1iZ\|ZVbp@+WW
2024-04-24 09:50:59 UTC	8192	IN	Data Raw: ab 74 07 e7 8a 14 8a 1e df af 0a 29 a1 0b 75 24 ed 8d ad 34 f1 0a 76 c4 14 10 a2 22 27 be 4a d8 d2 a0 8f 8f 6c 16 ca 9d e9 91 d7 15 a5 e9 01 24 d3 05 a4 45 b3 6c 69 b1 c6 d7 85 56 3b 60 76 c0 4b 21 15 61 67 dc 8f bf 05 b2 11 6f d3 20 f4 38 da d2 b2 40 3a 91 82 d9 00 a8 b0 a7 2d fc 30 5a d2 a0 68 e3 04 53 02 5d cb 8f 41 8a bb d6 20 74 df 0d 2d b6 24 60 37 1e f8 29 6d 61 1c b7 38 aa e0 84 1c 56 91 51 2d 0f 4c 05 90 47 2a 9a 6d d7 20 cd 69 66 14 df 0a 1d f5 9f 4d 6b 5c 69 6d 41 af 50 1e ff 00 46 1e 14 71 28 3d f0 1b 0a fb e1 e1 47 12 c3 a9 30 df 6c 78 51 c6 81 96 f1 e4 c9 00 c4 c9 08 cc cd 4a e4 98 95 22 e3 0b 1b 5a 69 81 2b 09 18 58 ad 3b e2 ab 42 9c 36 c6 9b 18 12 d6 2a e2 71 4b 7d 31 43 45 6b 8a 56 9a e1 41 71 c5 5d da b8 15 d4 c5 5c 57 14 d3 5c 6b b6 2b Data Ascii: t)u$4v"'Jl$EliV;`vK!ago 8@:-0ZhS]A t-$`7)ma8VQ-LGm ifMk\imAPFq(=G0lxQJ"Zi+X;B6qK}1CEkVAq]\W\k+
2024-04-24 09:50:59 UTC	8192	IN	Data Raw: d9 05 a7 fc e5 6d 9d dc a8 17 4f 62 54 f2 3f bd ed ff 00 03 ef 80 eb 22 7a 30 1d 8d 28 ff 00 10 ee e5 fb 59 60 ff 00 9c a3 d3 1e 26 0f a7 ca 2a 08 1c 64 53 db e4 30 fe 6a 3e 6d 3f c9 33 ef 8f da c8 6c bf e7 2f 7c 9c 15 56 58 6e 10 80 01 d9 0e fd fb 8c ac 65 8f 7b 6c fb 3b 2d d8 00 fc 7f 63 31 d0 ff 00 e7 2c 7f 2f 95 19 66 b8 9a 32 58 b0 ac 40 d4 1e fb 36 46 52 12 3c c2 fe 4f 20 15 c3 f7 33 bd 1b fe 72 67 f2 e2 6b a2 df a4 f8 a9 8c 0a b4 32 ec 6b d0 d1 4e 57 21 c5 dd f3 51 8a 70 bb 89 e8 f4 5b 5f cf 2f 20 5e 4b 09 4d 6e d7 fb c1 b3 16 5e c7 af 25 19 49 81 fc 53 64 41 1b d1 f9 17 a4 db fe 60 79 5f 50 8c fa 1a ad 9b 93 e1 71 17 7f 6e 55 ca 25 13 dc 5b 71 cb 71 ef 7a 64 54 96 3a c6 dc 85 29 55 dc 7d e3 2b 12 6e 35 ba 7f e6 85 ff 00 70 b6 7f 24 ff 00 88 64 74 Data Ascii: mObT?"z0(Y`&*dS0j>m?3l/\|VXne{l;-c1,/f2X@6FR<O 3rgk2kNW!Qp[_/ ^KMn^%ISdA`y_PqnU%[qqzdT:)U}+n5p$dt
2024-04-24 09:50:59 UTC	8192	IN	Data Raw: 8a b5 81 2d 62 ad 11 8a b8 8c 55 a2 31 55 b4 c5 0d 52 b8 55 aa 60 4b ba 62 ab 71 42 da 61 57 53 02 1f 1f 00 2b e3 9b 97 4e bc 2d 4e 29 a5 61 5e d8 12 b8 12 09 c5 08 95 94 0e bd f2 29 b5 55 9b a7 61 d3 1a 5b 44 87 2c 7e 1d c7 f9 f8 e0 55 65 70 4f 2d c7 f9 f8 e2 94 4a c6 0f 52 45 7b d4 01 fa f2 2c 83 46 0a ef f7 ff 00 9f be 1b 45 37 c0 28 f0 dc ed b6 28 57 8a 36 a1 de a7 6a 57 ad 30 12 ca 91 6b 6c d4 2c 37 1d 32 36 ca 95 41 75 6a 76 c0 a8 98 c3 f7 ec 2b 80 b2 08 c8 c3 0d ce c7 20 52 11 9e 88 3b 57 7f 0e ff 00 4e 42 d9 d3 85 b0 34 a5 0e fe f5 3f 46 1e 24 70 b6 c8 63 22 84 d4 ff 00 9f e1 88 2a 42 b0 a8 3f 10 23 6f bf f8 60 54 72 ce 57 a7 f9 ef e3 90 21 b0 14 c6 27 53 56 e9 fa f2 14 d8 0a 2a 29 e9 de a4 ed b6 46 93 69 84 77 a0 d7 c3 b9 f7 c8 f0 b3 12 45 c7 74 Data Ascii: -bU1URU`KbqBaWS+N-N)a^)Ua[D,~UepO-JRE{,FE7((W6jW0kl,726Aujv+ R;WNB4?F$pc"B?#o`TrW!'SV)FiwEt
