Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://use.typekit.net/whp4ksz.css

Overview

General Information

Sample URL:https://use.typekit.net/whp4ksz.css
Analysis ID:1447155
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2240,i,17888624385869908821,15482004281245465364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://use.typekit.net/whp4ksz.css" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://use.typekit.net/whp4ksz.cssHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:56066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:56070 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:56062 -> 1.1.1.1:53
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: use.typekit.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1716554778007&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a05d
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a05f
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a061
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a062
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a069
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a06d
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a06f
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a072
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a075
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a077
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a07a
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a07c
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/00000000000000007735a07e
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d5006
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d5007
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d5009
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d500b
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d500d
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d5013
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d5014
Source: chromecache_121.2.drString found in binary or memory: http://typekit.com/eulas/0000000000000000774d605d
Source: chromecache_121.2.drString found in binary or memory: https://p.typekit.net/p.css?s=1&k=whp4ksz&ht=tk&f=14541.14542.14543.14544.14545.14546.14547.14548.14
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/066173/00000000000000007735a05f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/066173/00000000000000007735a05f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/066173/00000000000000007735a05f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3942a0/00000000000000007735a077/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3942a0/00000000000000007735a077/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3942a0/00000000000000007735a077/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8939f9/00000000000000007735a061/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8939f9/00000000000000007735a061/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8939f9/00000000000000007735a061/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/90537e/0000000000000000774d500d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/90537e/0000000000000000774d500d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/90537e/0000000000000000774d500d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/af6121/0000000000000000774d5006/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/af6121/0000000000000000774d5006/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/af6121/0000000000000000774d5006/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/cb3467/00000000000000007735a069/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/cb3467/00000000000000007735a069/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/cb3467/00000000000000007735a069/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/e117fb/00000000000000007735a062/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/e117fb/00000000000000007735a062/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/e117fb/00000000000000007735a062/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/f18587/00000000000000007735a07a/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/f18587/00000000000000007735a07a/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_121.2.drString found in binary or memory: https://use.typekit.net/af/f18587/00000000000000007735a07a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56066
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 56070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56071
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56071 -> 443
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:56066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.5:56070 version: TLS 1.2
Source: classification engineClassification label: clean1.win@21/11@6/3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2240,i,17888624385869908821,15482004281245465364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://use.typekit.net/whp4ksz.css"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2240,i,17888624385869908821,15482004281245465364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1447155 URL: https://use.typekit.net/whp... Startdate: 24/05/2024 Architecture: WINDOWS Score: 1 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.5, 443, 49421, 49708 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 www.google.com 142.250.186.68, 443, 49732, 56069 GOOGLEUS United States 10->17 19 use.typekit.net 10->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://use.typekit.net/whp4ksz.css0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://use.typekit.net/af/f18587/00000000000000007735a07a/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d605d0%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a06f0%Avira URL Cloudsafe
https://use.typekit.net/af/90537e/0000000000000000774d500d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/cb3467/00000000000000007735a069/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a06d0%Avira URL Cloudsafe
https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/e117fb/00000000000000007735a062/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d50140%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d50130%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0770%Avira URL Cloudsafe
https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0750%Avira URL Cloudsafe
https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d500b0%Avira URL Cloudsafe
https://use.typekit.net/af/8939f9/00000000000000007735a061/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d500d0%Avira URL Cloudsafe
https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a07e0%Avira URL Cloudsafe
https://use.typekit.net/af/90537e/0000000000000000774d500d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a07c0%Avira URL Cloudsafe
https://use.typekit.net/af/f18587/00000000000000007735a07a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/e117fb/00000000000000007735a062/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/af6121/0000000000000000774d5006/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/cb3467/00000000000000007735a069/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/3942a0/00000000000000007735a077/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a07a0%Avira URL Cloudsafe
https://use.typekit.net/af/90537e/0000000000000000774d500d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/af6121/0000000000000000774d5006/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0610%Avira URL Cloudsafe
https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8939f9/00000000000000007735a061/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/3942a0/00000000000000007735a077/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/066173/00000000000000007735a05f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/cb3467/00000000000000007735a069/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a05f0%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a05d0%Avira URL Cloudsafe
https://use.typekit.net/af/f18587/00000000000000007735a07a/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d50070%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0720%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d50060%Avira URL Cloudsafe
https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/0000000000000000774d50090%Avira URL Cloudsafe
https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/af6121/0000000000000000774d5006/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0690%Avira URL Cloudsafe
https://use.typekit.net/af/3942a0/00000000000000007735a077/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/e117fb/00000000000000007735a062/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/066173/00000000000000007735a05f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
http://typekit.com/eulas/00000000000000007735a0620%Avira URL Cloudsafe
https://use.typekit.net/af/066173/00000000000000007735a05f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://p.typekit.net/p.css?s=1&k=whp4ksz&ht=tk&f=14541.14542.14543.14544.14545.14546.14547.14548.140%Avira URL Cloudsafe
https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/d?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe
https://use.typekit.net/af/8939f9/00000000000000007735a061/30/a?primer=7cdcb44be4a7db8877ffa5c0007b80%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.68
truefalse
    		unknown
    fp2e7a.wpc.phicdn.net
    		192.229.221.95
    		truefalse
      		unknown
      use.typekit.net
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://use.typekit.net/whp4ksz.cssfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://use.typekit.net/af/f18587/00000000000000007735a07a/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d605dchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a06fchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/90537e/0000000000000000774d500d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/cb3467/00000000000000007735a069/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a06dchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/e117fb/00000000000000007735a062/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d5014chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d5013chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a077chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a075chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d500bchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8939f9/00000000000000007735a061/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d500dchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a07echromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/90537e/0000000000000000774d500d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a07cchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/f18587/00000000000000007735a07a/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2c3e43/00000000000000007735a07e/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/e117fb/00000000000000007735a062/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/af6121/0000000000000000774d5006/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/cb3467/00000000000000007735a069/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3942a0/00000000000000007735a077/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a07achromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/90537e/0000000000000000774d500d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/af6121/0000000000000000774d5006/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a061chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8939f9/00000000000000007735a061/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/1c0a46/00000000000000007735a075/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3942a0/00000000000000007735a077/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/066173/00000000000000007735a05f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/cb3467/00000000000000007735a069/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/dabd7c/00000000000000007735a06d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a05fchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a05dchromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/f18587/00000000000000007735a07a/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d5007chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a072chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d5006chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/0000000000000000774d5009chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/af6121/0000000000000000774d5006/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a069chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3942a0/00000000000000007735a077/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/e117fb/00000000000000007735a062/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/066173/00000000000000007735a05f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8a1d90/0000000000000000774d5014/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://typekit.com/eulas/00000000000000007735a062chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/066173/00000000000000007735a05f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/4e3fed/00000000000000007735a06f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/7484b6/0000000000000000774d5009/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/3ebd6d/0000000000000000774d605d/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/868fa0/0000000000000000774d5007/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d5c010/0000000000000000774d500b/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://p.typekit.net/p.css?s=1&k=whp4ksz&ht=tk&f=14541.14542.14543.14544.14545.14546.14547.14548.14chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/ae6547/0000000000000000774d5013/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/d4e28f/00000000000000007735a072/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8c3639/00000000000000007735a07c/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/2dfb40/00000000000000007735a05d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://use.typekit.net/af/8939f9/00000000000000007735a061/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8chromecache_121.2.drfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse

          Private

          IP
          192.168.2.5

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1447155
          Start date and time:2024-05-24 14:45:30 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 48s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://use.typekit.net/whp4ksz.css
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean1.win@21/11@6/3
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 192.229.221.95, 40.126.32.68, 20.190.160.14, 40.126.32.134, 20.190.160.17, 40.126.32.136, 20.190.160.22, 40.126.32.74, 40.126.32.138, 199.232.214.172, 142.250.186.163, 216.58.206.46, 74.125.206.84, 2.19.126.225, 2.19.126.198, 34.104.35.123, 52.165.165.26, 20.166.126.56, 20.114.59.183, 2.19.126.137, 216.58.206.35, 40.68.123.157
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, ctldl.windowsupdate.com, clientservices.googleapis.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, use-stls.adobe.com.edgesuite.net, edgedl.me.gvt1.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, a1988.dscg1.akamai.net, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:46:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9755646792454336
          Encrypted:false
          SSDEEP:48:8lSdCTOu+HJidAKZdA19ehwiZUklqehgy+3:8lL3k/y
          MD5:DF02AE8D57D46DFB58EE796790C3C05E
          SHA1:FA2277674A422B396AAAB40DFE7A5653EC52EEF6
          SHA-256:058B1AF30879B37889E5D2B472D3538E93AA6906B06B94BA54AF6CBF67511AD8
          SHA-512:527DE28D92B3357B6F294F81E28B67F0C067F2A19A63CB01E0A25A1E74AFA5C992958AA58EDCBD2FB5218791556EBDD9E05DD190A38FA66EB7392B4A62D6DC59
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,....F..h...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:46:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.990582874036708
          Encrypted:false
          SSDEEP:48:8/QSdCTOu+HJidAKZdA1weh/iZUkAQkqehvy+2:8YL3W9QWy
          MD5:DC47F313EB3F063976ED545CBCC7A65F
          SHA1:025020E85B542C0ACD83BD13EAB0AB87015936C2
          SHA-256:1904E8BC952442A4B30ECF2522064F32E8E4E2D15D8FE55BC7E7ADFF2C6F6716
          SHA-512:FE2DF40E572661355571DACAB37969EDA3AEF71A94E2FDE904AC14DC935716560EAC09815192F200311EA525319381CBDF7C2FEA68095F671133CB0F210A05CE
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.......h...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2693
          Entropy (8bit):4.00206470078338
          Encrypted:false
          SSDEEP:48:8xfdCTOusHJidAKZdA14tseh7sFiZUkmgqeh7sly+BX:8xM3cnLy
          MD5:45585C0A8ABDC39AB93FB44893986927
          SHA1:2FD8F0BCF0322AEA3433C87D305731749417C29F
          SHA-256:7B5290552FF7F7AE09FE987D69BFDDB9FBF99AF8B2EAC3AD593318C380D18C16
          SHA-512:4389E5C05F1FDB5AB6452505BEF0A70077C9E502996BB6D3EEF6A0D178D49B89C16F605BA3C97FD9DC1E6E4D0C4AAEB7119A52BBC56563A134263D02E5408873
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:46:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.985750053210484
          Encrypted:false
          SSDEEP:48:8OSdCTOu+HJidAKZdA1vehDiZUkwqehTy+R:8OL39Ny
          MD5:02B42D8E4D6AF4A49BFDAA78F86C5D0D
          SHA1:544109190E0BEC2F051F97C21B860468AF87BE80
          SHA-256:3CE159049C5ED9340EEE28C9698297AF56BE5321565B5C1EB3AF7E7B99205772
          SHA-512:1F0FCABE78453EE202C3547ED3F931EF49AF29BC693C876A1386AA81BF1176EF2743B34EDF97DFBB95574F5513FD59400A8077BE0D44C7E4495809555652330D
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....o.h...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:46:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.9772909170729025
          Encrypted:false
          SSDEEP:48:8vSdCTOu+HJidAKZdA1hehBiZUk1W1qehBy+C:8vL3d9hy
          MD5:540FE7399E7992B1D43913070CE33BDA
          SHA1:FE34B0E4D872A006138FFEBD1C6C5EE588277E68
          SHA-256:E2B48D6129176806EBBB6CE47D2ACB72E550F82C9CBD291052035933BB2A7F63
          SHA-512:8D135E7A6A732B82F83D24215AF72C613E27A5B3B089DEC80E769A98F8B1AA4254161262C23D6189F38178460F6C65E70E5B6646D03AB0017B6AC4A8216E0B05
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.......h...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 11:46:34 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2683
          Entropy (8bit):3.987500365424162
          Encrypted:false
          SSDEEP:48:8+SdCTOu+HJidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbLy+yT+:8+L3hT/TbxWOvTbLy7T
          MD5:ACFF402D49D411476F11602A0A3638D4
          SHA1:ABF59EF96D64150361121342D3D4D8CDFFDF1FEE
          SHA-256:EDFC087FD6112693E0EE072FB12698DA6B1834FC1CFF25974C920F2DFE81488D
          SHA-512:A32048A1D3E7B1EE5AC81AF5506F3E5A89B981BBC2DAC7ACF878D4AE31354A4D877B0D34470E883623F031B87CD15F2CE16789DBE38DE0504D1D2DDF830D815D
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....@.h...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.e....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.e....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.e....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.e..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.e...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............`......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          Chrome Cache Entry: 121

