Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://104.16.32.241

Overview

General Information

Sample URL:http://104.16.32.241
Analysis ID:1504852
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2388,i,17422529707629254449,4040055923803264848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.16.32.241" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://104.16.32.241/HTTP Parser: No favicon
Source: http://104.16.32.241/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50878 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:50875 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 104.16.32.241
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: global trafficHTTP traffic detected: GET /beacon.js HTTP/1.1Host: performance.radar.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fyVtyGwSKYB84PZ&MD=Aa5MVlha HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fyVtyGwSKYB84PZ&MD=Aa5MVlha HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 104.16.32.241Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Host: 104.16.32.241Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://104.16.32.241/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 104.16.32.241Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://104.16.32.241/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: performance.radar.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: sparrow.cloudflare.com
Source: unknownHTTP traffic detected: POST /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveContent-Length: 87sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1eContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: http://104.16.32.241Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 05 Sep 2024 12:24:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16982Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 05 Sep 2024 12:24:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 8be632b92cf44232-EWRContent-Encoding: gzipData Raw: 38 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5a 09 10 35 92 ac 38 8e 34 52 d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8c c4 98 43 4e 49 4a b2 90 f5 7f 5f 70 38 23 8f 24 db 4d b0 bb a8 1e 34 bc 1e 9e cb 77 2e 64 fc e2 cd fb f3 eb 4f 57 17 b0 74 b9 9c b7 e2 17 94 fe 26 32 90 0e 2e 2f e0 d5 ef 73 88 fd 04 a4 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 62 46 50 d1 8f 1f c8 1c e2 17 bf a1 e2 22 fb 9d d2 07 52 15 1d 80 c7 49 bd fa 36 52 67 cf 90 3a fb 06 52 0b 57 51 f3 03 8f 49 79 4c 85 d2 7d 4a 4b 64 7c de 8a 9d 70 12 e7 6f 84 c1 d4 c1 e5 15 b0 34 45 6b 41 69 07 4c 4a bd 41 0e ff 86 73 a9 57 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 32 63 d1 cd c8 c7 eb 1f e8 19 81 a8 9e 58 3a 57 50 fc 63 25 d6 33 72 ae 95 43 e5 e8 f5 b6 40 02 69 e8 cd 88 c3 3b 17 79 c6 a7 3b 32 cf 51 f9 95 7e fc 9e 9e eb bc 60 4e 24 b2 49 e8 f2 62 76 c1 17 d8 d8 a7 58 8e 33 62 74 a2 9d 6d 2c 54 5a 28 8e 77 3d 50 3a d3 5e b8 a3 2d 6b 81 9b 42 1b d7 d8 b4 11 dc 2d 67 1c d7 22 45 5a 76 7a 42 09 27 98 a4 36 65 12 67 c3 40 45 0a 75 0b 06 e5 8c 58 b7 95 68 97 88 8e 80 e0 33 92 66 37 61 88 a6 d6 12 58 1a cc 66 24 4a b9 a2 e9 42 44 61 2a ca 99 50 fd 72 3e 9a b7 5a ad d8 a6 46 14 6e de ea 64 2b 95 3a a1 55 a7 fb 45 64 1d ae d3 55 8e ca f5 19 e7 17 6b 54 ee 9d b0 0e 15 9a 76 7b 23 14 d7 9b fe af 3f be 7b eb 5c f1 33 fe b1 42 eb da ed 7f 7e 78 ff 53 f8 ef 5b 67 84 5a 88 6c db fd b2 66 06 70 b6 a3 cd c2 48 3a db d1 5f a0 bb 90 e8 9b ff d8 5e f2 0e 41 63 b4 a1 19 22 4f 58 7a 4b ed ca ac 71 4b ba 3d fe 0d 5b 4a 68 91 6e 2f 99 29 dc c0 3e a3 53 36 fb 82 5e a0 09 a9 77 40 2a 45 7a 8b 9c f4 0a a3 0b 34 4e a0 9d 7c 29 a9 9e 6b 8e 93 e1 60 70 d2 5b a2 2c b2 95 9c b0 de 1a 8d 15 5a 4d 86 f7 f7 d3 a4 af 0b 54 1d 72 f5 fe c3 35 e9 11 8f 23 3b 89 22 5b 30 63 f4 a6 9f ee f0 dc 4f 75 1e b1 42 44 eb 61 54 1e 4f ba d3 a4 6f d1 55 6c bd 45 c6 d1 74 f6 31 dc 23 ac 28 a4 48 99 d7 5d f4 d9 6a f5 c4 ae 0f e1 3c fa 41 af 4c 8a f4 5f b8 25 3d 92 be 7a 35 cc 06 38 4e 5e 8e 5f 8f c7 09 26 d9 78 74 3a e4 e3 71 c2 5f bd 66 43 24 dd 69 cb 13 53 bc b3 6f b5 0e eb 76 a7 69 bf 74 73 6f 76 8f 81 ce 4e 5b 74 29 38 47 cf 09 6f 2c 31 98 eb 35 3e b2 ea 7e fa 24 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed 3d 03 aa 1d 57 c9 ca 39 ad e8 16 ed f3 90 3a dc a0 34 e9 4e c9 4e 5c 22 14 b0 76 bb c3 be 46 03 bd f4 11 c9 4b c8 ed 89 8b 9d 17 83 ee 7d b7 c7 Data Ascii: 832X[o7~8Z584Ru\ic4(CNIJ_p8#$M4w.dOWt&2./sY;#J\ bFP"RI6
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 05 Sep 2024 12:24:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 8be632be7c335e6d-EWRContent-Encoding: gzipData Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 49 6d c2 24 ce 86 25 15 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 43 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 a7 82 8c 09 d5 2f e6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ad 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f8 ee ad 73 f9 cf f8 c7 12 ad 6b b7 ff f9 e1 fd 4f e5 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 2d 6d 56 8e 24 b3 2d fd 39 ba 2b 89 be f9 8f cd 35 ef 10 34 46 1b 9a 22 f2 98 25 f7 d4 2e cd 0a 37 a4 db e3 df b0 a5 80 16 e9 f6 e2 99 c2 35 ec 32 3a 65 b3 2f e8 05 9a 90 7a 07 24 52 24 f7 c8 49 2f 37 3a 47 e3 04 da c9 97 82 ea a5 e6 38 19 0e 06 27 bd 05 ca 3c 5d ca 09 eb ad d0 58 a1 d5 64 f8 f8 38 8d fb 3a 47 d5 21 37 ef 3f dc 92 1e f1 38 b2 93 20 b0 39 33 46 af fb c9 16 cf fd 44 67 01 cb 45 b0 1a 06 c5 f1 a4 3b 8d fb 16 5d c5 d6 5b 64 1c 4d 67 17 c3 3d c2 f2 5c 8a 84 79 dd 05 9f ad 56 cf ec fa 50 9e 47 3f e8 a5 49 90 fe 0b 37 a4 47 92 f3 f3 61 3a c0 71 7c 3a 7e 3d 1e c7 18 a7 e3 d1 d9 90 8f c7 31 3f 7f cd 86 48 ba d3 96 27 a6 78 67 d7 6a 1d d6 ed 4e 93 7e e1 e6 de ec 1e 03 9d ad b6 e8 42 70 8e 9e 13 de 58 62 30 d3 2b 3c b2 ea 71 fa 2c 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed bd 00 aa 2d 57 f1 d2 39 ad e8 06 ed cb 90 da df a0 34 e9 4e c9 56 5c 22 14 b0 76 bb c3 be 46 03 bd e4 88 e4 05 e4 76 c4 c5 ce ab 41 f7 b1 db e3 5f bb Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]
Source: sets.json.0.drString found in binary or memory: https://07c225f3.online
Source: sets.json.0.drString found in binary or memory: https://24.hu
Source: sets.json.0.drString found in binary or memory: https://aajtak.in
Source: sets.json.0.drString found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.drString found in binary or memory: https://alice.tw
Source: sets.json.0.drString found in binary or memory: https://ambitionbox.com
Source: sets.json.0.drString found in binary or memory: https://autobild.de
Source: sets.json.0.drString found in binary or memory: https://baomoi.com
Source: sets.json.0.drString found in binary or memory: https://bild.de
Source: sets.json.0.drString found in binary or memory: https://blackrock.com
Source: sets.json.0.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.drString found in binary or memory: https://bluradio.com
Source: sets.json.0.drString found in binary or memory: https://bolasport.com
Source: sets.json.0.drString found in binary or memory: https://bonvivir.com
Source: sets.json.0.drString found in binary or memory: https://bumbox.com
Source: sets.json.0.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.drString found in binary or memory: https://businesstoday.in
Source: sets.json.0.drString found in binary or memory: https://cachematrix.com
Source: sets.json.0.drString found in binary or memory: https://cafemedia.com
Source: sets.json.0.drString found in binary or memory: https://caracoltv.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.drString found in binary or memory: https://cardsayings.net
Source: sets.json.0.drString found in binary or memory: https://chatbot.com
Source: sets.json.0.drString found in binary or memory: https://chennien.com
Source: sets.json.0.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.0.drString found in binary or memory: https://clarosports.com
Source: sets.json.0.drString found in binary or memory: https://clmbtech.com
Source: sets.json.0.drString found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.0.drString found in binary or memory: https://computerbild.de
Source: sets.json.0.drString found in binary or memory: https://content-loader.com
Source: sets.json.0.drString found in binary or memory: https://cookreactor.com
Source: sets.json.0.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.0.drString found in binary or memory: https://css-load.com
Source: sets.json.0.drString found in binary or memory: https://deccoria.pl
Source: sets.json.0.drString found in binary or memory: https://deere.com
Source: sets.json.0.drString found in binary or memory: https://desimartini.com
Source: sets.json.0.drString found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.drString found in binary or memory: https://drimer.io
Source: sets.json.0.drString found in binary or memory: https://drimer.travel
Source: sets.json.0.drString found in binary or memory: https://economictimes.com
Source: sets.json.0.drString found in binary or memory: https://een.be
Source: sets.json.0.drString found in binary or memory: https://efront.com
Source: sets.json.0.drString found in binary or memory: https://eleconomista.net
Source: sets.json.0.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.drString found in binary or memory: https://elgrafico.com
Source: sets.json.0.drString found in binary or memory: https://ella.sv
Source: sets.json.0.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://elpais.uy
Source: sets.json.0.drString found in binary or memory: https://etfacademy.it
Source: sets.json.0.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.drString found in binary or memory: https://fakt.pl
Source: sets.json.0.drString found in binary or memory: https://finn.no
Source: sets.json.0.drString found in binary or memory: https://firstlook.biz
Source: sets.json.0.drString found in binary or memory: https://gallito.com.uy
Source: sets.json.0.drString found in binary or memory: https://geforcenow.com
Source: sets.json.0.drString found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://gliadomain.com
Source: sets.json.0.drString found in binary or memory: https://gnttv.com
Source: sets.json.0.drString found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.drString found in binary or memory: https://grid.id
Source: sets.json.0.drString found in binary or memory: https://gridgames.app
Source: sets.json.0.drString found in binary or memory: https://growthrx.in
Source: sets.json.0.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.0.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.drString found in binary or memory: https://hapara.com
Source: sets.json.0.drString found in binary or memory: https://hazipatika.com
Source: sets.json.0.drString found in binary or memory: https://hc1.com
Source: sets.json.0.drString found in binary or memory: https://hc1.global
Source: sets.json.0.drString found in binary or memory: https://hc1cas.com
Source: sets.json.0.drString found in binary or memory: https://hc1cas.global
Source: sets.json.0.drString found in binary or memory: https://healthshots.com
Source: sets.json.0.drString found in binary or memory: https://hearty.app
Source: sets.json.0.drString found in binary or memory: https://hearty.gift
Source: sets.json.0.drString found in binary or memory: https://hearty.me
Source: sets.json.0.drString found in binary or memory: https://heartymail.com
Source: sets.json.0.drString found in binary or memory: https://heatworld.com
Source: sets.json.0.drString found in binary or memory: https://helpdesk.com
Source: sets.json.0.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.0.drString found in binary or memory: https://hj.rs
Source: sets.json.0.drString found in binary or memory: https://hjck.com
Source: sets.json.0.drString found in binary or memory: https://html-load.cc
Source: sets.json.0.drString found in binary or memory: https://html-load.com
Source: sets.json.0.drString found in binary or memory: https://human-talk.org
Source: sets.json.0.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.0.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.0.drString found in binary or memory: https://img-load.com
Source: sets.json.0.drString found in binary or memory: https://indiatimes.com
Source: sets.json.0.drString found in binary or memory: https://indiatoday.in
Source: sets.json.0.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.0.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.drString found in binary or memory: https://interia.pl
Source: sets.json.0.drString found in binary or memory: https://intoday.in
Source: sets.json.0.drString found in binary or memory: https://iolam.it
Source: sets.json.0.drString found in binary or memory: https://ishares.com
Source: sets.json.0.drString found in binary or memory: https://jagran.com
Source: sets.json.0.drString found in binary or memory: https://johndeere.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.drString found in binary or memory: https://journaldunet.com
Source: sets.json.0.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.0.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.0.drString found in binary or memory: https://joyreactor.com
Source: sets.json.0.drString found in binary or memory: https://kaksya.in
Source: sets.json.0.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.0.drString found in binary or memory: https://kompas.com
Source: sets.json.0.drString found in binary or memory: https://kompas.tv
Source: sets.json.0.drString found in binary or memory: https://kompasiana.com
Source: sets.json.0.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.drString found in binary or memory: https://landyrev.com
Source: sets.json.0.drString found in binary or memory: https://landyrev.ru
Source: sets.json.0.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.drString found in binary or memory: https://lateja.cr
Source: sets.json.0.drString found in binary or memory: https://libero.it
Source: sets.json.0.drString found in binary or memory: https://linternaute.com
Source: sets.json.0.drString found in binary or memory: https://linternaute.fr
Source: sets.json.0.drString found in binary or memory: https://livechat.com
Source: sets.json.0.drString found in binary or memory: https://livechatinc.com
Source: sets.json.0.drString found in binary or memory: https://livehindustan.com
Source: sets.json.0.drString found in binary or memory: https://livemint.com
Source: sets.json.0.drString found in binary or memory: https://max.auto
Source: sets.json.0.drString found in binary or memory: https://medonet.pl
Source: sets.json.0.drString found in binary or memory: https://meo.pt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.drString found in binary or memory: https://mightytext.net
Source: sets.json.0.drString found in binary or memory: https://mittanbud.no
Source: sets.json.0.drString found in binary or memory: https://money.pl
Source: sets.json.0.drString found in binary or memory: https://motherandbaby.com
Source: sets.json.0.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.drString found in binary or memory: https://nacion.com
Source: sets.json.0.drString found in binary or memory: https://naukri.com
Source: sets.json.0.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.drString found in binary or memory: https://nien.co
Source: sets.json.0.drString found in binary or memory: https://nien.com
Source: sets.json.0.drString found in binary or memory: https://nien.org
Source: sets.json.0.drString found in binary or memory: https://nlc.hu
Source: sets.json.0.drString found in binary or memory: https://nosalty.hu
Source: sets.json.0.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.drString found in binary or memory: https://nvidia.com
Source: sets.json.0.drString found in binary or memory: https://o2.pl
Source: sets.json.0.drString found in binary or memory: https://ocdn.eu
Source: sets.json.0.drString found in binary or memory: https://onet.pl
Source: sets.json.0.drString found in binary or memory: https://ottplay.com
Source: sets.json.0.drString found in binary or memory: https://p106.net
Source: sets.json.0.drString found in binary or memory: https://p24.hu
Source: sets.json.0.drString found in binary or memory: https://paula.com.uy
Source: sets.json.0.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.drString found in binary or memory: https://phonandroid.com
Source: sets.json.0.drString found in binary or memory: https://player.pl
Source: sets.json.0.drString found in binary or memory: https://plejada.pl
Source: sets.json.0.drString found in binary or memory: https://poalim.site
Source: sets.json.0.drString found in binary or memory: https://poalim.xyz
Source: sets.json.0.drString found in binary or memory: https://pomponik.pl
Source: sets.json.0.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.drString found in binary or memory: https://prisjakt.no
Source: sets.json.0.drString found in binary or memory: https://pudelek.pl
Source: sets.json.0.drString found in binary or memory: https://punjabijagran.com
Source: sets.json.0.drString found in binary or memory: https://radio1.be
Source: sets.json.0.drString found in binary or memory: https://radio2.be