2024-04-24 09:50:59 UTC	8192	IN	Data Raw: ad 2b d3 1e 14 78 85 0f a3 f9 2a c6 e1 9a 50 8d 4e 0a c6 8d 40 09 34 ad 30 70 a4 e4 a6 47 07 90 74 e7 02 bc 89 ad 77 0a 7e 8e 98 7c 36 3e 32 1a ef f2 d7 4e 20 b7 00 77 e8 41 e9 fe c4 8c 22 0c 4e 67 cd d3 79 79 9e cb eb 31 b0 50 cf 27 15 ab 1a 01 23 0d c9 3b f4 c4 c5 cc 13 17 4c eb f2 67 4a 6d 4b 58 8a de 65 a8 64 94 83 c8 d6 a9 2c 78 39 31 cb b8 3f 0f d2 fa cb 58 fc 9a b7 9e e2 15 b4 9e 4b 76 e3 23 d4 51 c6 dc 45 08 6f f5 b2 1c 6e 30 78 ae ab 6f 79 65 a8 1d 3a 45 0d 24 6e 50 14 fd a3 e2 3a 76 cb c7 7b 55 21 06 87 a8 5d fa 8a b1 f1 28 c5 1b 91 0b 43 de b5 c9 55 ad 81 cd fa 69 e5 8f 2b 5e ea be 53 d3 2f 34 f8 42 db 18 23 40 5e a1 41 40 11 94 50 12 58 30 22 8a 37 39 8f 2c e2 26 ba b6 8d 39 9d 93 b0 3c 98 46 9d f9 5f e5 e9 f5 db 3d 47 55 86 43 35 dc 77 12 3d Data Ascii: +x*PN@40pGtw~\|6>2N wA"Ngyy1P'#;LgJmKXed,x91?XKv#QEon0xoye:E$nP:v{U!](CUi+^S/4B#@^A@PX0"79,&9<F_=GUC5w=
2024-04-24 09:50:59 UTC	8192	IN	Data Raw: 6d b1 55 41 be 04 ae e5 85 5c dd 29 8a 0b c8 2e 85 1c 8f 73 99 21 d7 c9 8b ce c4 d7 2c 0c 0a 5b 21 c2 84 11 a6 f8 a5 2f 9d 30 d2 a5 52 8a dc 20 ff 00 24 9f c4 63 4b 68 b0 b4 38 29 51 b1 a1 a6 05 4d 21 43 8d 2d a6 90 c7 5c 8a 53 68 96 98 19 26 28 0d 32 2c 91 b1 e0 4a 36 2c 8b 20 99 45 be 45 90 4e e0 8a b9 51 6d 01 37 b6 8b 2b 25 b0 04 e2 08 69 95 96 c0 13 58 63 ca cb 68 4d 22 8f 20 cd 31 8a 3c 81 4a 61 0c 63 22 59 84 ce 18 f2 b2 cc 27 76 d0 8c ac 96 61 3e 82 3a 65 65 98 4c d1 68 32 0c de 17 e6 46 2b aa 5c 0e dc f3 79 87 e9 0e b7 27 32 94 87 ae 5a c1 55 58 9c 09 5f 4f 0c 55 0c e8 41 c2 85 26 4a e1 b4 3b d3 c6 d5 77 0c 16 95 a6 32 30 da b5 c3 1b 57 71 ae 28 5a 13 1b 56 bd 3a d7 0d ad 34 23 c6 d6 97 85 c0 ad d2 98 a5 d8 ab 54 c5 0d 8a e2 ab 81 c0 95 c0 9c 55 Data Ascii: mUA\).s!,[!/0R $cKh8)QM!C-\Sh&(2,J6, EENQm7+%iXchM" 1<Jac"Y'va>:eeLh2F+\y'2ZUX_OUA&J;w20Wq(ZV:4#TU

Target ID:	0
Start time:	11:50:23
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	11:50:26
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2180,i,16645406805787686568,15006377985678471521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:50:29
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2704, Parent PID: 6140

General

Chronological Activities

Analysis Process: chrome.exePID: 6268, Parent PID: 2704

General

Chronological Activities

Windows Analysis Report
https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2