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Unicode text, UTF-8 text, with very long lines (516)
          Category:downloaded
          Size (bytes):15409
          Entropy (8bit):5.163204285559
          Encrypted:false
          SSDEEP:384:0Ch1iw0Ovd6zy10ovOAv9HXKEj7j8vV9fFW:dLiwbV6zy10ovOQXKEAvV98
          MD5:20B9CCC8382B99EE4260EE4FFF185986
          SHA1:E18E7844501A4253B234E1133D0BF47AD0A398AD
          SHA-256:16B685543B5A8F19BBB89EB0BEC1AAFEE8E790271B2F6DA2BF87E90378A83BEA
          SHA-512:AF82CE4A23B97DFBAF0E6A84D835F735475ED3193A46286AF777768D5952E263025C6D9DCC1E7E487DC9A9551AE7C768FD76654233A13864474D79141C784343
          Malicious:false
          Reputation:low
          URL:https://use.typekit.net/whp4ksz.css
          Preview:/*. * The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. *. * canada-type-gibson:. * - http://typekit.com/eulas/0000000000000000774d605d. * - http://typekit.com/eulas/0000000000000000774d500b. * - http://typekit.com/eulas/0000000000000000774d5009. * - http://typekit.com/eulas/0000000000000000774d5014. * - http://typekit.com/eulas/0000000000000000774d5007. * - http://typekit.com/eulas/0000000000000000774d5006. * - http://typekit.com/eulas/0000000000000000774d5013. * - http://typekit.com/eulas/0000000000000000774d500d. * open-sans:. * - http://typekit.com/eulas/00000000000000007735a061. * - http://typekit.com/eulas/00000000000000007735a069. * - http://typekit.com/eulas/00000000000000007735a06d. * - http://typekit.com/eulas/00000000000000007735a06f. * - http://typekit.com/eul

          Chrome Cache Entry: 122

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
          Category:downloaded
          Size (bytes):6518
          Entropy (8bit):2.456863735231898
          Encrypted:false
          SSDEEP:12:G/qBuwfffF7whGxAGAiGLjG5fXGZ3w4kkZTwiff6KauQ////////EowgeEowOEen:GyE80fMfuVjDIZiRqanXXTXjwZ
          MD5:B7B78FE93E81E0A280EEDBBF258851BE
          SHA1:26DAB0466E9C316A46E1AC8E0D224E437B40A289
          SHA-256:26A43D1FB336BC1B715F88D3A8F616A17B1E0E00BA1E32DA5BA86D377A66ED21
          SHA-512:C0EB740916537E7AE656233BA47B614385CC21DFD32BAD9AF85935CF3C7BC6F3D56904172F51EA1DAD94290237375A381D1BA8CE2D8DD7733156D57AD779CA29
          Malicious:false
          Reputation:low
          URL:https://use.typekit.net/favicon.ico
          Preview:............ .(...&... .... .(...N...(....... ..... .............................................................................%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...X2...N..%...%...%....N..>"..K)...N..X2..%.........%...%...%....N.....%...%...%......X2...r......1...%.........%...%...%....N.....%...%...%.......r.....d9..%...%.........%...%...%....N.....%...%...%..........d..%...%...%.........%...%...%....N.....%...%...%.......d.....K)..%...%.........%...%...%....N.....%...%...%......X2...d......1...%.........%...1...X2...].....X2..X2..%......X2..1...X2..1...%.........%...X2.................%......X2..%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%

          Chrome Cache Entry: 123

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
          Category:dropped
          Size (bytes):6518
          Entropy (8bit):2.456863735231898
          Encrypted:false
          SSDEEP:12:G/qBuwfffF7whGxAGAiGLjG5fXGZ3w4kkZTwiff6KauQ////////EowgeEowOEen:GyE80fMfuVjDIZiRqanXXTXjwZ
          MD5:B7B78FE93E81E0A280EEDBBF258851BE
          SHA1:26DAB0466E9C316A46E1AC8E0D224E437B40A289
          SHA-256:26A43D1FB336BC1B715F88D3A8F616A17B1E0E00BA1E32DA5BA86D377A66ED21
          SHA-512:C0EB740916537E7AE656233BA47B614385CC21DFD32BAD9AF85935CF3C7BC6F3D56904172F51EA1DAD94290237375A381D1BA8CE2D8DD7733156D57AD779CA29
          Malicious:false
          Reputation:low
          Preview:............ .(...&... .... .(...N...(....... ..... .............................................................................%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...X2...N..%...%...%....N..>"..K)...N..X2..%.........%...%...%....N.....%...%...%......X2...r......1...%.........%...%...%....N.....%...%...%.......r.....d9..%...%.........%...%...%....N.....%...%...%..........d..%...%...%.........%...%...%....N.....%...%...%.......d.....K)..%...%.........%...%...%....N.....%...%...%......X2...d......1...%.........%...1...X2...].....X2..X2..%......X2..1...X2..1...%.........%...X2.................%......X2..%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%...%...%...%...%...%...%...%...%.........%...%...%...%...%...%