Source: sets.json.0.drString found in binary or memory: https://reactor.cc
Source: sets.json.0.drString found in binary or memory: https://repid.org
Source: sets.json.0.drString found in binary or memory: https://reshim.org
Source: sets.json.0.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://sackrace.ai
Source: sets.json.0.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.0.drString found in binary or memory: https://samayam.com
Source: sets.json.0.drString found in binary or memory: https://sapo.io
Source: sets.json.0.drString found in binary or memory: https://sapo.pt
Source: sets.json.0.drString found in binary or memory: https://shock.co
Source: sets.json.0.drString found in binary or memory: https://smaker.pl
Source: sets.json.0.drString found in binary or memory: https://smoney.vn
Source: sets.json.0.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.drString found in binary or memory: https://songshare.com
Source: sets.json.0.drString found in binary or memory: https://songstats.com
Source: sets.json.0.drString found in binary or memory: https://sporza.be
Source: sets.json.0.drString found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.drString found in binary or memory: https://startlap.hu
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.drString found in binary or memory: https://stripe.com
Source: sets.json.0.drString found in binary or memory: https://stripe.network
Source: sets.json.0.drString found in binary or memory: https://stripecdn.com
Source: sets.json.0.drString found in binary or memory: https://supereva.it
Source: sets.json.0.drString found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.drString found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.drString found in binary or memory: https://technology-revealed.com
Source: sets.json.0.drString found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.drString found in binary or memory: https://text.com
Source: sets.json.0.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.drString found in binary or memory: https://the42.ie
Source: sets.json.0.drString found in binary or memory: https://thejournal.ie
Source: sets.json.0.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.drString found in binary or memory: https://timesinternet.in
Source: sets.json.0.drString found in binary or memory: https://timesofindia.com
Source: sets.json.0.drString found in binary or memory: https://tolteck.app
Source: sets.json.0.drString found in binary or memory: https://tolteck.com
Source: sets.json.0.drString found in binary or memory: https://top.pl
Source: sets.json.0.drString found in binary or memory: https://tribunnews.com
Source: sets.json.0.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.drString found in binary or memory: https://tvid.in
Source: sets.json.0.drString found in binary or memory: https://tvn.pl
Source: sets.json.0.drString found in binary or memory: https://tvn24.pl
Source: sets.json.0.drString found in binary or memory: https://unotv.com
Source: sets.json.0.drString found in binary or memory: https://victorymedium.com
Source: sets.json.0.drString found in binary or memory: https://vrt.be
Source: sets.json.0.drString found in binary or memory: https://vwo.com
Source: sets.json.0.drString found in binary or memory: https://welt.de
Source: sets.json.0.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.drString found in binary or memory: https://wildix.com
Source: sets.json.0.drString found in binary or memory: https://wildixin.com
Source: sets.json.0.drString found in binary or memory: https://wingify.com
Source: sets.json.0.drString found in binary or memory: https://wordle.at
Source: sets.json.0.drString found in binary or memory: https://wp.pl
Source: sets.json.0.drString found in binary or memory: https://wpext.pl
Source: sets.json.0.drString found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.drString found in binary or memory: https://ya.ru
Source: sets.json.0.drString found in binary or memory: https://yours.co.uk
Source: sets.json.0.drString found in binary or memory: https://zalo.me
Source: sets.json.0.drString found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.drString found in binary or memory: https://zingmp3.vn
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50878
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50877
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50878 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_5788_1278172221Jump to behavior
Source: classification engineClassification label: clean1.win@17/7@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2388,i,17422529707629254449,4040055923803264848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.16.32.241"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2388,i,17422529707629254449,4040055923803264848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1504852 URL: http://104.16.32.241 Startdate: 05/09/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.6, 443, 49705, 49715 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 172.217.18.100, 443, 49721, 50877 GOOGLEUS United States 10->17 19 104.16.32.241, 49715, 49716, 80 CLOUDFLARENETUS United States 10->19 21 3 other IPs or domains 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://104.16.32.2410%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://mercadoshops.com.co0%URL Reputationsafe
https://poalim.xyz0%URL Reputationsafe
https://mercadolivre.com0%URL Reputationsafe
https://reshim.org0%URL Reputationsafe
https://medonet.pl0%URL Reputationsafe
https://unotv.com0%URL Reputationsafe
https://mercadoshops.com.br0%URL Reputationsafe
https://zdrowietvn.pl0%URL Reputationsafe
https://johndeere.com0%URL Reputationsafe
https://baomoi.com0%URL Reputationsafe
https://supereva.it0%URL Reputationsafe
https://elfinancierocr.com0%URL Reputationsafe
https://bolasport.com0%URL Reputationsafe
https://rws1nvtvt.com0%URL Reputationsafe
https://desimartini.com0%URL Reputationsafe
https://hearty.app0%URL Reputationsafe
https://hearty.gift0%URL Reputationsafe
https://mercadoshops.com0%URL Reputationsafe
https://heartymail.com0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://radio2.be0%URL Reputationsafe
https://finn.no0%URL Reputationsafe
https://hc1.com0%URL Reputationsafe
https://kompas.tv0%URL Reputationsafe
https://smaker.pl0%URL Reputationsafe
https://mercadopago.com.mx0%URL Reputationsafe
https://talkdeskqaid.com0%URL Reputationsafe
https://mercadopago.com.pe0%URL Reputationsafe
https://text.com0%URL Reputationsafe
https://mightytext.net0%URL Reputationsafe
https://pudelek.pl0%URL Reputationsafe
https://joyreactor.com0%URL Reputationsafe
https://gliadomain.com0%Avira URL Cloudsafe
https://cookreactor.com0%URL Reputationsafe
https://nourishingpursuits.com0%Avira URL Cloudsafe
https://joyreactor.cc0%Avira URL Cloudsafe
https://wieistmeineip.de0%Avira URL Cloudsafe
https://sparrow.cloudflare.com/api/v1/event0%Avira URL Cloudsafe
https://wildixin.com0%URL Reputationsafe
https://songstats.com0%Avira URL Cloudsafe
https://eworkbookcloud.com0%URL Reputationsafe
https://cognitiveai.ru0%URL Reputationsafe
https://nacion.com0%URL Reputationsafe
https://chennien.com0%URL Reputationsafe
https://drimer.travel0%URL Reputationsafe
https://deccoria.pl0%URL Reputationsafe
https://mercadopago.cl0%URL Reputationsafe
https://talkdeskstgid.com0%URL Reputationsafe
https://bonvivir.com0%URL Reputationsafe
https://carcostadvisor.be0%URL Reputationsafe
https://nlc.hu0%Avira URL Cloudsafe
http://104.16.32.241/favicon.ico0%Avira URL Cloudsafe
https://wpext.pl0%URL Reputationsafe
https://songshare.com0%Avira URL Cloudsafe
https://poalim.site0%URL Reputationsafe
https://drimer.io0%URL Reputationsafe
https://mystudentdashboard.com0%Avira URL Cloudsafe
https://infoedgeindia.com0%URL Reputationsafe
https://blackrockadvisorelite.it0%URL Reputationsafe
https://cognitive-ai.ru0%URL Reputationsafe
https://graziadaily.co.uk0%URL Reputationsafe
https://thirdspace.org.au0%URL Reputationsafe
https://24.hu0%Avira URL Cloudsafe
https://cardsayings.net0%Avira URL Cloudsafe
https://mercadoshops.com.ar0%URL Reputationsafe
https://smpn106jkt.sch.id0%URL Reputationsafe
https://p24.hu0%Avira URL Cloudsafe
https://elpais.uy0%URL Reputationsafe
https://the42.ie0%URL Reputationsafe
https://hazipatika.com0%Avira URL Cloudsafe
https://commentcamarche.com0%URL Reputationsafe
https://tucarro.com.ve0%URL Reputationsafe
https://rws3nvtvt.com0%URL Reputationsafe
https://eleconomista.net0%URL Reputationsafe
https://helpdesk.com0%URL Reputationsafe
https://mercadolivre.com.br0%URL Reputationsafe
https://clmbtech.com0%URL Reputationsafe
https://standardsandpraiserepurpose.com0%URL Reputationsafe
https://mercadopago.com.br0%URL Reputationsafe
https://commentcamarche.net0%URL Reputationsafe
https://etfacademy.it0%URL Reputationsafe
https://naukri.com0%Avira URL Cloudsafe
https://mighty-app.appspot.com0%URL Reputationsafe
https://hj.rs0%URL Reputationsafe
https://interia.pl0%Avira URL Cloudsafe
https://hearty.me0%URL Reputationsafe
https://mercadolibre.com.gt0%URL Reputationsafe
https://timesinternet.in0%URL Reputationsafe
https://indiatodayne.in0%URL Reputationsafe
https://sapo.io0%Avira URL Cloudsafe
https://salemovetravel.com0%Avira URL Cloudsafe
https://idbs-staging.com0%URL Reputationsafe
https://blackrock.com0%URL Reputationsafe
https://idbs-eworkbook.com0%URL Reputationsafe
https://motherandbaby.com0%URL Reputationsafe
https://welt.de0%Avira URL Cloudsafe
https://cafemedia.com0%Avira URL Cloudsafe
https://landyrev.com0%Avira URL Cloudsafe
https://07c225f3.online0%Avira URL Cloudsafe
https://salemovefinancial.com0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sparrow.cloudflare.com
104.18.2.57
truefalse
    		unknown
    www.cloudflare.com
    		104.16.123.96
    		truefalse
      		unknown
      performance.radar.cloudflare.com
      		104.18.30.78
      		truefalse
        		unknown
        www.google.com
        		172.217.18.100
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://sparrow.cloudflare.com/api/v1/eventfalse
          • Avira URL Cloud: safe
          		unknown
          http://104.16.32.241/favicon.icofalse
          • Avira URL Cloud: safe
          		unknown
          NameSourceMaliciousAntivirus DetectionReputation
          https://wieistmeineip.desets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadoshops.com.cosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://gliadomain.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://poalim.xyzsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolivre.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://reshim.orgsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nourishingpursuits.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://medonet.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://unotv.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.com.brsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://joyreactor.ccsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://zdrowietvn.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://johndeere.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://songstats.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://baomoi.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://supereva.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://elfinancierocr.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://bolasport.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://rws1nvtvt.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://desimartini.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.appsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.giftsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://heartymail.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nlc.husets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://p106.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://radio2.besets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://finn.nosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hc1.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://kompas.tvsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mystudentdashboard.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://songshare.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://smaker.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.com.mxsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://p24.husets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://talkdeskqaid.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://24.husets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadopago.com.pesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cardsayings.netsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://text.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mightytext.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://pudelek.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hazipatika.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://joyreactor.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cookreactor.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://wildixin.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://eworkbookcloud.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cognitiveai.rusets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nacion.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://chennien.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://drimer.travelsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://deccoria.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.clsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://talkdeskstgid.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://naukri.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://interia.plsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://bonvivir.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://carcostadvisor.besets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://salemovetravel.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://sapo.iosets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://wpext.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://welt.desets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://poalim.sitesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://drimer.iosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://infoedgeindia.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://blackrockadvisorelite.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cognitive-ai.rusets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cafemedia.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://graziadaily.co.uksets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://thirdspace.org.ausets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.com.arsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://smpn106jkt.sch.idsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://elpais.uysets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://landyrev.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://the42.iesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://commentcamarche.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://tucarro.com.vesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://rws3nvtvt.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://eleconomista.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://helpdesk.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolivre.com.brsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://clmbtech.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://standardsandpraiserepurpose.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://07c225f3.onlinesets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://salemovefinancial.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadopago.com.brsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://commentcamarche.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://etfacademy.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mighty-app.appspot.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hj.rssets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.mesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolibre.com.gtsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://timesinternet.insets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://indiatodayne.insets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://idbs-staging.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://blackrock.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://idbs-eworkbook.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://motherandbaby.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          104.18.2.57
          		sparrow.cloudflare.comUnited States
          		13335CLOUDFLARENETUSfalse
          104.18.30.78
          		performance.radar.cloudflare.comUnited States
          		13335CLOUDFLARENETUSfalse
          104.16.32.241
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          172.217.18.100
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.6