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 24, 2024 14:46:27.759215117 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:27.759246111 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:27.759380102 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:27.760093927 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:27.760106087 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.183063030 CEST49675443192.168.2.523.1.237.91
          May 24, 2024 14:46:28.183063030 CEST49674443192.168.2.523.1.237.91
          May 24, 2024 14:46:28.309266090 CEST49673443192.168.2.523.1.237.91
          May 24, 2024 14:46:28.640710115 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.640866995 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:28.658349037 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:28.658363104 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.658823967 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.661125898 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:28.661317110 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:28.661324024 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.662360907 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:28.702500105 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.867764950 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.867872953 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:28.868027925 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:30.585055113 CEST49719443192.168.2.540.115.3.253
          May 24, 2024 14:46:30.585077047 CEST4434971940.115.3.253192.168.2.5
          May 24, 2024 14:46:34.227087021 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:34.227112055 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:34.227200031 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:34.229005098 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:34.229027033 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.102890968 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.102972984 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.105093956 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.105103970 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.105426073 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.107320070 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.107382059 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.107388020 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.107696056 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.154501915 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.297271967 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.301420927 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.301434040 CEST4434972840.115.3.253192.168.2.5
          May 24, 2024 14:46:35.301455021 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:35.301501036 CEST49728443192.168.2.540.115.3.253
          May 24, 2024 14:46:37.387111902 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:37.387161016 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:37.387238026 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:37.387649059 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:37.387659073 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:37.784194946 CEST49675443192.168.2.523.1.237.91
          May 24, 2024 14:46:37.784282923 CEST49674443192.168.2.523.1.237.91
          May 24, 2024 14:46:37.909029961 CEST49673443192.168.2.523.1.237.91
          May 24, 2024 14:46:38.000797033 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.000823021 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.001118898 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.001928091 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.001938105 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.059123039 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:38.063337088 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:38.063366890 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:38.064562082 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:38.064670086 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:38.125730038 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.125766039 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.125933886 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.128323078 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.128338099 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.573642969 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:38.573822975 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:38.627751112 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:38.627780914 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:38.674652100 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:38.796597004 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.796681881 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.798904896 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.798916101 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.799328089 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.878209114 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:38.901154041 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.901223898 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.904696941 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.904710054 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.904939890 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.909113884 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.909320116 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.909326077 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:38.909727097 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:38.918512106 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:38.950521946 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:39.099582911 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.099730968 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.099796057 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.107235909 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.107259035 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.107274055 CEST49734443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.107280970 CEST44349734184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.113584042 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:39.113682985 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:39.113729000 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:39.114340067 CEST49733443192.168.2.540.115.3.253
          May 24, 2024 14:46:39.114346981 CEST4434973340.115.3.253192.168.2.5
          May 24, 2024 14:46:39.173531055 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.173599005 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.173683882 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.175405025 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.175437927 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.643198967 CEST4434970823.1.237.91192.168.2.5
          May 24, 2024 14:46:39.643289089 CEST49708443192.168.2.523.1.237.91
          May 24, 2024 14:46:39.889276028 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.889360905 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.890994072 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.891005993 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.891284943 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:39.892509937 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:39.934576035 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:40.225219965 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:40.225291014 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:40.227948904 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:40.227950096 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:40.229468107 CEST49736443192.168.2.5184.28.90.27
          May 24, 2024 14:46:40.229506016 CEST44349736184.28.90.27192.168.2.5
          May 24, 2024 14:46:45.148511887 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:45.148559093 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:45.148621082 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:45.149684906 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:45.149703026 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:45.998997927 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:45.999304056 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.713916063 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.713956118 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.714299917 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.716362000 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.716403961 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.716425896 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.716527939 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.758527040 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.943782091 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.944802046 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.944802999 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:46.944840908 CEST4434973740.115.3.253192.168.2.5
          May 24, 2024 14:46:46.944906950 CEST49737443192.168.2.540.115.3.253
          May 24, 2024 14:46:47.955741882 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:47.955890894 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:47.961951017 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:49.076215029 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:49.076256990 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:49.076387882 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:49.076793909 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:49.076817989 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:49.407682896 CEST49732443192.168.2.5142.250.186.68
          May 24, 2024 14:46:49.407716990 CEST44349732142.250.186.68192.168.2.5
          May 24, 2024 14:46:49.727216005 CEST49708443192.168.2.523.1.237.91
          May 24, 2024 14:46:49.727315903 CEST49708443192.168.2.523.1.237.91
          May 24, 2024 14:46:49.728039026 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:49.728076935 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:49.728152037 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:49.728447914 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:49.728461027 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:49.735553980 CEST4434970823.1.237.91192.168.2.5
          May 24, 2024 14:46:49.744874954 CEST4434970823.1.237.91192.168.2.5