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1504852
          Start date and time:2024-09-05 14:23:51 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 10s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://104.16.32.241
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@17/7@10/6
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 216.58.206.67, 172.217.18.110, 74.125.133.84, 34.104.35.123, 192.229.221.95, 199.232.210.172, 142.250.185.195, 199.232.214.172
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: http://104.16.32.241

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\LICENSE

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1558
          Entropy (8bit):5.11458514637545
          Encrypted:false
          SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
          MD5:EE002CB9E51BB8DFA89640A406A1090A
          SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
          SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
          SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
          Malicious:false
          Reputation:low
          Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1864
          Entropy (8bit):6.021127689065198
          Encrypted:false
          SSDEEP:48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
          MD5:68E6B5733E04AB7BF19699A84D8ABBC2
          SHA1:1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
          SHA-256:F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
          SHA-512:9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
          Malicious:false
          Reputation:low
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.9159446964030753
          Encrypted:false
          SSDEEP:3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
          MD5:CFB54589424206D0AE6437B5673F498D
          SHA1:D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
          SHA-256:285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
          SHA-512:70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
          Malicious:false
          Reputation:low
          Preview:1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.4533115571544695
          Encrypted:false
          SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
          MD5:C3419069A1C30140B77045ABA38F12CF
          SHA1:11920F0C1E55CADC7D2893D1EEBB268B3459762A
          SHA-256:DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
          SHA-512:C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
          Malicious:false
          Reputation:low
          Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5788_1471378298\sets.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):9748
          Entropy (8bit):4.629326694042306
          Encrypted:false
          SSDEEP:96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
          MD5:EEA4913A6625BEB838B3E4E79999B627
          SHA1:1B4966850F1B117041407413B70BFA925FD83703
          SHA-256:20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
          SHA-512:31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
          Malicious:false
          Reputation:low
          Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

          Chrome Cache Entry: 48

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:gzip compressed data, from Unix, original size modulo 2^32 8013
          Category:downloaded
          Size (bytes):2176
          Entropy (8bit):7.907971765476445
          Encrypted:false
          SSDEEP:48:Xsv38LcH9hWn0UEA17rcIkkcYkkZOa458seFKtDNa14DrG2lRZ+kUh:879eEA17NLciOz7YkDC4D3RZA
          MD5:98EA0B5620AC910FDF2E2859AAAF0EA8
          SHA1:D0AFBF017526BB929C0BE2700DB376D59FA21455
          SHA-256:45C596E0856F5D0E1B4B70BCF1DBBC00F578898D3BFD743DED5211ED22A277DC
          SHA-512:4BDD491B0DBC7BCAB4543E49C3633E9358C4BB4B18A36E3FB47C960BC12884B13DE162FC2304D21CBF3F9F292C066615784CFA7BC5A8019CC881C371F6C45BF3
          Malicious:false
          Reputation:low
          URL:http://104.16.32.241/cdn-cgi/styles/main.css
          Preview:...........YK.....W......5z..n.M. {..2...}.......n.#..|I.,7..M.`....b.X|T...Y-0..wgR.C........| .:..=b...&a......T.(g...,.[*.g.1.n=..a..Z..7r..........dk.........$......p..... .zk...&..!..)Q..o=...'...J.(:.p\.S...C5..2J..V\)$.40....,0%..e.!,$X.........eO.LL..3..cW......V.....s../pFa.T....(...5...K.@.J..D..~N..\.\*.X-....?.....K2&.._.Z...So%...&..q...8..I.mp.....A..g..I......0....l.".....I...;.aj^.(.,E...@a.;..;$a,.C..};.w.C...=.P...|".A.O....R.P.WSg...h;...S...@.............{.....|Oj.&..C..v.`.".~uA.$...#....LI.......-.l..t....z.OC..G..:.J....r......z.A...`..N.....Q\.....pPEG=T7d.`o.K....O.Nt....t...d.........R..m.h30.....$i.6rE.r....e..)...4..;.7..w...p..fZZab......n.E...r....`."wJ)P..5...3..MgTC.J..N.....S;.xD..)....8.8?...c......8.M ....v.O.....&..j+.S.sY...+3..}...@.9.w.fE..v.../^........Q{.sh..Jg9.a......Ew..Z.L.n.....#.H...c. w....}G...y.=..K.)......L..-.(%MK.T.^Hy..fg...?Kg....Eg.m.C.........(.........D.$....zI...I......<........

          Static File Info

          No static file info

          Network Behavior

          Download Network PCAP: filteredfull

          Network Port Distribution

          • Total Packets: 198
          • 443 (HTTPS)
          • 80 (HTTP)
          • 53 (DNS)
          TimestampSource PortDest PortSource IPDest IP
          Sep 5, 2024 14:24:37.044147015 CEST49674443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:37.044147015 CEST49673443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:37.341156006 CEST49672443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:45.848339081 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:45.848572969 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:45.853279114 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:45.853415012 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:45.853445053 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:45.853527069 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:45.854294062 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:45.859126091 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.309055090 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.309082031 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.309092045 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.309111118 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.309134007 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.309174061 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.315211058 CEST4971680192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.320051908 CEST8049716104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.364717960 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.369635105 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.379558086 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.379616022 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.379682064 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.380157948 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.380177021 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.466032028 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.466048956 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.466059923 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:46.466144085 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.508291960 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:46.654120922 CEST49674443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:46.654120922 CEST49673443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:46.678405046 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:46.678442001 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:46.678504944 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:46.679162025 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:46.679173946 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:46.851744890 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.852039099 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.852085114 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.853193998 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.853254080 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.855329037 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.855424881 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.855700016 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.855711937 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.901959896 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.952595949 CEST49672443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:46.985855103 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.985951900 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.985984087 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986000061 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.986023903 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986063004 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986077070 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.986088037 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986123085 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.986335993 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986377001 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.986418962 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.986427069 CEST44349718104.18.30.78192.168.2.6
          Sep 5, 2024 14:24:46.988739967 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:46.988759995 CEST49718443192.168.2.6104.18.30.78
          Sep 5, 2024 14:24:47.057445049 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:47.065256119 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.165729046 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.165760994 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.165771008 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.165813923 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:47.166785002 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.166830063 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:47.170248985 CEST4971580192.168.2.6104.16.32.241
          Sep 5, 2024 14:24:47.175400019 CEST8049715104.16.32.241192.168.2.6
          Sep 5, 2024 14:24:47.466742992 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.466821909 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.477652073 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.477678061 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.477957964 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.507250071 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.507323027 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.507359028 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.507517099 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.552503109 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.679486990 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.679697037 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:47.679780960 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.680273056 CEST49719443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:47.680289030 CEST4434971940.113.110.67192.168.2.6
          Sep 5, 2024 14:24:48.393239021 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:48.393282890 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:48.393430948 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:48.393954039 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:48.393964052 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:48.599935055 CEST44349705173.222.162.64192.168.2.6
          Sep 5, 2024 14:24:48.604273081 CEST49705443192.168.2.6173.222.162.64
          Sep 5, 2024 14:24:49.164633036 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:49.166177988 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:49.166193962 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:49.167439938 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:49.167692900 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:49.237684011 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:49.237802029 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:49.283298969 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:49.283317089 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:49.330070019 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:24:49.608392000 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:49.608436108 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:49.608500957 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:49.610291004 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:49.610308886 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.288650036 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.288862944 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.293905020 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.293916941 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.294209003 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.345902920 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.387414932 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.428498983 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.574631929 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.574728012 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.574882984 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.574920893 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.574920893 CEST49723443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.574939013 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.574947119 CEST44349723184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.632563114 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.632597923 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:50.632735968 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.633178949 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:50.633191109 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.297633886 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.297720909 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.301038027 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.301050901 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.301295042 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.303878069 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.348495960 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.579083920 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.579158068 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.579202890 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.583575010 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.583591938 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:51.583611012 CEST49724443192.168.2.6184.28.90.27
          Sep 5, 2024 14:24:51.583616018 CEST44349724184.28.90.27192.168.2.6
          Sep 5, 2024 14:24:54.879488945 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:54.879544973 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:54.879631996 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:54.880202055 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:54.880218029 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:55.999584913 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.001910925 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.004550934 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.004568100 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.004920006 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.007117033 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.007117033 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.007138968 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.007389069 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.052501917 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.181103945 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.181236029 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.182538986 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.182991028 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:56.183012962 CEST4434972540.113.110.67192.168.2.6
          Sep 5, 2024 14:24:56.183047056 CEST49725443192.168.2.640.113.110.67
          Sep 5, 2024 14:24:57.096466064 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.096518993 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:57.096723080 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.097877026 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.097894907 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:57.790764093 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:57.790838003 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.793546915 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.793555975 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:57.793926001 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:57.835144997 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.939727068 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:57.980493069 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171113968 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171147108 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171156883 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171169043 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171209097 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171222925 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.171251059 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171278000 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.171303034 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.171489954 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171564102 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.171569109 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171580076 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.171614885 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.190598965 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.190624952 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.190705061 CEST49726443192.168.2.652.165.165.26
          Sep 5, 2024 14:24:58.190711975 CEST4434972652.165.165.26192.168.2.6
          Sep 5, 2024 14:24:58.938158035 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:58.938231945 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:24:58.938287020 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:00.688585997 CEST49721443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:00.688622952 CEST44349721172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:08.582145929 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:08.582189083 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:08.582252026 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:08.583385944 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:08.583401918 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.515577078 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.515708923 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.545983076 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.546004057 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.546253920 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.554704905 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.554780960 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.554786921 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.554882050 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.596499920 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.818945885 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.819034100 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:09.819283009 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:09.819283962 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:10.120539904 CEST49730443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:10.120573044 CEST4434973040.113.110.67192.168.2.6
          Sep 5, 2024 14:25:11.635809898 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:11.635838032 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:11.635889053 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:11.636157036 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:11.636171103 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.111232042 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.111588001 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.111607075 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.112658024 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.112715006 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.113841057 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.113904953 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.114048004 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.114057064 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.167630911 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.257240057 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.257318974 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.258972883 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.259006977 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.259041071 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.259210110 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.259390116 CEST49731443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.259406090 CEST44349731104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.260253906 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.260272980 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.729645014 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.730056047 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.730084896 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.730417967 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.732559919 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.732630014 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.732882023 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.780514002 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.863385916 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.863461018 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.863607883 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.866095066 CEST49732443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.866117001 CEST44349732104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.879622936 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.879656076 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:12.881963015 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.882679939 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:12.882695913 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.360605001 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.360869884 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.360898972 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.361915112 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.361974001 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.362396955 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.362463951 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.362581968 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.362601042 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.402019978 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.507009983 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.507088900 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:13.507159948 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.508131981 CEST49733443192.168.2.6104.18.2.57
          Sep 5, 2024 14:25:13.508150101 CEST44349733104.18.2.57192.168.2.6
          Sep 5, 2024 14:25:31.048286915 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:31.048324108 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:31.048456907 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:31.049618959 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:31.049645901 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.354634047 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.354711056 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.356726885 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.356744051 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.357007027 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.359062910 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.359062910 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.359086037 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.359303951 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.400497913 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.533617973 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.534245968 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.534246922 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.534271002 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.534471989 CEST4434973440.113.110.67192.168.2.6
          Sep 5, 2024 14:25:32.534554005 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:32.534554005 CEST49734443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:34.647840977 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:34.647898912 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:34.647969961 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:34.649652004 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:34.649665117 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.633996964 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.634068966 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.636723995 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.636734009 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.636965036 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.647430897 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.688498974 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.905839920 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.905863047 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.905898094 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.905946970 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.905973911 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.905997038 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.906018019 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.906842947 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.906879902 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.906913996 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.906922102 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.906933069 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.906934023 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.906970978 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.911228895 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.911242008 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:35.911263943 CEST49735443192.168.2.652.165.165.26
          Sep 5, 2024 14:25:35.911269903 CEST4434973552.165.165.26192.168.2.6
          Sep 5, 2024 14:25:47.056576967 CEST5087553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:47.062011003 CEST53508751.1.1.1192.168.2.6
          Sep 5, 2024 14:25:47.062073946 CEST5087553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:47.063364029 CEST5087553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:47.068882942 CEST53508751.1.1.1192.168.2.6
          Sep 5, 2024 14:25:47.524709940 CEST53508751.1.1.1192.168.2.6
          Sep 5, 2024 14:25:47.525679111 CEST5087553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:47.530934095 CEST53508751.1.1.1192.168.2.6
          Sep 5, 2024 14:25:47.531258106 CEST5087553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:48.474870920 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:48.474919081 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:48.474987984 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:48.475545883 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:48.475560904 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:49.103266954 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:49.103908062 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:49.103933096 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:49.104274035 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:49.105159044 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:49.105230093 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:49.152177095 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:25:55.264148951 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:55.264198065 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:55.264259100 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:55.265141964 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:55.265155077 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.050656080 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.050785065 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.052858114 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.052869081 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.053116083 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.055028915 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.055080891 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.055085897 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.055242062 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.096498013 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.419823885 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.420002937 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:56.422207117 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.444453001 CEST50878443192.168.2.640.113.110.67
          Sep 5, 2024 14:25:56.444490910 CEST4435087840.113.110.67192.168.2.6
          Sep 5, 2024 14:25:59.016123056 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:59.016204119 CEST44350877172.217.18.100192.168.2.6
          Sep 5, 2024 14:25:59.016355038 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:26:00.670382023 CEST50877443192.168.2.6172.217.18.100
          Sep 5, 2024 14:26:00.670419931 CEST44350877172.217.18.100192.168.2.6
          TimestampSource PortDest PortSource IPDest IP
          Sep 5, 2024 14:24:44.251912117 CEST53515471.1.1.1192.168.2.6
          Sep 5, 2024 14:24:44.301477909 CEST53575891.1.1.1192.168.2.6
          Sep 5, 2024 14:24:45.515499115 CEST53561281.1.1.1192.168.2.6
          Sep 5, 2024 14:24:46.364428043 CEST5290353192.168.2.61.1.1.1
          Sep 5, 2024 14:24:46.364603996 CEST6042653192.168.2.61.1.1.1
          Sep 5, 2024 14:24:46.372054100 CEST53529031.1.1.1192.168.2.6
          Sep 5, 2024 14:24:46.378511906 CEST53604261.1.1.1192.168.2.6
          Sep 5, 2024 14:24:48.384793043 CEST5375953192.168.2.61.1.1.1
          Sep 5, 2024 14:24:48.384793043 CEST5025553192.168.2.61.1.1.1
          Sep 5, 2024 14:24:48.391707897 CEST53502551.1.1.1192.168.2.6
          Sep 5, 2024 14:24:48.392110109 CEST53537591.1.1.1192.168.2.6
          Sep 5, 2024 14:24:53.174849033 CEST5259753192.168.2.61.1.1.1
          Sep 5, 2024 14:24:53.175072908 CEST6010053192.168.2.61.1.1.1
          Sep 5, 2024 14:24:53.183614016 CEST53525971.1.1.1192.168.2.6
          Sep 5, 2024 14:24:53.186279058 CEST53601001.1.1.1192.168.2.6
          Sep 5, 2024 14:25:02.614511013 CEST53612301.1.1.1192.168.2.6
          Sep 5, 2024 14:25:11.626756907 CEST5872753192.168.2.61.1.1.1
          Sep 5, 2024 14:25:11.627089024 CEST6520253192.168.2.61.1.1.1
          Sep 5, 2024 14:25:11.634546995 CEST53652021.1.1.1192.168.2.6
          Sep 5, 2024 14:25:11.635328054 CEST53587271.1.1.1192.168.2.6
          Sep 5, 2024 14:25:12.868257999 CEST6452853192.168.2.61.1.1.1
          Sep 5, 2024 14:25:12.868721008 CEST5194553192.168.2.61.1.1.1
          Sep 5, 2024 14:25:12.877211094 CEST53519451.1.1.1192.168.2.6
          Sep 5, 2024 14:25:12.877463102 CEST53645281.1.1.1192.168.2.6
          Sep 5, 2024 14:25:21.895817995 CEST53633121.1.1.1192.168.2.6
          Sep 5, 2024 14:25:43.644283056 CEST53592201.1.1.1192.168.2.6
          Sep 5, 2024 14:25:44.547908068 CEST53629181.1.1.1192.168.2.6
          Sep 5, 2024 14:25:47.055474997 CEST53637731.1.1.1192.168.2.6