          May 24, 2024 14:46:50.049676895 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.049782038 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.052206039 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.052229881 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.052984953 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.066812038 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.066936016 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.066948891 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.067056894 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.114506960 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.256011963 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.256202936 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.256369114 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.312103033 CEST49740443192.168.2.540.115.3.253
          May 24, 2024 14:46:50.312131882 CEST4434974040.115.3.253192.168.2.5
          May 24, 2024 14:46:50.378401995 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:50.378499031 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:50.800496101 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:50.800518990 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:50.801136971 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:50.801203966 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:50.801723003 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:50.801757097 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:50.801949024 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:50.801954031 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:51.137139082 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:51.137203932 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:51.137226105 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:51.137240887 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:51.137279034 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:51.137289047 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:51.139965057 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:51.139965057 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:46:51.139980078 CEST4434974123.1.237.91192.168.2.5
          May 24, 2024 14:46:51.140027046 CEST49741443192.168.2.523.1.237.91
          May 24, 2024 14:47:01.175549984 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:01.175609112 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:01.175677061 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:01.176615000 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:01.176631927 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.092727900 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.092904091 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.240171909 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.240205050 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.240488052 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.284820080 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.450052977 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.453528881 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.453543901 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.454447985 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.498507977 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.723310947 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.724025965 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.724039078 CEST4434974240.115.3.253192.168.2.5
          May 24, 2024 14:47:02.724051952 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:02.724088907 CEST49742443192.168.2.540.115.3.253
          May 24, 2024 14:47:04.109088898 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:04.109127045 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:04.109215975 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:04.110471010 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:04.110491991 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:04.956257105 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:04.956357956 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.059303999 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.059330940 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.059612036 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.062098026 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.062176943 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.062182903 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.062410116 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.106502056 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.251120090 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.251811028 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.251830101 CEST4434974340.115.3.253192.168.2.5
          May 24, 2024 14:47:05.251857042 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:05.251883030 CEST49743443192.168.2.540.115.3.253
          May 24, 2024 14:47:16.335020065 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:16.335069895 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:16.335171938 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:16.336853981 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:16.336868048 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.256428957 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.256555080 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.259222031 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.259232998 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.259479046 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.263197899 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.263430119 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.263436079 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.263835907 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.306507111 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.446299076 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.447547913 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.447573900 CEST4434974440.115.3.253192.168.2.5
          May 24, 2024 14:47:17.447592020 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.447624922 CEST49744443192.168.2.540.115.3.253
          May 24, 2024 14:47:17.560395002 CEST5606253192.168.2.51.1.1.1
          May 24, 2024 14:47:17.565455914 CEST53560621.1.1.1192.168.2.5
          May 24, 2024 14:47:17.565525055 CEST5606253192.168.2.51.1.1.1
          May 24, 2024 14:47:17.565676928 CEST5606253192.168.2.51.1.1.1
          May 24, 2024 14:47:17.617445946 CEST53560621.1.1.1192.168.2.5
          May 24, 2024 14:47:18.033174038 CEST53560621.1.1.1192.168.2.5
          May 24, 2024 14:47:18.038036108 CEST5606253192.168.2.51.1.1.1
          May 24, 2024 14:47:18.043431997 CEST53560621.1.1.1192.168.2.5
          May 24, 2024 14:47:18.043514013 CEST5606253192.168.2.51.1.1.1
          May 24, 2024 14:47:27.147316933 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:27.147373915 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:27.147459984 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:27.148154974 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:27.148174047 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:27.991566896 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:27.991693974 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.001625061 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.001636028 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.001908064 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.005196095 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.005419970 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.005426884 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.005747080 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.046520948 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.198761940 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.199749947 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.199749947 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:28.199821949 CEST4435606640.115.3.253192.168.2.5
          May 24, 2024 14:47:28.199894905 CEST56066443192.168.2.540.115.3.253
          May 24, 2024 14:47:37.609859943 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:37.609890938 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:37.610361099 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:37.610361099 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:37.610392094 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:38.288104057 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:38.288815022 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:38.288836002 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:38.289163113 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:38.289999962 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:38.290059090 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:38.332859039 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:38.793822050 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:38.793848038 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:38.793910027 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:38.794749975 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:38.794761896 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.661544085 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.662504911 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.664793015 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.664799929 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.665594101 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.668061972 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.668061972 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.668061972 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.668081045 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.714495897 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.850006104 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.851650000 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.851669073 CEST4435607040.115.3.253192.168.2.5
          May 24, 2024 14:47:39.851809978 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:39.851809978 CEST56070443192.168.2.540.115.3.253
          May 24, 2024 14:47:48.194382906 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:48.194463015 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:48.194533110 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:49.394401073 CEST56069443192.168.2.5142.250.186.68
          May 24, 2024 14:47:49.394440889 CEST44356069142.250.186.68192.168.2.5
          May 24, 2024 14:47:58.602297068 CEST56071443192.168.2.540.115.3.253
          May 24, 2024 14:47:58.602333069 CEST4435607140.115.3.253192.168.2.5
          May 24, 2024 14:47:58.602507114 CEST56071443192.168.2.540.115.3.253
          May 24, 2024 14:47:58.603178024 CEST56071443192.168.2.540.115.3.253
          May 24, 2024 14:47:58.603189945 CEST4435607140.115.3.253192.168.2.5