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Sep 5, 2024 14:24:46.364428043 CEST192.168.2.61.1.1.10x8775Standard query (0)performance.radar.cloudflare.comA (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:46.364603996 CEST192.168.2.61.1.1.10x1bcdStandard query (0)performance.radar.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:24:48.384793043 CEST192.168.2.61.1.1.10xb51fStandard query (0)www.google.comA (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:48.384793043 CEST192.168.2.61.1.1.10xa01aStandard query (0)www.google.com65IN (0x0001)false
          Sep 5, 2024 14:24:53.174849033 CEST192.168.2.61.1.1.10xfd77Standard query (0)www.cloudflare.comA (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:53.175072908 CEST192.168.2.61.1.1.10x6ee7Standard query (0)www.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:25:11.626756907 CEST192.168.2.61.1.1.10x6b6cStandard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)false
          Sep 5, 2024 14:25:11.627089024 CEST192.168.2.61.1.1.10xa9c5Standard query (0)sparrow.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:25:12.868257999 CEST192.168.2.61.1.1.10x2f1cStandard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)false
          Sep 5, 2024 14:25:12.868721008 CEST192.168.2.61.1.1.10xe45eStandard query (0)sparrow.cloudflare.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Sep 5, 2024 14:24:46.372054100 CEST1.1.1.1192.168.2.60x8775No error (0)performance.radar.cloudflare.com104.18.30.78A (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:46.372054100 CEST1.1.1.1192.168.2.60x8775No error (0)performance.radar.cloudflare.com104.18.31.78A (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:46.378511906 CEST1.1.1.1192.168.2.60x1bcdNo error (0)performance.radar.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:24:48.391707897 CEST1.1.1.1192.168.2.60xa01aNo error (0)www.google.com65IN (0x0001)false
          Sep 5, 2024 14:24:48.392110109 CEST1.1.1.1192.168.2.60xb51fNo error (0)www.google.com172.217.18.100A (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:53.183614016 CEST1.1.1.1192.168.2.60xfd77No error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:53.183614016 CEST1.1.1.1192.168.2.60xfd77No error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
          Sep 5, 2024 14:24:53.186279058 CEST1.1.1.1192.168.2.60x6ee7No error (0)www.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:25:11.634546995 CEST1.1.1.1192.168.2.60xa9c5No error (0)sparrow.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:25:11.635328054 CEST1.1.1.1192.168.2.60x6b6cNo error (0)sparrow.cloudflare.com104.18.2.57A (IP address)IN (0x0001)false
          Sep 5, 2024 14:25:11.635328054 CEST1.1.1.1192.168.2.60x6b6cNo error (0)sparrow.cloudflare.com104.18.3.57A (IP address)IN (0x0001)false
          Sep 5, 2024 14:25:12.877211094 CEST1.1.1.1192.168.2.60xe45eNo error (0)sparrow.cloudflare.com65IN (0x0001)false
          Sep 5, 2024 14:25:12.877463102 CEST1.1.1.1192.168.2.60x2f1cNo error (0)sparrow.cloudflare.com104.18.2.57A (IP address)IN (0x0001)false
          Sep 5, 2024 14:25:12.877463102 CEST1.1.1.1192.168.2.60x2f1cNo error (0)sparrow.cloudflare.com104.18.3.57A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • performance.radar.cloudflare.com
          • fs.microsoft.com
          • slscr.update.microsoft.com
          • sparrow.cloudflare.com
          • 104.16.32.241

          HTTP Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.649716104.16.32.24180416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Sep 5, 2024 14:24:45.854294062 CEST428OUTGET / HTTP/1.1
          Host: 104.16.32.241
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Sep 5, 2024 14:24:46.309055090 CEST1236INHTTP/1.1 403 Forbidden
          Date: Thu, 05 Sep 2024 12:24:46 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          X-Frame-Options: SAMEORIGIN
          Referrer-Policy: same-origin
          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          Expires: Thu, 01 Jan 1970 00:00:01 GMT
          Vary: Accept-Encoding
          Server: cloudflare
          CF-RAY: 8be632b92cf44232-EWR
          Content-Encoding: gzip
          Data Raw: 38 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5a 09 10 35 92 ac 38 8e 34 52 d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8c c4 98 43 4e 49 4a b2 90 f5 7f 5f 70 38 23 8f 24 db 4d b0 bb a8 1e 34 bc 1e 9e cb 77 2e 64 fc e2 cd fb f3 eb 4f 57 17 b0 74 b9 9c b7 e2 17 94 fe 26 32 90 0e 2e 2f e0 d5 ef 73 88 fd 04 a4 92 59 3b 23 4a d3 cf 16 04 9e 82 96 5c 20 01 c9 d4 62 46 50 d1 8f 1f c8 1c e2 17 bf a1 e2 22 fb 9d d2 07 52 15 1d 80 c7 49 bd fa 36 52 67 cf 90 3a fb 06 52 0b 57 51 f3 03 8f 49 79 4c 85 d2 7d 4a 4b 64 7c de 8a 9d 70 12 e7 6f 84 c1 d4 c1 e5 15 b0 34 45 6b 41 69 07 4c 4a bd 41 0e ff 86 73 a9 57 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 32 63 d1 cd c8 c7 eb 1f e8 19 81 a8 9e 58 3a 57 50 fc 63 25 d6 33 72 ae 95 43 e5 e8 f5 b6 40 02 69 e8 cd 88 c3 3b 17 79 c6 a7 3b 32 cf 51 f9 95 7e fc 9e 9e eb bc 60 4e 24 b2 49 e8 f2 62 76 c1 17 d8 d8 a7 58 8e 33 62 74 a2 9d 6d 2c 54 5a 28 8e 77 3d 50 3a d3 5e b8 a3 2d 6b 81 9b 42 1b d7 d8 b4 11 dc 2d 67 1c d7 22 45 5a 76 7a 42 09 [TRUNCATED]
          Data Ascii: 832X[o7~8Z584Ru\ic4(CNIJ_p8#$M4w.dOWt&2./sY;#J\ bFP"RI6Rg:RWQIyL}JKd|po4EkAiLJAsW<`8G ]2cX:WPc%3rC@i;y;2Q~`N$IbvX3btm,TZ(w=P:^-kB-g"EZvzB'6eg@EuXh3f7aXf$JBDa*Pr>ZFnd+:UEdUkTv{#?{\3B~xS[gZlfpH:_^Ac"OXzKqK=[Jhn/)>S6^w@*Ez4N|)k`p[,ZMTr5#;"[0cOuBDaTOoUlEt1#(H]j<AL_%=z58N^_&xt:q_fC$iSovitsovN[t)8Go,15>~$:+i(@a_ku=W9:4NN\"vFK}
          Sep 5, 2024 14:24:46.309082031 CEST1236INData Raw: bf 76 f5 b0 7b df ed de 77 ef ef bb 9d ee b4 15 47 b5 27 d7 3e 0d 1c 33 34 60 4d 3a db 01 b3 40 93 69 93 33 95 62 df 30 ce cc 21 44 13 64 a9 56 fd cf 96 cc 1f 28 c6 51 15 c4 13 cd b7 f3 16 40 cc c5 ba 0a 39 74 63 58 51 a0 21 7e bc 9a a9 12 44 9a
          Data Ascii: v{wG'>34`M:@i3b0!DdV(Q@9tcXQ!~DQ&8Z0Q.'cd}aDf0T8b`b4cBh,bP8:\LGO=VRBK`Gl,*i"uz9TCG'tVJX:T
          Sep 5, 2024 14:24:46.309092045 CEST83INData Raw: a7 37 2f d5 3e b4 fa f7 52 88 fa 7b 91 d4 3f 9b b6 1a 51 38 ac f9 db e1 15 b6 5c 77 bc a6 0e c2 25 95 07 7b b7 00 aa 87 bb 9b 34 bb a9 0b 29 6f f4 19 7c b9 9f b6 4a 8c ec bd 22 44 e1 b6 1f 47 e1 cd fb 3f 3d 5e 28 6e 04 17 00 00 0d 0a 30 0d 0a 0d
          Data Ascii: 7/>R{?Q8\w%{4)o|J"DG?=^(n0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.649715104.16.32.24180416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          Sep 5, 2024 14:24:46.364717960 CEST336OUTGET /cdn-cgi/styles/main.css HTTP/1.1
          Host: 104.16.32.241
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/css,*/*;q=0.1
          Referer: http://104.16.32.241/
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Sep 5, 2024 14:24:46.466032028 CEST1236INHTTP/1.1 200 OK
          Date: Thu, 05 Sep 2024 12:24:46 GMT
          Content-Type: text/css
          Transfer-Encoding: chunked
          Connection: keep-alive
          Last-Modified: Wed, 04 Sep 2024 18:14:57 GMT
          ETag: W/"66d8a3a1-1f4d"
          Server: cloudflare
          CF-RAY: 8be632ba1f375e6d-EWR
          X-Frame-Options: DENY
          X-Content-Type-Options: nosniff
          Vary: Accept-Encoding
          Expires: Thu, 05 Sep 2024 14:24:46 GMT
          Cache-Control: max-age=7200
          Cache-Control: public
          Content-Encoding: gzip
          Data Raw: 38 38 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e5 59 4b 8f e3 b8 11 be e7 57 18 db 18 a0 bd 10 35 7a d8 ee 6e e9 92 4d 90 20 7b c8 1e 32 08 90 00 7d a1 a4 92 cd 98 12 05 8a 6e db 23 e8 bf 07 7c 49 94 2c 37 ba 83 4d 80 60 c7 a3 19 b1 be 62 a9 58 7c 54 b1 ca cf 59 2d 30 a9 81 77 67 52 88 43 12 06 c1 97 de cf f6 e8 7c 20 02 3a 84 b2 3d 62 0d ce 89 b8 26 61 9a e1 fc b8 e7 ec 54 17 28 67 94 f1 e4 a1 2c cb 5b 2a df 67 f8 31 da 6e 3d fb bc 61 fe e8 8a 5a af d5 37 72 a8 05 f0 ce e9 df b0 96 08 c2 ea 64 6b d4 a8 19 e2 d0 00 16 2e 97 a6 24 03 d6 fb 19 e3 05 70 b4 e7 f8 8a e2 20 90 7a 6b 8a a3 bb 26 18 bd 21 93 bf 29 51 ab 1d 6f 3d fb 18 b5 27 92 a4 ea 4a 0b 28 3a 83 70 5c 90 53 9b f8 d1 96 43 35 e8 d2 32 4a 06 96 56 5c 29 24 8a 34 30 04 16 d4 96 0f 2c 30 25 87 cd 65 e8 21 2c 24 58 e3 c2 f9 89 b7 8c a3 86 11 65 4f dd 4c 4c b3 f7 33 ca f2 63 57 90 b6 a1 f8 9a a8 56 ef 93 9a 92 1a d0 14 73 89 bd 2f 70 46 61 c0 54 ab f7 0f a4 28 a0 1e a8 35 ab a1 f7 4b ca b0 40 14 4a d1 a9 d7 44 be f6 7e 4e 01 f3 92 5c 12 5c 2a bd [TRUNCATED]
          Data Ascii: 880YKW5znM {2}n#|I,7M`bX|TY-0wgRC| :=b&aT(g,[*g1n=aZ7rdk.$p zk&!)Qo='J(:p\SC52JV\)$40,0%e!,$XeOLL3cWVs/pFaT(5K@JD~N\\*X-?K2&_ZSo%&q8ImpAgI0l"I;aj^(,E@a;;$a,C.};wC=P|"AORPWSgh;S@{|Oj&Cv`"~uA$#LI-ltzOCG:JrzA`NQ\pPEG=T7d`oKONtt.dRm.h30$i6rEre)4;7wpfZZabnEr`"wJ)P53MgTCJNS;xD)88?c
          Sep 5, 2024 14:24:46.466048956 CEST1236INData Raw: 38 b6 4d 20 7f a9 e3 d1 76 1b 4f ff d5 ee cc ed 26 9d 99 6a 2b c7 b9 53 8e 73 59 ec cb cb 8b 2b 33 dc c6 9e 7d de 11 cb a1 40 c0 39 e3 77 e5 66 45 b4 89 76 13 d1 cf 2f 5e bc f3 e2 e7 f7 f5 05 a8 51 7b ca 73 68 db fb 4a 67 39 8e 61 aa f7 d6 8b 82
          Data Ascii: 8M vO&j+SsY+3}@9wfEv/^Q{shJg9aEwZLn#Hc w}Gy=K)L-(%MKT^Hyfg?KgEgmC(D$zII.<R32vAMW
          Sep 5, 2024 14:24:46.466059923 CEST164INData Raw: 9a 5f 09 7c a0 dc 24 d9 16 97 81 04 74 85 49 b6 4d 85 69 84 de 2d 91 48 86 0a 05 c3 0d de 50 c4 40 52 cb c2 92 ef 17 18 8a d7 64 96 41 57 a4 8f 67 bb 15 fb c7 d7 97 62 e7 e3 17 0d 68 bf 9b b9 d9 eb 79 71 41 da 84 49 6d 9d a1 a9 ee 28 e8 26 62 54
          Data Ascii: _|$tIMi-HP@RdAWgbhyqAIm(&bTZec(V+rh,bYx6C@c?e~.[~o#nM0
          Sep 5, 2024 14:24:47.057445049 CEST370OUTGET /favicon.ico HTTP/1.1
          Host: 104.16.32.241
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
          Referer: http://104.16.32.241/
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Sep 5, 2024 14:24:47.165729046 CEST1236INHTTP/1.1 403 Forbidden
          Date: Thu, 05 Sep 2024 12:24:47 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          X-Frame-Options: SAMEORIGIN
          Referrer-Policy: same-origin
          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
          Expires: Thu, 01 Jan 1970 00:00:01 GMT
          Vary: Accept-Encoding
          Server: cloudflare
          CF-RAY: 8be632be7c335e6d-EWR
          Content-Encoding: gzip
          Data Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 [TRUNCATED]
          Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]@H]Exp7`X&^#KJf00C Y0cX8Sc)V3rC&GI.Od^+=YeOgX;XPztp[V6i-[8DN0Im$%)=3bF] :HC4`:#AM"(/j61"wQ.UVvN*g_Pw:ThP\skO:#\3-mV$-9+54F"%.752:e/z$R$I/7:G8'<]Xd8:G!7?8 93FDgE;][dMg=\yVPG?I7Ga:q|:~=1?H'xgjN~BpXb0+<q,:+i(@a_ku-W94NV\"vFvA_
          Sep 5, 2024 14:24:47.165760994 CEST1236INData Raw: 7a d8 7d ec 76 1f bb 8f 8f dd 4e 77 da 0a 83 da 93 6b 9f 06 8e 29 1a b0 26 99 6d 81 99 a3 49 b5 c9 98 4a b0 6f 18 67 66 1f a2 31 b2 44 ab fe 67 4b a2 27 8a 61 50 05 f1 58 f3 4d d4 02 08 b9 58 55 21 87 ae 0d cb 73 34 c4 8f 57 33 55 82 48 52 ca 24
          Data Ascii: z}vNwk)&mIJogf1DgK'aPXMXU!s4W3UHR$u6D{URTI(1SV2>X]F"0T0b`bGd2u.NCpr>=+t4.F4]JYLY[aMU()X2>|/Rbp=y
          Sep 5, 2024 14:24:47.165771008 CEST82INData Raw: 5e aa 7d 68 f5 ef a5 10 f4 77 22 a9 7f 36 6d 35 a2 70 b9 e6 6f fb 57 d8 62 dd e1 9a 3a 08 17 54 9e ec dd 02 a8 1e ee ee 92 f4 ae 2e a4 bc d1 67 f0 e5 71 da 2a 30 b2 f3 8a 10 94 b7 fd 30 28 df bc ff 03 ec e0 1b 7e 04 17 00 00 0d 0a 30 0d 0a 0d 0a
          Data Ascii: ^}hw"6m5poWb:T.gq*00(~0


          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.649718104.18.30.78443416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:46 UTC505OUTGET /beacon.js HTTP/1.1
          Host: performance.radar.cloudflare.com
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: */*
          Sec-Fetch-Site: cross-site
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: script
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-09-05 12:24:46 UTC1280INHTTP/1.1 403 Forbidden
          Date: Thu, 05 Sep 2024 12:24:46 GMT
          Content-Type: text/html; charset=UTF-8
          Content-Length: 16982
          Connection: close
          Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
          Cross-Origin-Embedder-Policy: require-corp
          Cross-Origin-Opener-Policy: same-origin
          Cross-Origin-Resource-Policy: same-origin
          Origin-Agent-Cluster: ?1
          Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
          Referrer-Policy: same-origin
          X-Content-Options: nosniff
          X-Frame-Options: SAMEORIGIN
          cf-mitigated: challenge
          2024-09-05 12:24:46 UTC788INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 75 76 35 5a 6a 7a 69 4f 2f 2f 47 79 72 53 66 78 50 36 41 7a 7a 39 64 2b 37 32 5a 44 46 61 56 31 49 46 39 33 39 2b 57 30 39 35 5a 6c 38 58 38 63 2f 6c 42 73 35 48 59 43 4b 6d 68 45 38 76 4d 71 5a 65 73 76 6d 38 34 2f 61 4a 6e 73 2b 6d 34 4e 5a 76 63 62 4e 59 4c 36 58 65 75 78 71 4d 53 64 50 78 71 61 45 53 5a 51 6b 75 59 36 48 38 4d 2b 71 7a 76 73 56 66 38 43 31 65 72 6d 73 4c 6c 66 45 43 5a 71 4d 4f 54 77 4b 61 52 6c 48 52 6d 30 58 6d 50 51 49 77 3d 3d 24 6f 47 33 55 67 51 75 53 75 73 4d 5a 2b 38 4f 31 65 43 78 57 74 51 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61
          Data Ascii: cf-chl-out: uv5ZjziO//GyrSfxP6Azz9d+72ZDFaV1IF939+W095Zl8X8c/lBs5HYCKmhE8vMqZesvm84/aJns+m4NZvcbNYL6XeuxqMSdPxqaESZQkuY6H8M+qzvsVf8C1ermsLlfECZqMOTwKaRlHRm0XmPQIw==$oG3UgQuSusMZ+8O1eCxWtQ==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
          2024-09-05 12:24:46 UTC670INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70
          Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewp
          2024-09-05 12:24:46 UTC1369INData Raw: 65 69 67 68 74 3a 31 30 30 76 68 7d 62 6f 64 79 2e 6e 6f 2d 6a 73 20 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 64 39 64 39 64 39 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 39 39 39 20 74 72 61 6e
          Data Ascii: eight:100vh}body.no-js .loading-spinner{visibility:hidden}body.theme-dark{background-color:#222;color:#d9d9d9}body.theme-dark a{color:#fff}body.theme-dark a:hover{color:#ee730a;text-decoration:underline}body.theme-dark .lds-ring div{border-color:#999 tran
          2024-09-05 12:24:46 UTC1369INData Raw: 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 6c 69 67 68 74 20 61 7b 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 7d 62 6f 64 79 2e 74 68 65 6d 65 2d 6c 69 67 68 74
          Data Ascii: C41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+)}body.theme-light{background-color:#fff;color:#313131}body.theme-light a{color:#0051c3}body.theme-light
          2024-09-05 12:24:46 UTC1369INData Raw: 4d 31 4e 7a 52 68 49 69 42 6b 50 53 4a 4e 4d 54 63 75 4d 44 4d 34 49 44 45 34 4c 6a 59 78 4e 55 67 78 4e 43 34 34 4e 30 77 78 4e 43 34 31 4e 6a 4d 67 4f 53 34 31 61 44 49 75 4e 7a 67 7a 65 6d 30 74 4d 53 34 77 4f 44 51 67 4d 53 34 30 4d 6a 64 78 4c 6a 59 32 49 44 41 67 4d 53 34 77 4e 54 63 75 4d 7a 67 34 4c 6a 51 77 4e 79 34 7a 4f 44 6b 75 4e 44 41 33 4c 6a 6b 35 4e 43 41 77 49 43 34 31 4f 54 59 74 4c 6a 51 77 4e 79 34 35 4f 44 51 74 4c 6a 4d 35 4e 79 34 7a 4f 53 30 78 4c 6a 41 31 4e 79 34 7a 4f 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c
          Data Ascii: M1NzRhIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxL
          2024-09-05 12:24:46 UTC1369INData Raw: 68 74 3a 31 2e 32 35 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 72 65 6d 7d 2e 63 6f 72 65 2d 6d 73 67 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64
          Data Ascii: ht:1.25rem}@media (width <= 720px){.h1{font-size:1.5rem;line-height:1.75rem}.h2{font-size:1.25rem}.core-msg,.h2{line-height:1.5rem}.core-msg{font-size:1rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3d
          2024-09-05 12:24:46 UTC1369INData Raw: 34 38 4c 33 4e 32 5a 7a 34 3d 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 32 70 78 7d 2e 74 65 78 74 2d 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 70 6f 77 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 35 31 63 33 3b 62 6f 72 64 65 72 3a 2e 30 36 33 72 65 6d 20 73 6f 6c 69 64 20 23 30 30 35 31 63 33 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 31 33 72 65 6d 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 31 33 72 65 6d 3b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 3b 70 61 64 64 69 6e 67 3a 2e 33 37 35 72 65 6d 20 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 2e
          Data Ascii: 48L3N2Zz4=);padding-left:42px}.text-center{text-align:center}.pow-button{background-color:#0051c3;border:.063rem solid #0051c3;border-radius:.313rem;color:#fff;font-size:.875rem;line-height:1.313rem;margin:2rem 0;padding:.375rem 1rem;transition-duration:.
          2024-09-05 12:24:46 UTC1369INData Raw: 74 68 3a 31 2e 38 37 35 72 65 6d 7d 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 61 6e 69 6d 61 74 69 6f 6e 3a 6c 64 73 2d 72 69 6e 67 20 31 2e 32 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 35 2c 30 2c 2e 35 2c 31 29 20 69 6e 66 69 6e 69 74 65 3b 62 6f 72 64 65 72 3a 2e 33 72 65 6d 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 33 31 33 31 33 31 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 2d 2e
          Data Ascii: th:1.875rem}.lds-ring div{animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;border:.3rem solid transparent;border-radius:50%;border-top-color:#313131;box-sizing:border-box;display:block;position:absolute}.lds-ring div:first-child{animation-delay:-.


          Session IDSource IPSource PortDestination IPDestination Port
          1192.168.2.64971940.113.110.67443
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:47 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 65 4b 31 59 73 6e 67 62 6b 53 4c 30 51 63 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 64 39 37 30 62 63 61 37 65 31 61 35 32 63 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: feK1YsngbkSL0Qc/.1Context: 2ad970bca7e1a52c
          2024-09-05 12:24:47 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-09-05 12:24:47 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 65 4b 31 59 73 6e 67 62 6b 53 4c 30 51 63 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 64 39 37 30 62 63 61 37 65 31 61 35 32 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 32 30 64 38 52 66 46 77 65 6a 46 65 46 34 48 32 67 39 6c 51 2f 31 32 68 52 4a 4f 30 4f 4c 79 2b 2b 6b 70 44 30 6b 45 4d 65 6f 57 54 52 54 51 38 48 39 76 75 53 74 76 4a 63 69 38 44 7a 6f 35 32 52 2f 6d 62 36 30 32 59 37 71 32 56 70 51 33 4a 33 66 6b 43 45 45 5a 49 55 6e 6a 71 59 38 6b 63 6b 75 58 46 6f 38 38 2f 34 6e 6c
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: feK1YsngbkSL0Qc/.2Context: 2ad970bca7e1a52c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfU20d8RfFwejFeF4H2g9lQ/12hRJO0OLy++kpD0kEMeoWTRTQ8H9vuStvJci8Dzo52R/mb602Y7q2VpQ3J3fkCEEZIUnjqY8kckuXFo88/4nl
          2024-09-05 12:24:47 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 65 4b 31 59 73 6e 67 62 6b 53 4c 30 51 63 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 64 39 37 30 62 63 61 37 65 31 61 35 32 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: feK1YsngbkSL0Qc/.3Context: 2ad970bca7e1a52c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-09-05 12:24:47 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-09-05 12:24:47 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 71 6a 77 70 4a 73 44 71 55 2b 79 76 75 4a 45 32 63 31 43 2b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: yqjwpJsDqU+yvuJE2c1C+A.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.649723184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:50 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-09-05 12:24:50 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF67)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=102050
          Date: Thu, 05 Sep 2024 12:24:50 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.649724184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:51 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-09-05 12:24:51 UTC515INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=102103
          Date: Thu, 05 Sep 2024 12:24:51 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-09-05 12:24:51 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination Port
          4192.168.2.64972540.113.110.67443
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:56 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 51 38 77 68 35 2f 52 4d 49 55 2b 6b 6f 68 79 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 30 30 38 65 38 37 32 64 38 39 66 32 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 304MS-CV: Q8wh5/RMIU+kohyJ.1Context: 12008e872d89f23
          2024-09-05 12:24:56 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-09-05 12:24:56 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 51 38 77 68 35 2f 52 4d 49 55 2b 6b 6f 68 79 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 30 30 38 65 38 37 32 64 38 39 66 32 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 32 30 64 38 52 66 46 77 65 6a 46 65 46 34 48 32 67 39 6c 51 2f 31 32 68 52 4a 4f 30 4f 4c 79 2b 2b 6b 70 44 30 6b 45 4d 65 6f 57 54 52 54 51 38 48 39 76 75 53 74 76 4a 63 69 38 44 7a 6f 35 32 52 2f 6d 62 36 30 32 59 37 71 32 56 70 51 33 4a 33 66 6b 43 45 45 5a 49 55 6e 6a 71 59 38 6b 63 6b 75 58 46 6f 38 38 2f 34 6e 6c 4c
          Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: Q8wh5/RMIU+kohyJ.2Context: 12008e872d89f23<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfU20d8RfFwejFeF4H2g9lQ/12hRJO0OLy++kpD0kEMeoWTRTQ8H9vuStvJci8Dzo52R/mb602Y7q2VpQ3J3fkCEEZIUnjqY8kckuXFo88/4nlL
          2024-09-05 12:24:56 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 51 38 77 68 35 2f 52 4d 49 55 2b 6b 6f 68 79 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 30 30 38 65 38 37 32 64 38 39 66 32 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 196MS-CV: Q8wh5/RMIU+kohyJ.3Context: 12008e872d89f23<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-09-05 12:24:56 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-09-05 12:24:56 UTC58INData Raw: 4d 53 2d 43 56 3a 20 77 70 35 45 76 56 6d 42 49 45 43 57 65 70 55 42 50 6e 69 59 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: wp5EvVmBIECWepUBPniYiQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.64972652.165.165.26443
          TimestampBytes transferredDirectionData
          2024-09-05 12:24:57 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fyVtyGwSKYB84PZ&MD=Aa5MVlha HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
          Host: slscr.update.microsoft.com
          2024-09-05 12:24:58 UTC560INHTTP/1.1 200 OK
          Cache-Control: no-cache
          Pragma: no-cache
          Content-Type: application/octet-stream
          Expires: -1
          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
          MS-CorrelationId: bc96a7f0-6c0b-4800-b3fd-b3d0d680f782
          MS-RequestId: 8fc758e0-8853-44c1-9f73-ccfd7bca2555
          MS-CV: WuZCEQigNU+4pmYs.0
          X-Microsoft-SLSClientCache: 2880
          Content-Disposition: attachment; filename=environment.cab
          X-Content-Type-Options: nosniff
          Date: Thu, 05 Sep 2024 12:24:57 GMT
          Connection: close
          Content-Length: 24490
          2024-09-05 12:24:58 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
          2024-09-05 12:24:58 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


          Session IDSource IPSource PortDestination IPDestination Port
          6192.168.2.64973040.113.110.67443
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:09 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 74 38 4b 5a 41 74 54 44 55 57 4d 48 59 34 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 32 39 66 35 64 31 36 33 62 66 66 37 64 37 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: 5t8KZAtTDUWMHY4B.1Context: 8529f5d163bff7d7
          2024-09-05 12:25:09 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-09-05 12:25:09 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 74 38 4b 5a 41 74 54 44 55 57 4d 48 59 34 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 32 39 66 35 64 31 36 33 62 66 66 37 64 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 32 30 64 38 52 66 46 77 65 6a 46 65 46 34 48 32 67 39 6c 51 2f 31 32 68 52 4a 4f 30 4f 4c 79 2b 2b 6b 70 44 30 6b 45 4d 65 6f 57 54 52 54 51 38 48 39 76 75 53 74 76 4a 63 69 38 44 7a 6f 35 32 52 2f 6d 62 36 30 32 59 37 71 32 56 70 51 33 4a 33 66 6b 43 45 45 5a 49 55 6e 6a 71 59 38 6b 63 6b 75 58 46 6f 38 38 2f 34 6e 6c
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5t8KZAtTDUWMHY4B.2Context: 8529f5d163bff7d7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfU20d8RfFwejFeF4H2g9lQ/12hRJO0OLy++kpD0kEMeoWTRTQ8H9vuStvJci8Dzo52R/mb602Y7q2VpQ3J3fkCEEZIUnjqY8kckuXFo88/4nl
          2024-09-05 12:25:09 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 74 38 4b 5a 41 74 54 44 55 57 4d 48 59 34 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 32 39 66 35 64 31 36 33 62 66 66 37 64 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5t8KZAtTDUWMHY4B.3Context: 8529f5d163bff7d7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-09-05 12:25:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-09-05 12:25:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 59 70 59 79 45 64 43 41 50 55 36 6d 76 72 47 62 53 73 6f 76 79 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: YpYyEdCAPU6mvrGbSsovyA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.649731104.18.2.57443416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:12 UTC500OUTOPTIONS /api/v1/event HTTP/1.1
          Host: sparrow.cloudflare.com
          Connection: keep-alive
          Accept: */*
          Access-Control-Request-Method: POST
          Access-Control-Request-Headers: content-type,sparrow-source-key
          Origin: http://104.16.32.241
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Sec-Fetch-Mode: cors
          Sec-Fetch-Site: cross-site
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-09-05 12:25:12 UTC414INHTTP/1.1 200 OK
          Date: Thu, 05 Sep 2024 12:25:12 GMT
          Content-Type: text/plain;charset=UTF-8
          Content-Length: 8
          Connection: close
          Access-Control-Allow-Origin: http://104.16.32.241
          Vary: Origin
          access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin
          access-control-allow-methods: POST, OPTIONS
          access-control-max-age: 600
          Server: cloudflare
          CF-RAY: 8be6335b3a857d08-EWR
          2024-09-05 12:25:12 UTC8INData Raw: 53 75 63 63 65 73 73 2e
          Data Ascii: Success.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          8192.168.2.649732104.18.2.57443416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:12 UTC631OUTPOST /api/v1/event HTTP/1.1
          Host: sparrow.cloudflare.com
          Connection: keep-alive
          Content-Length: 87
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1e
          Content-Type: application/json
          sec-ch-ua-mobile: ?0
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          sec-ch-ua-platform: "Windows"
          Accept: */*
          Origin: http://104.16.32.241
          Sec-Fetch-Site: cross-site
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-09-05 12:25:12 UTC87OUTData Raw: 7b 22 65 76 65 6e 74 22 3a 22 66 65 65 64 62 61 63 6b 20 63 6c 69 63 6b 65 64 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 65 72 72 6f 72 43 6f 64 65 22 3a 31 30 30 33 2c 22 68 65 6c 70 66 75 6c 22 3a 74 72 75 65 2c 22 76 65 72 73 69 6f 6e 22 3a 31 7d 7d
          Data Ascii: {"event":"feedback clicked","properties":{"errorCode":1003,"helpful":true,"version":1}}
          2024-09-05 12:25:12 UTC420INHTTP/1.1 200 Filtered
          Date: Thu, 05 Sep 2024 12:25:12 GMT
          Content-Type: text/plain;charset=UTF-8
          Content-Length: 9
          Connection: close
          Access-Control-Allow-Origin: http://104.16.32.241
          Vary: Origin
          access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin
          access-control-allow-methods: POST, OPTIONS
          access-control-max-age: 600
          Server: cloudflare
          CF-RAY: 8be6335f0b0f430e-EWR
          2024-09-05 12:25:12 UTC9INData Raw: 46 69 6c 74 65 72 65 64 2e
          Data Ascii: Filtered.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          9192.168.2.649733104.18.2.57443416C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:13 UTC358OUTGET /api/v1/event HTTP/1.1
          Host: sparrow.cloudflare.com
          Connection: keep-alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: */*
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-09-05 12:25:13 UTC195INHTTP/1.1 401 Unauthorized
          Date: Thu, 05 Sep 2024 12:25:13 GMT
          Content-Type: text/plain;charset=UTF-8
          Content-Length: 12
          Connection: close
          Server: cloudflare
          CF-RAY: 8be633630e0f41ed-EWR
          2024-09-05 12:25:13 UTC12INData Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64
          Data Ascii: Unauthorized


          Session IDSource IPSource PortDestination IPDestination Port
          10192.168.2.64973440.113.110.67443
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:32 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 7a 36 6e 45 6c 6f 31 59 6b 4f 49 67 52 6b 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 37 31 35 32 35 37 63 61 62 62 63 66 34 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: Bz6nElo1YkOIgRkz.1Context: d7715257cabbcf43
          2024-09-05 12:25:32 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-09-05 12:25:32 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 7a 36 6e 45 6c 6f 31 59 6b 4f 49 67 52 6b 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 37 31 35 32 35 37 63 61 62 62 63 66 34 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 32 30 64 38 52 66 46 77 65 6a 46 65 46 34 48 32 67 39 6c 51 2f 31 32 68 52 4a 4f 30 4f 4c 79 2b 2b 6b 70 44 30 6b 45 4d 65 6f 57 54 52 54 51 38 48 39 76 75 53 74 76 4a 63 69 38 44 7a 6f 35 32 52 2f 6d 62 36 30 32 59 37 71 32 56 70 51 33 4a 33 66 6b 43 45 45 5a 49 55 6e 6a 71 59 38 6b 63 6b 75 58 46 6f 38 38 2f 34 6e 6c
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Bz6nElo1YkOIgRkz.2Context: d7715257cabbcf43<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfU20d8RfFwejFeF4H2g9lQ/12hRJO0OLy++kpD0kEMeoWTRTQ8H9vuStvJci8Dzo52R/mb602Y7q2VpQ3J3fkCEEZIUnjqY8kckuXFo88/4nl
          2024-09-05 12:25:32 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 7a 36 6e 45 6c 6f 31 59 6b 4f 49 67 52 6b 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 37 31 35 32 35 37 63 61 62 62 63 66 34 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: Bz6nElo1YkOIgRkz.3Context: d7715257cabbcf43<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-09-05 12:25:32 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-09-05 12:25:32 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 43 6f 53 7a 74 57 72 44 6b 71 6f 59 52 4f 47 47 76 47 6a 72 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: LCoSztWrDkqoYROGGvGjrg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          11192.168.2.64973552.165.165.26443
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:35 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fyVtyGwSKYB84PZ&MD=Aa5MVlha HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
          Host: slscr.update.microsoft.com
          2024-09-05 12:25:35 UTC560INHTTP/1.1 200 OK
          Cache-Control: no-cache
          Pragma: no-cache
          Content-Type: application/octet-stream
          Expires: -1
          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
          MS-CorrelationId: 0a29acb8-e0d8-47b1-80ea-025def2fae18
          MS-RequestId: 6deebb0d-4823-4ff1-9616-409dc2f07f13
          MS-CV: xx9GOmdccUmA5wJA.0
          X-Microsoft-SLSClientCache: 1440
          Content-Disposition: attachment; filename=environment.cab
          X-Content-Type-Options: nosniff
          Date: Thu, 05 Sep 2024 12:25:34 GMT
          Connection: close
          Content-Length: 30005
          2024-09-05 12:25:35 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
          2024-09-05 12:25:35 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


          Session IDSource IPSource PortDestination IPDestination Port
          12192.168.2.65087840.113.110.67443
          TimestampBytes transferredDirectionData
          2024-09-05 12:25:56 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 78 6d 41 2b 55 6a 53 41 6b 32 6f 2b 45 41 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 37 31 38 38 63 65 38 35 64 66 32 39 65 38 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: KxmA+UjSAk2o+EAH.1Context: f07188ce85df29e8
          2024-09-05 12:25:56 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-09-05 12:25:56 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 78 6d 41 2b 55 6a 53 41 6b 32 6f 2b 45 41 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 37 31 38 38 63 65 38 35 64 66 32 39 65 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 32 30 64 38 52 66 46 77 65 6a 46 65 46 34 48 32 67 39 6c 51 2f 31 32 68 52 4a 4f 30 4f 4c 79 2b 2b 6b 70 44 30 6b 45 4d 65 6f 57 54 52 54 51 38 48 39 76 75 53 74 76 4a 63 69 38 44 7a 6f 35 32 52 2f 6d 62 36 30 32 59 37 71 32 56 70 51 33 4a 33 66 6b 43 45 45 5a 49 55 6e 6a 71 59 38 6b 63 6b 75 58 46 6f 38 38 2f 34 6e 6c
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: KxmA+UjSAk2o+EAH.2Context: f07188ce85df29e8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfU20d8RfFwejFeF4H2g9lQ/12hRJO0OLy++kpD0kEMeoWTRTQ8H9vuStvJci8Dzo52R/mb602Y7q2VpQ3J3fkCEEZIUnjqY8kckuXFo88/4nl
          2024-09-05 12:25:56 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 78 6d 41 2b 55 6a 53 41 6b 32 6f 2b 45 41 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 37 31 38 38 63 65 38 35 64 66 32 39 65 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: KxmA+UjSAk2o+EAH.3Context: f07188ce85df29e8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-09-05 12:25:56 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-09-05 12:25:56 UTC58INData Raw: 4d 53 2d 43 56 3a 20 71 37 2b 31 47 43 66 46 48 6b 53 48 52 47 46 50 6f 70 30 36 37 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: q7+1GCfFHkSHRGFPop067g.0Payload parsing failed.


          Statistics

          CPU Usage

          020406080s020406080100

          Click to jump to process

          Memory Usage

          020406080s0.0050100MB

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:08:24:38
          Start date:05/09/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false
          Show Windows behavior

          File Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Memory Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Token Activities


          General

          Target ID:2
          Start time:08:24:42
          Start date:05/09/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2388,i,17422529707629254449,4040055923803264848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false
          Show Windows behavior

          File Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Memory Activities


          General

          Target ID:3
          Start time:08:24:45
          Start date:05/09/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.16.32.241"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Disassembly

          No disassembly