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          May 24, 2024 14:46:33.235843897 CEST53525251.1.1.1192.168.2.5
          May 24, 2024 14:46:33.248905897 CEST53615121.1.1.1192.168.2.5
          May 24, 2024 14:46:34.172231913 CEST6257553192.168.2.51.1.1.1
          May 24, 2024 14:46:34.172667980 CEST6327853192.168.2.51.1.1.1
          May 24, 2024 14:46:34.326477051 CEST53494211.1.1.1192.168.2.5
          May 24, 2024 14:46:36.292589903 CEST6146653192.168.2.51.1.1.1
          May 24, 2024 14:46:36.292916059 CEST4937353192.168.2.51.1.1.1
          May 24, 2024 14:46:37.293370962 CEST5145453192.168.2.51.1.1.1
          May 24, 2024 14:46:37.294303894 CEST6320653192.168.2.51.1.1.1
          May 24, 2024 14:46:37.351717949 CEST53632061.1.1.1192.168.2.5
          May 24, 2024 14:46:37.351753950 CEST53514541.1.1.1192.168.2.5
          May 24, 2024 14:46:52.747359991 CEST53576421.1.1.1192.168.2.5
          May 24, 2024 14:47:12.500655890 CEST53551061.1.1.1192.168.2.5
          May 24, 2024 14:47:17.559706926 CEST53613391.1.1.1192.168.2.5
          May 24, 2024 14:47:32.939270020 CEST53583771.1.1.1192.168.2.5

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          May 24, 2024 14:47:32.939331055 CEST192.168.2.51.1.1.1c225(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          May 24, 2024 14:46:34.172231913 CEST192.168.2.51.1.1.10x5e17Standard query (0)use.typekit.netA (IP address)IN (0x0001)false
          May 24, 2024 14:46:34.172667980 CEST192.168.2.51.1.1.10xdbb4Standard query (0)use.typekit.net65IN (0x0001)false
          May 24, 2024 14:46:36.292589903 CEST192.168.2.51.1.1.10x566aStandard query (0)use.typekit.netA (IP address)IN (0x0001)false
          May 24, 2024 14:46:36.292916059 CEST192.168.2.51.1.1.10x6ab4Standard query (0)use.typekit.net65IN (0x0001)false
          May 24, 2024 14:46:37.293370962 CEST192.168.2.51.1.1.10xcbe0Standard query (0)www.google.comA (IP address)IN (0x0001)false
          May 24, 2024 14:46:37.294303894 CEST192.168.2.51.1.1.10x4bc6Standard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          May 24, 2024 14:46:26.067599058 CEST1.1.1.1192.168.2.50x8dc9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:26.067599058 CEST1.1.1.1192.168.2.50x8dc9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          May 24, 2024 14:46:34.213969946 CEST1.1.1.1192.168.2.50xdbb4No error (0)use.typekit.netuse-stls.adobe.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:34.214005947 CEST1.1.1.1192.168.2.50x5e17No error (0)use.typekit.netuse-stls.adobe.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:36.300228119 CEST1.1.1.1192.168.2.50x566aNo error (0)use.typekit.netuse-stls.adobe.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:36.308463097 CEST1.1.1.1192.168.2.50x6ab4No error (0)use.typekit.netuse-stls.adobe.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:37.351717949 CEST1.1.1.1192.168.2.50x4bc6No error (0)www.google.com65IN (0x0001)false
          May 24, 2024 14:46:37.351753950 CEST1.1.1.1192.168.2.50xcbe0No error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
          May 24, 2024 14:46:48.906331062 CEST1.1.1.1192.168.2.50x26cdNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          May 24, 2024 14:46:48.906331062 CEST1.1.1.1192.168.2.50x26cdNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • fs.microsoft.com
          • https:
            • www.bing.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.54971940.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 34 32 6b 52 75 53 76 6a 45 69 33 49 41 76 79 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 64 38 38 65 34 66 31 39 61 64 38 62 32 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: j42kRuSvjEi3IAvy.1Context: 9bd88e4f19ad8b2a
          2024-05-24 12:46:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:28 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6a 34 32 6b 52 75 53 76 6a 45 69 33 49 41 76 79 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 64 38 38 65 34 66 31 39 61 64 38 62 32 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: j42kRuSvjEi3IAvy.2Context: 9bd88e4f19ad8b2a<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:46:28 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6a 34 32 6b 52 75 53 76 6a 45 69 33 49 41 76 79 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 62 64 38 38 65 34 66 31 39 61 64 38 62 32 61 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: j42kRuSvjEi3IAvy.3Context: 9bd88e4f19ad8b2a
          2024-05-24 12:46:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 43 33 66 4f 52 74 75 65 55 57 78 2f 39 38 51 53 67 79 73 48 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: fC3fORtueUWx/98QSgysHA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          1192.168.2.54972840.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:35 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 77 64 6d 38 49 6a 72 63 30 71 78 42 68 68 2b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 65 61 38 31 64 64 30 65 63 31 65 38 34 65 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: kwdm8Ijrc0qxBhh+.1Context: 5aea81dd0ec1e84e
          2024-05-24 12:46:35 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:35 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6b 77 64 6d 38 49 6a 72 63 30 71 78 42 68 68 2b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 65 61 38 31 64 64 30 65 63 31 65 38 34 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: kwdm8Ijrc0qxBhh+.2Context: 5aea81dd0ec1e84e<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:46:35 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6b 77 64 6d 38 49 6a 72 63 30 71 78 42 68 68 2b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 65 61 38 31 64 64 30 65 63 31 65 38 34 65 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: kwdm8Ijrc0qxBhh+.3Context: 5aea81dd0ec1e84e
          2024-05-24 12:46:35 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:35 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4a 62 4b 75 62 31 50 2f 6f 6b 47 33 51 53 64 72 67 79 75 52 6b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: JbKub1P/okG3QSdrgyuRkA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.549734184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:38 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-24 12:46:39 UTC467INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-eus-z1
          Cache-Control: public, max-age=185016
          Date: Fri, 24 May 2024 12:46:38 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination Port
          3192.168.2.54973340.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:38 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 43 64 69 73 30 67 7a 34 30 79 7a 50 67 55 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 63 35 61 66 34 37 32 34 36 31 34 36 39 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: kCdis0gz40yzPgUg.1Context: ad0c5af472461469
          2024-05-24 12:46:38 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:38 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6b 43 64 69 73 30 67 7a 34 30 79 7a 50 67 55 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 63 35 61 66 34 37 32 34 36 31 34 36 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: kCdis0gz40yzPgUg.2Context: ad0c5af472461469<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:46:38 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 43 64 69 73 30 67 7a 34 30 79 7a 50 67 55 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 30 63 35 61 66 34 37 32 34 36 31 34 36 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: kCdis0gz40yzPgUg.3Context: ad0c5af472461469<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:46:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 34 78 64 61 41 62 6d 37 5a 30 75 51 4d 2f 6a 63 75 4b 6e 78 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 4xdaAbm7Z0uQM/jcuKnxMg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.549736184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:39 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-05-24 12:46:40 UTC515INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=184950
          Date: Fri, 24 May 2024 12:46:40 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-05-24 12:46:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination Port
          5192.168.2.54973740.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:46 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 64 73 39 53 31 63 6e 38 55 61 76 41 72 4b 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 63 32 61 36 39 30 62 31 62 38 30 61 62 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: sds9S1cn8UavArKB.1Context: eac2a690b1b80aba
          2024-05-24 12:46:46 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:46 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 73 64 73 39 53 31 63 6e 38 55 61 76 41 72 4b 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 63 32 61 36 39 30 62 31 62 38 30 61 62 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: sds9S1cn8UavArKB.2Context: eac2a690b1b80aba<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:46:46 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 64 73 39 53 31 63 6e 38 55 61 76 41 72 4b 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 63 32 61 36 39 30 62 31 62 38 30 61 62 61 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: sds9S1cn8UavArKB.3Context: eac2a690b1b80aba
          2024-05-24 12:46:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6f 39 46 67 48 6b 6e 6a 71 55 53 6e 61 6f 35 4b 47 59 44 41 32 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: o9FgHknjqUSnao5KGYDA2A.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          6192.168.2.54974040.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:50 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 4d 56 52 2f 71 30 33 63 55 32 56 75 72 4f 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 30 31 30 65 64 30 39 65 39 64 39 39 65 66 32 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: 7MVR/q03cU2VurOZ.1Context: 3010ed09e9d99ef2
          2024-05-24 12:46:50 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:46:50 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 37 4d 56 52 2f 71 30 33 63 55 32 56 75 72 4f 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 30 31 30 65 64 30 39 65 39 64 39 39 65 66 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: 7MVR/q03cU2VurOZ.2Context: 3010ed09e9d99ef2<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:46:50 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 4d 56 52 2f 71 30 33 63 55 32 56 75 72 4f 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 30 31 30 65 64 30 39 65 39 64 39 39 65 66 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7MVR/q03cU2VurOZ.3Context: 3010ed09e9d99ef2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:46:50 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:46:50 UTC58INData Raw: 4d 53 2d 43 56 3a 20 65 51 6d 68 63 62 48 30 38 30 4f 71 59 57 67 52 2f 55 79 70 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: eQmhcbH080OqYWgR/Uyp4w.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          7192.168.2.54974123.1.237.91443
          TimestampBytes transferredDirectionData
          2024-05-24 12:46:50 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
          Origin: https://www.bing.com
          Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
          Accept: */*
          Accept-Language: en-CH
          Content-type: text/xml
          X-Agent-DeviceId: 01000A410900D492
          X-BM-CBT: 1696428841
          X-BM-DateFormat: dd/MM/yyyy
          X-BM-DeviceDimensions: 784x984
          X-BM-DeviceDimensionsLogical: 784x984
          X-BM-DeviceScale: 100
          X-BM-DTZ: 120
          X-BM-Market: CH
          X-BM-Theme: 000000;0078d7
          X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
          X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
          X-Device-isOptin: false
          X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
          X-Device-OSSKU: 48
          X-Device-Touch: false
          X-DeviceID: 01000A410900D492
          X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
          X-MSEdge-ExternalExpType: JointCoord
          X-PositionerType: Desktop
          X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
          X-Search-CortanaAvailableCapabilities: None
          X-Search-SafeSearch: Moderate
          X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
          X-UserAgeClass: Unknown
          Accept-Encoding: gzip, deflate, br
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
          Host: www.bing.com
          Content-Length: 2484
          Connection: Keep-Alive
          Cache-Control: no-cache
          Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1716554778007&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
          2024-05-24 12:46:50 UTC1OUTData Raw: 3c
          Data Ascii: <
          2024-05-24 12:46:50 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
          Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
          2024-05-24 12:46:51 UTC479INHTTP/1.1 204 No Content
          Access-Control-Allow-Origin: *
          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          X-MSEdge-Ref: Ref A: 1E43E14AB502412689468B714B5AA09C Ref B: LAX311000110049 Ref C: 2024-05-24T12:46:50Z
          Date: Fri, 24 May 2024 12:46:50 GMT
          Connection: close
          Alt-Svc: h3=":443"; ma=93600
          X-CDN-TraceID: 0.57ed0117.1716554810.752310c


          Session IDSource IPSource PortDestination IPDestination Port
          8192.168.2.54974240.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:02 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 55 33 33 78 31 77 67 72 30 75 52 5a 6d 37 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 37 33 66 31 36 63 66 62 36 61 31 61 66 32 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: DU33x1wgr0uRZm7C.1Context: c873f16cfb6a1af2
          2024-05-24 12:47:02 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:02 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 44 55 33 33 78 31 77 67 72 30 75 52 5a 6d 37 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 37 33 66 31 36 63 66 62 36 61 31 61 66 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: DU33x1wgr0uRZm7C.2Context: c873f16cfb6a1af2<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:02 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 55 33 33 78 31 77 67 72 30 75 52 5a 6d 37 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 37 33 66 31 36 63 66 62 36 61 31 61 66 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: DU33x1wgr0uRZm7C.3Context: c873f16cfb6a1af2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:47:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 2f 5a 45 57 73 59 39 34 45 32 38 4d 6c 71 66 48 56 66 79 56 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: a/ZEWsY94E28MlqfHVfyVg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          9192.168.2.54974340.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:05 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 54 58 64 6c 41 65 65 2f 6b 71 31 7a 42 77 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 37 39 38 36 65 66 31 30 30 66 36 61 63 32 32 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: sTXdlAee/kq1zBwz.1Context: 67986ef100f6ac22
          2024-05-24 12:47:05 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:05 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 73 54 58 64 6c 41 65 65 2f 6b 71 31 7a 42 77 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 37 39 38 36 65 66 31 30 30 66 36 61 63 32 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: sTXdlAee/kq1zBwz.2Context: 67986ef100f6ac22<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:05 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 54 58 64 6c 41 65 65 2f 6b 71 31 7a 42 77 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 37 39 38 36 65 66 31 30 30 66 36 61 63 32 32 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: sTXdlAee/kq1zBwz.3Context: 67986ef100f6ac22
          2024-05-24 12:47:05 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:05 UTC58INData Raw: 4d 53 2d 43 56 3a 20 35 46 6e 72 6a 62 56 75 4c 45 75 6d 69 78 53 69 46 52 78 35 2b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 5FnrjbVuLEumixSiFRx5+Q.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          10192.168.2.54974440.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 2b 38 72 64 4e 63 52 6f 45 79 66 6f 61 6a 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 34 38 38 32 38 64 62 33 63 37 63 37 36 30 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: s+8rdNcRoEyfoajP.1Context: 9f48828db3c7c760
          2024-05-24 12:47:17 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:17 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 73 2b 38 72 64 4e 63 52 6f 45 79 66 6f 61 6a 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 34 38 38 32 38 64 62 33 63 37 63 37 36 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: s+8rdNcRoEyfoajP.2Context: 9f48828db3c7c760<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:17 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 2b 38 72 64 4e 63 52 6f 45 79 66 6f 61 6a 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 66 34 38 38 32 38 64 62 33 63 37 63 37 36 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: s+8rdNcRoEyfoajP.3Context: 9f48828db3c7c760<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:47:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 74 42 45 4c 55 63 4b 52 35 30 69 4f 73 76 79 42 4d 33 42 42 4a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: tBELUcKR50iOsvyBM3BBJA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          11192.168.2.55606640.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 62 55 56 51 45 65 47 48 30 57 79 6d 78 6b 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 36 34 30 33 66 37 31 37 31 39 38 36 64 36 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: LbUVQEeGH0Wymxki.1Context: 6b6403f7171986d6
          2024-05-24 12:47:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:28 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4c 62 55 56 51 45 65 47 48 30 57 79 6d 78 6b 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 36 34 30 33 66 37 31 37 31 39 38 36 64 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: LbUVQEeGH0Wymxki.2Context: 6b6403f7171986d6<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:28 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4c 62 55 56 51 45 65 47 48 30 57 79 6d 78 6b 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 36 34 30 33 66 37 31 37 31 39 38 36 64 36 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: LbUVQEeGH0Wymxki.3Context: 6b6403f7171986d6
          2024-05-24 12:47:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 74 79 37 48 6a 61 42 46 72 30 4f 4a 76 73 43 4b 43 33 6d 65 49 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: ty7HjaBFr0OJvsCKC3meIg.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          12192.168.2.55607040.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:39 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 65 31 35 36 42 64 45 4d 55 43 4f 79 71 35 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 32 31 66 32 64 61 36 62 61 64 34 30 37 31 35 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: Me156BdEMUCOyq5f.1Context: 421f2da6bad40715
          2024-05-24 12:47:39 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:39 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4d 65 31 35 36 42 64 45 4d 55 43 4f 79 71 35 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 32 31 66 32 64 61 36 62 61 64 34 30 37 31 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: Me156BdEMUCOyq5f.2Context: 421f2da6bad40715<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:39 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 65 31 35 36 42 64 45 4d 55 43 4f 79 71 35 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 32 31 66 32 64 61 36 62 61 64 34 30 37 31 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: Me156BdEMUCOyq5f.3Context: 421f2da6bad40715<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-05-24 12:47:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4a 48 6c 51 36 76 51 4c 70 6b 75 36 30 79 4d 79 2b 42 44 42 41 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: JHlQ6vQLpku60yMy+BDBAw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          13192.168.2.55607140.115.3.253443
          TimestampBytes transferredDirectionData
          2024-05-24 12:47:59 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 67 4c 64 33 78 6b 44 4d 6b 4b 63 39 5a 55 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 34 61 66 36 61 32 35 38 32 33 62 61 35 37 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: kgLd3xkDMkKc9ZUb.1Context: 474af6a25823ba57
          2024-05-24 12:47:59 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-05-24 12:47:59 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6b 67 4c 64 33 78 6b 44 4d 6b 4b 63 39 5a 55 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 34 61 66 36 61 32 35 38 32 33 62 61 35 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 78 36 52 39 54 49 51 35 4d 44 30 76 35 75 43 73 64 39 4c 79 57 73 47 4a 4f 6b 51 78 4f 44 62 4f 53 47 47 59 61 4c 48 6d 32 68 77 44 53 35 53 58 6d 4f 57 48 33 51 4a 71 71 51 6f 66 4e 6e 72 62 62 53 4f 45 2b 64 4d 71 55 42 44 49 35 75 76 59 41 6c 56 72 49 43 33 64 4c 72 66 61 6a 33 72 39 33 51 49 33 42 36 41 54 47 64 4d
          Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: kgLd3xkDMkKc9ZUb.2Context: 474af6a25823ba57<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXbx6R9TIQ5MD0v5uCsd9LyWsGJOkQxODbOSGGYaLHm2hwDS5SXmOWH3QJqqQofNnrbbSOE+dMqUBDI5uvYAlVrIC3dLrfaj3r93QI3B6ATGdM
          2024-05-24 12:47:59 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6b 67 4c 64 33 78 6b 44 4d 6b 4b 63 39 5a 55 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 34 61 66 36 61 32 35 38 32 33 62 61 35 37 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: kgLd3xkDMkKc9ZUb.3Context: 474af6a25823ba57
          2024-05-24 12:47:59 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-05-24 12:47:59 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 4e 32 7a 64 6c 4f 36 54 45 79 70 77 76 68 6b 5a 44 31 73 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: DN2zdlO6TEypwvhkZD1ssQ.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:08:46:27
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:08:46:31
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2240,i,17888624385869908821,15482004281245465364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:08:46:33
          Start date:24/05/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://use.typekit.net/whp4ksz.css"
          Imagebase:0x7ff715980000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly