Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.cajamar-soporte.com

Overview

General Information

Sample URL:http://www.cajamar-soporte.com
Analysis ID:1466880
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 3816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1968,i,4168028207707315712,12834125092476391758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.cajamar-soporte.com" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://www.cajamar-soporte.comAvira URL Cloud: detection malicious, Label: phishing
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:55226 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:55229 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:55224 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.6:63098 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.cajamar-soporte.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.cajamar-soporte.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /report/v4?s=2ReDujBCiZMW5NfdpoJEvtBz%2B%2Ba8kcV1mpfGCo6Job6m7m2emEn5xu%2Bhk8Xdq%2FgA7RNBZNBOO8UAiCv6zqD6AZ%2Br590YB%2FL%2BYEmikl4jMr1JUtGeTbKLjgLQiEMTmKb8x7fyfG%2FMILgIDQ%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 392Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 12:34:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ReDujBCiZMW5NfdpoJEvtBz%2B%2Ba8kcV1mpfGCo6Job6m7m2emEn5xu%2Bhk8Xdq%2FgA7RNBZNBOO8UAiCv6zqD6AZ%2Br590YB%2FL%2BYEmikl4jMr1JUtGeTbKLjgLQiEMTmKb8x7fyfG%2FMILgIDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d6e97dbd574235-EWRalt-svc: h3=":443"; ma=86400
Source: sets.json.0.drString found in binary or memory: https://24.hu
Source: sets.json.0.drString found in binary or memory: https://aajtak.in
Source: sets.json.0.drString found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.drString found in binary or memory: https://alice.tw
Source: sets.json.0.drString found in binary or memory: https://ambitionbox.com
Source: sets.json.0.drString found in binary or memory: https://autobild.de
Source: sets.json.0.drString found in binary or memory: https://baomoi.com
Source: sets.json.0.drString found in binary or memory: https://bild.de
Source: sets.json.0.drString found in binary or memory: https://blackrock.com
Source: sets.json.0.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.drString found in binary or memory: https://bluradio.com
Source: sets.json.0.drString found in binary or memory: https://bolasport.com
Source: sets.json.0.drString found in binary or memory: https://bonvivir.com
Source: sets.json.0.drString found in binary or memory: https://bumbox.com
Source: sets.json.0.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.drString found in binary or memory: https://businesstoday.in
Source: sets.json.0.drString found in binary or memory: https://cachematrix.com
Source: sets.json.0.drString found in binary or memory: https://cafemedia.com
Source: sets.json.0.drString found in binary or memory: https://caracoltv.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.drString found in binary or memory: https://cardsayings.net
Source: sets.json.0.drString found in binary or memory: https://chatbot.com
Source: sets.json.0.drString found in binary or memory: https://chennien.com
Source: sets.json.0.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.0.drString found in binary or memory: https://clarosports.com
Source: sets.json.0.drString found in binary or memory: https://clmbtech.com
Source: sets.json.0.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.0.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.0.drString found in binary or memory: https://computerbild.de
Source: sets.json.0.drString found in binary or memory: https://cookreactor.com
Source: sets.json.0.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.0.drString found in binary or memory: https://deere.com
Source: sets.json.0.drString found in binary or memory: https://desimartini.com
Source: sets.json.0.drString found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.drString found in binary or memory: https://economictimes.com
Source: sets.json.0.drString found in binary or memory: https://een.be
Source: sets.json.0.drString found in binary or memory: https://efront.com
Source: sets.json.0.drString found in binary or memory: https://eleconomista.net
Source: sets.json.0.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.drString found in binary or memory: https://elgrafico.com
Source: sets.json.0.drString found in binary or memory: https://ella.sv
Source: sets.json.0.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.0.drString found in binary or memory: https://elpais.uy
Source: sets.json.0.drString found in binary or memory: https://etfacademy.it
Source: sets.json.0.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.drString found in binary or memory: https://fakt.pl
Source: sets.json.0.drString found in binary or memory: https://finn.no
Source: sets.json.0.drString found in binary or memory: https://firstlook.biz
Source: sets.json.0.drString found in binary or memory: https://gallito.com.uy
Source: sets.json.0.drString found in binary or memory: https://geforcenow.com
Source: sets.json.0.drString found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://gliadomain.com
Source: sets.json.0.drString found in binary or memory: https://gnttv.com
Source: sets.json.0.drString found in binary or memory: https://grid.id
Source: sets.json.0.drString found in binary or memory: https://gridgames.app
Source: sets.json.0.drString found in binary or memory: https://growthrx.in
Source: sets.json.0.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.0.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.drString found in binary or memory: https://hapara.com
Source: sets.json.0.drString found in binary or memory: https://hazipatika.com
Source: sets.json.0.drString found in binary or memory: https://hc1.com
Source: sets.json.0.drString found in binary or memory: https://hc1.global
Source: sets.json.0.drString found in binary or memory: https://hc1cas.com
Source: sets.json.0.drString found in binary or memory: https://hc1cas.global
Source: sets.json.0.drString found in binary or memory: https://healthshots.com
Source: sets.json.0.drString found in binary or memory: https://hearty.app
Source: sets.json.0.drString found in binary or memory: https://hearty.gift
Source: sets.json.0.drString found in binary or memory: https://hearty.me
Source: sets.json.0.drString found in binary or memory: https://heartymail.com
Source: sets.json.0.drString found in binary or memory: https://helpdesk.com
Source: sets.json.0.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.0.drString found in binary or memory: https://hj.rs
Source: sets.json.0.drString found in binary or memory: https://hjck.com
Source: sets.json.0.drString found in binary or memory: https://human-talk.org
Source: sets.json.0.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.0.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.0.drString found in binary or memory: https://indiatimes.com
Source: sets.json.0.drString found in binary or memory: https://indiatoday.in
Source: sets.json.0.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.0.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.drString found in binary or memory: https://intoday.in
Source: sets.json.0.drString found in binary or memory: https://iolam.it
Source: sets.json.0.drString found in binary or memory: https://ishares.com
Source: sets.json.0.drString found in binary or memory: https://jagran.com
Source: sets.json.0.drString found in binary or memory: https://johndeere.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.drString found in binary or memory: https://journaldunet.com
Source: sets.json.0.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.0.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.0.drString found in binary or memory: https://joyreactor.com
Source: sets.json.0.drString found in binary or memory: https://kaksya.in
Source: sets.json.0.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.0.drString found in binary or memory: https://kompas.com
Source: sets.json.0.drString found in binary or memory: https://kompas.tv
Source: sets.json.0.drString found in binary or memory: https://kompasiana.com
Source: sets.json.0.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.drString found in binary or memory: https://landyrev.com
Source: sets.json.0.drString found in binary or memory: https://landyrev.ru
Source: sets.json.0.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.drString found in binary or memory: https://lateja.cr
Source: sets.json.0.drString found in binary or memory: https://libero.it
Source: sets.json.0.drString found in binary or memory: https://linternaute.com
Source: sets.json.0.drString found in binary or memory: https://linternaute.fr
Source: sets.json.0.drString found in binary or memory: https://livechat.com
Source: sets.json.0.drString found in binary or memory: https://livechatinc.com
Source: sets.json.0.drString found in binary or memory: https://livehindustan.com
Source: sets.json.0.drString found in binary or memory: https://livemint.com
Source: sets.json.0.drString found in binary or memory: https://max.auto
Source: sets.json.0.drString found in binary or memory: https://medonet.pl
Source: sets.json.0.drString found in binary or memory: https://meo.pt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.0.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.drString found in binary or memory: https://mightytext.net
Source: sets.json.0.drString found in binary or memory: https://mittanbud.no
Source: sets.json.0.drString found in binary or memory: https://money.pl
Source: sets.json.0.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.drString found in binary or memory: https://nacion.com
Source: sets.json.0.drString found in binary or memory: https://naukri.com
Source: sets.json.0.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.drString found in binary or memory: https://nien.co
Source: sets.json.0.drString found in binary or memory: https://nien.com
Source: sets.json.0.drString found in binary or memory: https://nien.org
Source: sets.json.0.drString found in binary or memory: https://nlc.hu
Source: sets.json.0.drString found in binary or memory: https://nosalty.hu
Source: sets.json.0.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.drString found in binary or memory: https://nvidia.com
Source: sets.json.0.drString found in binary or memory: https://o2.pl
Source: sets.json.0.drString found in binary or memory: https://ocdn.eu
Source: sets.json.0.drString found in binary or memory: https://onet.pl
Source: sets.json.0.drString found in binary or memory: https://ottplay.com
Source: sets.json.0.drString found in binary or memory: https://p106.net
Source: sets.json.0.drString found in binary or memory: https://p24.hu
Source: sets.json.0.drString found in binary or memory: https://paula.com.uy
Source: sets.json.0.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.drString found in binary or memory: https://phonandroid.com
Source: sets.json.0.drString found in binary or memory: https://player.pl
Source: sets.json.0.drString found in binary or memory: https://plejada.pl
Source: sets.json.0.drString found in binary or memory: https://poalim.site
Source: sets.json.0.drString found in binary or memory: https://poalim.xyz
Source: sets.json.0.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.drString found in binary or memory: https://prisjakt.no
Source: sets.json.0.drString found in binary or memory: https://pudelek.pl
Source: sets.json.0.drString found in binary or memory: https://punjabijagran.com
Source: sets.json.0.drString found in binary or memory: https://radio1.be
Source: sets.json.0.drString found in binary or memory: https://radio2.be
Source: sets.json.0.drString found in binary or memory: https://reactor.cc
Source: sets.json.0.drString found in binary or memory: https://repid.org
Source: sets.json.0.drString found in binary or memory: https://reshim.org
Source: sets.json.0.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.drString found in binary or memory: https://sackrace.ai
Source: sets.json.0.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.0.drString found in binary or memory: https://samayam.com
Source: sets.json.0.drString found in binary or memory: https://sapo.io
Source: sets.json.0.drString found in binary or memory: https://sapo.pt
Source: sets.json.0.drString found in binary or memory: https://shock.co
Source: sets.json.0.drString found in binary or memory: https://smoney.vn
Source: sets.json.0.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.drString found in binary or memory: https://songshare.com
Source: sets.json.0.drString found in binary or memory: https://songstats.com
Source: sets.json.0.drString found in binary or memory: https://sporza.be
Source: sets.json.0.drString found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.drString found in binary or memory: https://startlap.hu
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.drString found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.drString found in binary or memory: https://stripe.com
Source: sets.json.0.drString found in binary or memory: https://stripe.network
Source: sets.json.0.drString found in binary or memory: https://stripecdn.com
Source: sets.json.0.drString found in binary or memory: https://supereva.it
Source: sets.json.0.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.drString found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.drString found in binary or memory: https://technology-revealed.com
Source: sets.json.0.drString found in binary or memory: https://text.com
Source: sets.json.0.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.drString found in binary or memory: https://timesinternet.in
Source: sets.json.0.drString found in binary or memory: https://timesofindia.com
Source: sets.json.0.drString found in binary or memory: https://tolteck.app
Source: sets.json.0.drString found in binary or memory: https://tolteck.com
Source: sets.json.0.drString found in binary or memory: https://tribunnews.com
Source: sets.json.0.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.0.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.drString found in binary or memory: https://tvid.in
Source: sets.json.0.drString found in binary or memory: https://tvn.pl
Source: sets.json.0.drString found in binary or memory: https://tvn24.pl
Source: sets.json.0.drString found in binary or memory: https://unotv.com
Source: sets.json.0.drString found in binary or memory: https://victorymedium.com
Source: sets.json.0.drString found in binary or memory: https://vrt.be
Source: sets.json.0.drString found in binary or memory: https://vwo.com
Source: sets.json.0.drString found in binary or memory: https://welt.de
Source: sets.json.0.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.drString found in binary or memory: https://wildix.com
Source: sets.json.0.drString found in binary or memory: https://wildixin.com
Source: sets.json.0.drString found in binary or memory: https://wingify.com
Source: sets.json.0.drString found in binary or memory: https://wordle.at
Source: sets.json.0.drString found in binary or memory: https://wp.pl
Source: sets.json.0.drString found in binary or memory: https://wpext.pl
Source: sets.json.0.drString found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.drString found in binary or memory: https://ya.ru
Source: sets.json.0.drString found in binary or memory: https://zalo.me
Source: sets.json.0.drString found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.drString found in binary or memory: https://zingmp3.vn
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63101 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55227
Source: unknownNetwork traffic detected: HTTP traffic on port 55227 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55229
Source: unknownNetwork traffic detected: HTTP traffic on port 55229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55226
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63101 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:55226 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:55229 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_1268_1871923596Jump to behavior
Source: classification engineClassification label: mal48.win@19/5@8/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1968,i,4168028207707315712,12834125092476391758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.cajamar-soporte.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1968,i,4168028207707315712,12834125092476391758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.cajamar-soporte.com100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://wieistmeineip.de0%URL Reputationsafe
https://mercadoshops.com.co0%URL Reputationsafe
https://gliadomain.com0%URL Reputationsafe
https://poalim.xyz0%URL Reputationsafe
https://mercadolivre.com0%URL Reputationsafe
https://reshim.org0%URL Reputationsafe
https://nourishingpursuits.com0%URL Reputationsafe
https://medonet.pl0%URL Reputationsafe
https://unotv.com0%URL Reputationsafe
https://mercadoshops.com.br0%URL Reputationsafe
https://zdrowietvn.pl0%URL Reputationsafe
https://songstats.com0%URL Reputationsafe
https://baomoi.com0%URL Reputationsafe
https://supereva.it0%URL Reputationsafe
https://elfinancierocr.com0%URL Reputationsafe
https://bolasport.com0%URL Reputationsafe
https://rws1nvtvt.com0%URL Reputationsafe
https://desimartini.com0%URL Reputationsafe
https://hearty.app0%URL Reputationsafe
https://hearty.gift0%URL Reputationsafe
https://mercadoshops.com0%URL Reputationsafe
https://heartymail.com0%URL Reputationsafe
https://p106.net0%URL Reputationsafe
https://radio2.be0%URL Reputationsafe
https://finn.no0%URL Reputationsafe
https://hc1.com0%URL Reputationsafe
https://kompas.tv0%URL Reputationsafe
https://mystudentdashboard.com0%URL Reputationsafe
https://songshare.com0%URL Reputationsafe
https://mercadopago.com.mx0%URL Reputationsafe
https://p24.hu0%URL Reputationsafe
https://talkdeskqaid.com0%URL Reputationsafe
https://mercadopago.com.pe0%URL Reputationsafe
https://cardsayings.net0%URL Reputationsafe
https://mightytext.net0%URL Reputationsafe
https://pudelek.pl0%URL Reputationsafe
https://hazipatika.com0%URL Reputationsafe
https://joyreactor.com0%URL Reputationsafe
https://cookreactor.com0%URL Reputationsafe
https://wildixin.com0%URL Reputationsafe
https://eworkbookcloud.com0%URL Reputationsafe
https://cognitiveai.ru0%URL Reputationsafe
https://nacion.com0%URL Reputationsafe
https://chennien.com0%URL Reputationsafe
https://mercadopago.cl0%URL Reputationsafe
https://talkdeskstgid.com0%URL Reputationsafe
https://bonvivir.com0%URL Reputationsafe
https://carcostadvisor.be0%URL Reputationsafe
https://salemovetravel.com0%URL Reputationsafe
https://sapo.io0%URL Reputationsafe
https://wpext.pl0%URL Reputationsafe
https://welt.de0%URL Reputationsafe
https://poalim.site0%URL Reputationsafe
https://blackrockadvisorelite.it0%URL Reputationsafe
https://cognitive-ai.ru0%URL Reputationsafe
https://cafemedia.com0%URL Reputationsafe
https://thirdspace.org.au0%URL Reputationsafe
https://mercadoshops.com.ar0%URL Reputationsafe
https://smpn106jkt.sch.id0%URL Reputationsafe
https://elpais.uy0%URL Reputationsafe
https://landyrev.com0%URL Reputationsafe
https://commentcamarche.com0%URL Reputationsafe
https://tucarro.com.ve0%URL Reputationsafe
https://rws3nvtvt.com0%URL Reputationsafe
https://eleconomista.net0%URL Reputationsafe
https://clmbtech.com0%URL Reputationsafe
https://standardsandpraiserepurpose.com0%URL Reputationsafe
https://salemovefinancial.com0%URL Reputationsafe
https://mercadopago.com.br0%URL Reputationsafe
https://commentcamarche.net0%URL Reputationsafe
https://etfacademy.it0%URL Reputationsafe
https://mighty-app.appspot.com0%URL Reputationsafe
https://hj.rs0%URL Reputationsafe
https://hearty.me0%URL Reputationsafe
https://mercadolibre.com.gt0%URL Reputationsafe
https://timesinternet.in0%URL Reputationsafe
https://indiatodayne.in0%URL Reputationsafe
https://idbs-staging.com0%URL Reputationsafe
https://blackrock.com0%URL Reputationsafe
https://idbs-eworkbook.com0%URL Reputationsafe
https://mercadolibre.co.cr0%URL Reputationsafe
https://hjck.com0%URL Reputationsafe
https://vrt.be0%URL Reputationsafe
https://prisjakt.no0%URL Reputationsafe
https://kompas.com0%URL Reputationsafe
https://idbs-dev.com0%URL Reputationsafe
https://joyreactor.cc0%Avira URL Cloudsafe
https://wingify.com0%URL Reputationsafe
https://johndeere.com0%Avira URL Cloudsafe
https://mercadolibre.cl0%URL Reputationsafe
https://player.pl0%URL Reputationsafe
https://nlc.hu0%Avira URL Cloudsafe
https://text.com0%Avira URL Cloudsafe
https://24.hu0%Avira URL Cloudsafe
https://naukri.com0%Avira URL Cloudsafe
https://infoedgeindia.com0%Avira URL Cloudsafe
https://mercadolivre.com.br0%Avira URL Cloudsafe
https://helpdesk.com0%Avira URL Cloudsafe
https://mercadopago.com.ar0%Avira URL Cloudsafe
https://mercadolibre.com.hn0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		unknown
    www.google.com
    		142.250.186.164
    		truefalse
      		unknown
      www.cajamar-soporte.com
      		188.114.96.3
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://wieistmeineip.desets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.com.cosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://gliadomain.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://poalim.xyzsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolivre.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://reshim.orgsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nourishingpursuits.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://medonet.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://unotv.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.com.brsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://joyreactor.ccsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://zdrowietvn.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://johndeere.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://songstats.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://baomoi.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://supereva.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://elfinancierocr.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://bolasport.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://rws1nvtvt.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://desimartini.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.appsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.giftsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://heartymail.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nlc.husets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://p106.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://radio2.besets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://finn.nosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hc1.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://kompas.tvsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mystudentdashboard.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://songshare.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.com.mxsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://p24.husets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://talkdeskqaid.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://24.husets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadopago.com.pesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cardsayings.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://text.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mightytext.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://pudelek.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hazipatika.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://joyreactor.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cookreactor.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://wildixin.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://eworkbookcloud.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cognitiveai.rusets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://nacion.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://chennien.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.clsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://talkdeskstgid.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://naukri.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://bonvivir.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://carcostadvisor.besets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://salemovetravel.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://sapo.iosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://wpext.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://welt.desets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://poalim.sitesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://infoedgeindia.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://blackrockadvisorelite.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cognitive-ai.rusets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cafemedia.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://thirdspace.org.ausets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadoshops.com.arsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://smpn106jkt.sch.idsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://elpais.uysets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://landyrev.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://commentcamarche.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://tucarro.com.vesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://rws3nvtvt.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://eleconomista.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://helpdesk.comsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadolivre.com.brsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://clmbtech.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://standardsandpraiserepurpose.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://salemovefinancial.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.com.brsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://commentcamarche.netsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://etfacademy.itsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mighty-app.appspot.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hj.rssets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hearty.mesets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolibre.com.gtsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://timesinternet.insets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://indiatodayne.insets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://idbs-staging.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://blackrock.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://idbs-eworkbook.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolibre.co.crsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://hjck.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://vrt.besets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://prisjakt.nosets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://kompas.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://idbs-dev.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://wingify.comsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadolibre.clsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://player.plsets.json.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mercadopago.com.arsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://mercadolibre.com.hnsets.json.0.drfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          188.114.96.3
          		www.cajamar-soporte.comEuropean Union
          		13335CLOUDFLARENETUSfalse
          142.250.186.164
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          35.190.80.1
          		a.nel.cloudflare.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.8
          192.168.2.9
          192.168.2.6

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1466880
          Start date and time:2024-07-03 14:33:57 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 0s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:http://www.cajamar-soporte.com
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:7
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal48.win@19/5@8/7
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.186.110, 64.233.184.84, 34.104.35.123, 52.165.165.26, 192.229.221.95, 13.85.23.206, 93.184.221.240, 52.165.164.15, 2.16.100.168, 88.221.110.91, 142.250.186.163
          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: http://www.cajamar-soporte.com

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\LICENSE

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):1558
          Entropy (8bit):5.11458514637545
          Encrypted:false
          SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
          MD5:EE002CB9E51BB8DFA89640A406A1090A
          SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
          SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
          SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
          Malicious:false
          Reputation:low
          Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\_metadata\verified_contents.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1864
          Entropy (8bit):6.0157277397082884
          Encrypted:false
          SSDEEP:48:p/hUI15ul1AdIj7ak+wsdrtra1cuUX0eYDAA98gkXhVdEXeXF:RnQQIj7aL11ayjgDzUSXYF
          MD5:4CBD807685B88243CC9EA3E4B60FE8FD
          SHA1:B02FB2A85ECBEA61424F9F14A32590FA2041C068
          SHA-256:8E9B53C9DCD85F58E64164CEAF4E327B52B88C98946EF1067B112B3C9BDC5FEE
          SHA-512:61B4E345BB2AE6BD8907C1D23582709D21089504B23497EC0906D489C096CE981F31CE0D2A2FB5B97E3E5B8D71B36ECC1B0393F55AE9007D36D790FA0B7C4161
          Malicious:false
          Reputation:low
          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJ4UlFLT0lkOFU5ZzZhTTNZdnlieVpyUVcwUnRvM3JWeXpwaXQ3RjB4YUZnIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiQ1k5VzJMb3NsRkxMQmR3VFhVVFJNYnBxdnVSd2g1SVByT1ZsdG9BSUlFNCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC42LjI2LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"JwsfiQnUWfcg0_PuT83D82ftcuaZ7vEsE_gMNDBSQyf3yMBDUgfqYwvvVFJbiHScUgP70t-BqLn6UQvY0bPu6W8oxy6WzuhegflPkarNrUr5BrTQ6T6GUQS5rb5hsCNYhNq2yDXc6JRw2fVbWfO5BsQ7VSpW8gO0oN3x3Ju-4Lr72tesPWvv_g2rkIXZLJHw4z1oZoKx1T2xY6ncKsFBbLnmD1gUSN3iAPPZ9zHg41a62wpcpb9uWRD

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\manifest.fingerprint

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):66
          Entropy (8bit):3.760377931718998
          Encrypted:false
          SSDEEP:3:SURcG3XcDLSHH33BU9DcWTNnn:SUj2SHHBCcWpnn
          MD5:C18D2397B5F0CFF55132B016467CA189
          SHA1:B60B8ADF7CABF73855BB17212831736FB0CB9F74
          SHA-256:5C3233CF05E64742B923685C31E5347CABA89B198FD4A1BBA59A9500C3C16082
          SHA-512:5EF20571951238C960107E0F16ABC3C5FDEAFC6CED038220835B5341C18CEB7C144FB2B2CCA1094C98C5900A15A1B1B1FA3357E011C492805567AE56DE57A1B6
          Malicious:false
          Reputation:low
          Preview:1.1848d9cb81709d6bb8a9612e1cba9fc97bb669c7ef81e2d11c0f937896df8e27

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\manifest.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):85
          Entropy (8bit):4.424014792499492
          Encrypted:false
          SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1jvhg:F6VlM8aRWpqS16
          MD5:2C221BDCF91C9C07551499EE4CD15A6F
          SHA1:CBC3CE0947A3D61A7673A7729CA25DB7DB023336
          SHA-256:C5140A38877C53D83A68CDD8BF26F266B416D11B68DEB572CE98ADEC5D316858
          SHA-512:B77656D3D8598FB946F988906FBE4399B30C4B1DB284FA187C617ECAADA0C98EB913572D4361E43058A68D175E95451B05F875372669ACF98DD1BAAE59F8D9BE
          Malicious:false
          Reputation:low
          Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.6.26.0".}

          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1268_433936625\sets.json

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):9068
          Entropy (8bit):4.624080015119112
          Encrypted:false
          SSDEEP:96:Mon4mvCSqX1gs9/BNKLcxbdmf56MFJtRTGXvcxNnuP+8qJq:v5CSqlTBkIVmtRTGXvcx0sq
          MD5:1D67EF4C7F90E1C8A620ADF17C6B6B13
          SHA1:E90E51A4A2305BCBD5016A3CA02CD14F77FDCBBA
          SHA-256:578DF0513FF5FA4080BDFC0B7094DCB444E09CD3AB3DCBC60165D1369681E2C1
          SHA-512:59B80B6A767EA95254CC64A5CDC17DF3ACC2F0B0E52416D86477109A1EDAB7479E0B1AEAB1FF793F8DC1807AAFAB38915A8267D4F31F618E99DF1AB07C095EE9
          Malicious:false
          Reputation:low
          Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://elpais.com.uy","

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jul 3, 2024 14:34:39.273895979 CEST4434970940.115.3.253192.168.2.6
          Jul 3, 2024 14:34:39.274677992 CEST4434970940.115.3.253192.168.2.6
          Jul 3, 2024 14:34:39.274739027 CEST49709443192.168.2.640.115.3.253
          Jul 3, 2024 14:34:39.275130033 CEST49709443192.168.2.640.115.3.253
          Jul 3, 2024 14:34:39.275146961 CEST4434970940.115.3.253192.168.2.6
          Jul 3, 2024 14:34:39.275163889 CEST49709443192.168.2.640.115.3.253
          Jul 3, 2024 14:34:42.787651062 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:42.787683964 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:42.787781954 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:42.788866997 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:42.788877010 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.381578922 CEST49674443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:43.381742954 CEST49673443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:43.572477102 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.572619915 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.631352901 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.631364107 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.631678104 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.678510904 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.680382967 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.680444956 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.680453062 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.680886984 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.709687948 CEST49672443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:43.728507996 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.870326996 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.871517897 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:43.871526003 CEST4434971040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:43.871606112 CEST49710443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:50.596090078 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:50.596127987 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:50.596194983 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:50.596436977 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:50.596446991 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.069082975 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.069370031 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.069386005 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.070254087 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.070319891 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.071384907 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.071455956 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.071595907 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.071600914 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.112067938 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.468801975 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.468868017 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.468926907 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.469808102 CEST49716443192.168.2.6188.114.96.3
          Jul 3, 2024 14:34:51.469825029 CEST44349716188.114.96.3192.168.2.6
          Jul 3, 2024 14:34:51.482283115 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.482315063 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.482372046 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.482585907 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.482594013 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.633677006 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:51.633717060 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:51.633784056 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:51.634502888 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:51.634515047 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:51.961798906 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.973145008 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.973160982 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.974138975 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.974200964 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.975672960 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.975723028 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:51.975905895 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:51.975910902 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.020087004 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.145253897 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.145962954 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.145987034 CEST4434971835.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.146038055 CEST49718443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.147341967 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.147362947 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.147428036 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.147928953 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.147936106 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.461287975 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.461381912 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.466038942 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.466048002 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.466414928 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.471050978 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.471236944 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.471242905 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.471631050 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.516530991 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.605010033 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.605501890 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.605516911 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.607584953 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.607641935 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.608855963 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.609086037 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.609093904 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.609126091 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.645100117 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.645217896 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.645324945 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.660698891 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.660715103 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.667834997 CEST49720443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:52.667856932 CEST4434972040.113.103.199192.168.2.6
          Jul 3, 2024 14:34:52.707576036 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.733313084 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.733382940 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.733428001 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.733834028 CEST49721443192.168.2.635.190.80.1
          Jul 3, 2024 14:34:52.733846903 CEST4434972135.190.80.1192.168.2.6
          Jul 3, 2024 14:34:52.988826990 CEST49674443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:52.988826990 CEST49673443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:53.316961050 CEST49672443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:53.423821926 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:53.423871040 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:53.424236059 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:53.424638987 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:53.424655914 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:53.762526035 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:53.762567997 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:53.762700081 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:53.765863895 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:53.765877962 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.058985949 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:54.059406042 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:54.059418917 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:54.060378075 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:54.060497046 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:54.061783075 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:54.061832905 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:54.114228010 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:54.114243031 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:34:54.161029100 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:34:54.429883957 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.429951906 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.432216883 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.432231903 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.432554960 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.473542929 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.480170012 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.520509005 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.703166962 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.703233004 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.703305960 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.703418016 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.703418016 CEST49723443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.703433990 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.703444958 CEST44349723184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.743844986 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.743899107 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.744025946 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.744385958 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:54.744401932 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:54.951169014 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:54.951203108 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:54.951354027 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:54.952888966 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:54.952899933 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:54.964551926 CEST44349705173.222.162.64192.168.2.6
          Jul 3, 2024 14:34:54.964642048 CEST49705443192.168.2.6173.222.162.64
          Jul 3, 2024 14:34:55.380026102 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.380088091 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:55.405092001 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:55.405119896 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.405482054 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.408401966 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:55.452502966 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.655921936 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.656006098 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.656246901 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:55.657679081 CEST49724443192.168.2.6184.28.90.27
          Jul 3, 2024 14:34:55.657696009 CEST44349724184.28.90.27192.168.2.6
          Jul 3, 2024 14:34:55.777184010 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.777273893 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.780987024 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.780992985 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.781754017 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.784635067 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.784908056 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.784912109 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.785115004 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.828545094 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.965903997 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.966258049 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.966325045 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.966377020 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:55.966392994 CEST4434972540.113.103.199192.168.2.6
          Jul 3, 2024 14:34:55.966415882 CEST49725443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:59.531886101 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:59.531932116 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:34:59.532017946 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:59.532596111 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:34:59.532608986 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.347877026 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.347946882 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.350020885 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.350028992 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.350337029 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.352251053 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.352302074 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.352307081 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.352442026 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.396502018 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.527951002 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.528106928 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.528366089 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.528366089 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:00.528403044 CEST4434972640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:00.528450966 CEST49726443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:03.964068890 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:03.964126110 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:03.964165926 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:05.476531982 CEST49722443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:05.476573944 CEST44349722142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:11.620343924 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:11.620393038 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:11.624463081 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:11.625670910 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:11.625689983 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.415724993 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.415896893 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.421550989 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.421570063 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.421912909 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.426697969 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.426923990 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.426923990 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.426934004 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.472511053 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.601349115 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.601821899 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:12.601885080 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.602389097 CEST49731443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:12.602408886 CEST4434973140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:16.691335917 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:16.691375017 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:16.691503048 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:16.692082882 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:16.692096949 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.559844017 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.559911966 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.562231064 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.562244892 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.562499046 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.563822031 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.563903093 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.563910961 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.564030886 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.608501911 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.736449003 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.736546040 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:17.736653090 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.736819029 CEST49732443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:17.736840963 CEST4434973240.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.051420927 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.051474094 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.051537991 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.053369045 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.053383112 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.609049082 CEST6309853192.168.2.6162.159.36.2
          Jul 3, 2024 14:35:30.615333080 CEST5363098162.159.36.2192.168.2.6
          Jul 3, 2024 14:35:30.615780115 CEST6309853192.168.2.6162.159.36.2
          Jul 3, 2024 14:35:30.615780115 CEST6309853192.168.2.6162.159.36.2
          Jul 3, 2024 14:35:30.620719910 CEST5363098162.159.36.2192.168.2.6
          Jul 3, 2024 14:35:30.859437943 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.859508038 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.864089966 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.864100933 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.864305019 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.866077900 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.866187096 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.866192102 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:30.866348982 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:30.908502102 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:31.047923088 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:31.048121929 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:31.048196077 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:31.048455954 CEST49733443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:31.048475027 CEST4434973340.113.103.199192.168.2.6
          Jul 3, 2024 14:35:31.064167976 CEST5363098162.159.36.2192.168.2.6
          Jul 3, 2024 14:35:31.064899921 CEST6309853192.168.2.6162.159.36.2
          Jul 3, 2024 14:35:31.070903063 CEST5363098162.159.36.2192.168.2.6
          Jul 3, 2024 14:35:31.070961952 CEST6309853192.168.2.6162.159.36.2
          Jul 3, 2024 14:35:34.483674049 CEST8049704217.20.57.34192.168.2.6
          Jul 3, 2024 14:35:34.483814955 CEST4970480192.168.2.6217.20.57.34
          Jul 3, 2024 14:35:34.483895063 CEST4970480192.168.2.6217.20.57.34
          Jul 3, 2024 14:35:34.490355968 CEST8049704217.20.57.34192.168.2.6
          Jul 3, 2024 14:35:39.899890900 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:39.899935007 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:39.900170088 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:39.900645971 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:39.900656939 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.690068960 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.690152884 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.692715883 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.692739010 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.693006039 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.694946051 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.695004940 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.695014000 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.695204020 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.736512899 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.866451025 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.866667986 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.866725922 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.866964102 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:40.866986990 CEST4436310140.113.103.199192.168.2.6
          Jul 3, 2024 14:35:40.867027998 CEST63101443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:50.873146057 CEST5522453192.168.2.61.1.1.1
          Jul 3, 2024 14:35:50.878124952 CEST53552241.1.1.1192.168.2.6
          Jul 3, 2024 14:35:50.878222942 CEST5522453192.168.2.61.1.1.1
          Jul 3, 2024 14:35:50.878222942 CEST5522453192.168.2.61.1.1.1
          Jul 3, 2024 14:35:50.883241892 CEST53552241.1.1.1192.168.2.6
          Jul 3, 2024 14:35:51.329349041 CEST53552241.1.1.1192.168.2.6
          Jul 3, 2024 14:35:51.330240011 CEST5522453192.168.2.61.1.1.1
          Jul 3, 2024 14:35:51.336349010 CEST53552241.1.1.1192.168.2.6
          Jul 3, 2024 14:35:51.336550951 CEST5522453192.168.2.61.1.1.1
          Jul 3, 2024 14:35:53.194277048 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.194348097 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.194422960 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.195537090 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.195550919 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.465841055 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:53.465882063 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:53.465950966 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:53.466392994 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:53.466407061 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:53.983916998 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.984046936 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.985869884 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.985889912 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.986138105 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.987874985 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.987935066 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:53.987946987 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:53.988071918 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:54.032501936 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:54.127389908 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:54.127690077 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:54.127722979 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:54.128063917 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:54.128396034 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:35:54.128460884 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:35:54.158113003 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:54.158209085 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:54.158274889 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:54.158418894 CEST55226443192.168.2.640.113.103.199
          Jul 3, 2024 14:35:54.158441067 CEST4435522640.113.103.199192.168.2.6
          Jul 3, 2024 14:35:54.177434921 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:36:04.021330118 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:36:04.021413088 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:36:04.021466970 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:36:05.826262951 CEST55227443192.168.2.6142.250.186.164
          Jul 3, 2024 14:36:05.826299906 CEST44355227142.250.186.164192.168.2.6
          Jul 3, 2024 14:36:07.591106892 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:07.591145039 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:07.591234922 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:07.592683077 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:07.592705965 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.470338106 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.470464945 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.472453117 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.472466946 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.472733974 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.474198103 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.474198103 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.474220037 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.474400043 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.520493984 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.645261049 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.645354986 CEST4435522940.113.103.199192.168.2.6
          Jul 3, 2024 14:36:08.645412922 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.645673037 CEST55229443192.168.2.640.113.103.199
          Jul 3, 2024 14:36:08.645694971 CEST4435522940.113.103.199192.168.2.6

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jul 3, 2024 14:34:48.895920038 CEST53499831.1.1.1192.168.2.6
          Jul 3, 2024 14:34:48.910232067 CEST53644521.1.1.1192.168.2.6
          Jul 3, 2024 14:34:49.997984886 CEST53525721.1.1.1192.168.2.6
          Jul 3, 2024 14:34:50.529367924 CEST5799253192.168.2.61.1.1.1
          Jul 3, 2024 14:34:50.529542923 CEST5127353192.168.2.61.1.1.1
          Jul 3, 2024 14:34:50.572201014 CEST53579921.1.1.1192.168.2.6
          Jul 3, 2024 14:34:50.572962999 CEST53512731.1.1.1192.168.2.6
          Jul 3, 2024 14:34:50.575534105 CEST6017053192.168.2.61.1.1.1
          Jul 3, 2024 14:34:50.575678110 CEST5884653192.168.2.61.1.1.1
          Jul 3, 2024 14:34:50.588932037 CEST53601701.1.1.1192.168.2.6
          Jul 3, 2024 14:34:50.593432903 CEST53588461.1.1.1192.168.2.6
          Jul 3, 2024 14:34:51.473149061 CEST6545853192.168.2.61.1.1.1
          Jul 3, 2024 14:34:51.473315001 CEST6401853192.168.2.61.1.1.1
          Jul 3, 2024 14:34:51.481008053 CEST53654581.1.1.1192.168.2.6
          Jul 3, 2024 14:34:51.481950998 CEST53640181.1.1.1192.168.2.6
          Jul 3, 2024 14:34:53.411717892 CEST5162353192.168.2.61.1.1.1
          Jul 3, 2024 14:34:53.412302971 CEST5995153192.168.2.61.1.1.1
          Jul 3, 2024 14:34:53.419444084 CEST53516231.1.1.1192.168.2.6
          Jul 3, 2024 14:34:53.421374083 CEST53599511.1.1.1192.168.2.6
          Jul 3, 2024 14:35:07.321564913 CEST53516821.1.1.1192.168.2.6
          Jul 3, 2024 14:35:26.529257059 CEST53556741.1.1.1192.168.2.6
          Jul 3, 2024 14:35:30.607511997 CEST5351010162.159.36.2192.168.2.6
          Jul 3, 2024 14:35:31.089832067 CEST53493581.1.1.1192.168.2.6
          Jul 3, 2024 14:35:48.811536074 CEST53635521.1.1.1192.168.2.6
          Jul 3, 2024 14:35:49.117007017 CEST53633461.1.1.1192.168.2.6
          Jul 3, 2024 14:35:50.872699022 CEST53570161.1.1.1192.168.2.6

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Jul 3, 2024 14:34:50.529367924 CEST192.168.2.61.1.1.10x3d0bStandard query (0)www.cajamar-soporte.comA (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.529542923 CEST192.168.2.61.1.1.10x780eStandard query (0)www.cajamar-soporte.com65IN (0x0001)false
          Jul 3, 2024 14:34:50.575534105 CEST192.168.2.61.1.1.10x8b1Standard query (0)www.cajamar-soporte.comA (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.575678110 CEST192.168.2.61.1.1.10x7f43Standard query (0)www.cajamar-soporte.com65IN (0x0001)false
          Jul 3, 2024 14:34:51.473149061 CEST192.168.2.61.1.1.10xd74cStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:51.473315001 CEST192.168.2.61.1.1.10x5c1dStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
          Jul 3, 2024 14:34:53.411717892 CEST192.168.2.61.1.1.10x2a0Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:53.412302971 CEST192.168.2.61.1.1.10x8b7aStandard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Jul 3, 2024 14:34:50.572201014 CEST1.1.1.1192.168.2.60x3d0bNo error (0)www.cajamar-soporte.com188.114.96.3A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.572201014 CEST1.1.1.1192.168.2.60x3d0bNo error (0)www.cajamar-soporte.com188.114.97.3A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.572962999 CEST1.1.1.1192.168.2.60x780eNo error (0)www.cajamar-soporte.com65IN (0x0001)false
          Jul 3, 2024 14:34:50.588932037 CEST1.1.1.1192.168.2.60x8b1No error (0)www.cajamar-soporte.com188.114.96.3A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.588932037 CEST1.1.1.1192.168.2.60x8b1No error (0)www.cajamar-soporte.com188.114.97.3A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:50.593432903 CEST1.1.1.1192.168.2.60x7f43No error (0)www.cajamar-soporte.com65IN (0x0001)false
          Jul 3, 2024 14:34:51.481008053 CEST1.1.1.1192.168.2.60xd74cNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:53.419444084 CEST1.1.1.1192.168.2.60x2a0No error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
          Jul 3, 2024 14:34:53.421374083 CEST1.1.1.1192.168.2.60x8b7aNo error (0)www.google.com65IN (0x0001)false
          Jul 3, 2024 14:35:04.293545008 CEST1.1.1.1192.168.2.60x7637No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Jul 3, 2024 14:35:04.293545008 CEST1.1.1.1192.168.2.60x7637No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • www.cajamar-soporte.com
          • a.nel.cloudflare.com
          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.64970940.115.3.253443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:39 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 30 34 31 57 4a 67 53 6e 30 6d 4e 43 4c 46 58 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 63 39 39 35 36 33 35 62 37 61 39 31 64 63 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: V041WJgSn0mNCLFX.1Context: 3c995635b7a91dca
          2024-07-03 12:34:39 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:34:39 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 56 30 34 31 57 4a 67 53 6e 30 6d 4e 43 4c 46 58 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 63 39 39 35 36 33 35 62 37 61 39 31 64 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: V041WJgSn0mNCLFX.2Context: 3c995635b7a91dca<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:34:39 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 56 30 34 31 57 4a 67 53 6e 30 6d 4e 43 4c 46 58 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 63 39 39 35 36 33 35 62 37 61 39 31 64 63 61 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: V041WJgSn0mNCLFX.3Context: 3c995635b7a91dca
          2024-07-03 12:34:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:34:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 62 51 63 45 54 76 42 50 64 30 75 6d 36 33 39 2f 4c 7a 2f 74 70 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: bQcETvBPd0um639/Lz/tpw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          1192.168.2.64971040.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 72 34 2b 57 34 38 4c 47 30 53 71 56 34 70 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 33 38 33 61 61 61 62 32 35 34 31 39 66 38 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: br4+W48LG0SqV4pr.1Context: a0383aaab25419f8
          2024-07-03 12:34:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:34:43 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 62 72 34 2b 57 34 38 4c 47 30 53 71 56 34 70 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 33 38 33 61 61 61 62 32 35 34 31 39 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: br4+W48LG0SqV4pr.2Context: a0383aaab25419f8<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:34:43 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 62 72 34 2b 57 34 38 4c 47 30 53 71 56 34 70 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 33 38 33 61 61 61 62 32 35 34 31 39 66 38 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: br4+W48LG0SqV4pr.3Context: a0383aaab25419f8
          2024-07-03 12:34:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:34:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 49 57 6a 42 52 64 69 39 6b 4b 54 72 51 48 64 4c 4b 74 6f 58 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 2IWjBRdi9kKTrQHdLKtoXA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.649716188.114.96.34433816C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:51 UTC666OUTGET / HTTP/1.1
          Host: www.cajamar-soporte.com
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-07-03 12:34:51 UTC605INHTTP/1.1 404 Not Found
          Date: Wed, 03 Jul 2024 12:34:51 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: close
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ReDujBCiZMW5NfdpoJEvtBz%2B%2Ba8kcV1mpfGCo6Job6m7m2emEn5xu%2Bhk8Xdq%2FgA7RNBZNBOO8UAiCv6zqD6AZ%2Br590YB%2FL%2BYEmikl4jMr1JUtGeTbKLjgLQiEMTmKb8x7fyfG%2FMILgIDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 89d6e97dbd574235-EWR
          alt-svc: h3=":443"; ma=86400
          2024-07-03 12:34:51 UTC5INData Raw: 30 0d 0a 0d 0a
          Data Ascii: 0


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.64971835.190.80.14433816C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:51 UTC568OUTOPTIONS /report/v4?s=2ReDujBCiZMW5NfdpoJEvtBz%2B%2Ba8kcV1mpfGCo6Job6m7m2emEn5xu%2Bhk8Xdq%2FgA7RNBZNBOO8UAiCv6zqD6AZ%2Br590YB%2FL%2BYEmikl4jMr1JUtGeTbKLjgLQiEMTmKb8x7fyfG%2FMILgIDQ%3D%3D HTTP/1.1
          Host: a.nel.cloudflare.com
          Connection: keep-alive
          Origin: https://www.cajamar-soporte.com
          Access-Control-Request-Method: POST
          Access-Control-Request-Headers: content-type
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-07-03 12:34:52 UTC336INHTTP/1.1 200 OK
          Content-Length: 0
          access-control-max-age: 86400
          access-control-allow-methods: POST, OPTIONS
          access-control-allow-origin: *
          access-control-allow-headers: content-type, content-length
          date: Wed, 03 Jul 2024 12:34:51 GMT
          Via: 1.1 google
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close


          Session IDSource IPSource PortDestination IPDestination Port
          4192.168.2.64972040.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 73 67 73 36 33 6e 47 6d 30 75 54 4c 72 6f 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 33 35 65 38 36 32 35 65 35 62 64 62 33 37 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: Dsgs63nGm0uTLroY.1Context: 4d35e8625e5bdb37
          2024-07-03 12:34:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:34:52 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 44 73 67 73 36 33 6e 47 6d 30 75 54 4c 72 6f 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 33 35 65 38 36 32 35 65 35 62 64 62 33 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Dsgs63nGm0uTLroY.2Context: 4d35e8625e5bdb37<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:34:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 73 67 73 36 33 6e 47 6d 30 75 54 4c 72 6f 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 33 35 65 38 36 32 35 65 35 62 64 62 33 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: Dsgs63nGm0uTLroY.3Context: 4d35e8625e5bdb37<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-07-03 12:34:52 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:34:52 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 2b 45 61 45 32 77 4b 55 30 4b 46 6e 4d 69 33 58 46 39 45 70 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: G+EaE2wKU0KFnMi3XF9EpQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.64972135.190.80.14433816C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:52 UTC502OUTPOST /report/v4?s=2ReDujBCiZMW5NfdpoJEvtBz%2B%2Ba8kcV1mpfGCo6Job6m7m2emEn5xu%2Bhk8Xdq%2FgA7RNBZNBOO8UAiCv6zqD6AZ%2Br590YB%2FL%2BYEmikl4jMr1JUtGeTbKLjgLQiEMTmKb8x7fyfG%2FMILgIDQ%3D%3D HTTP/1.1
          Host: a.nel.cloudflare.com
          Connection: keep-alive
          Content-Length: 392
          Content-Type: application/reports+json
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-07-03 12:34:52 UTC392OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 39 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 6a 61 6d 61 72 2d 73 6f 70 6f 72
          Data Ascii: [{"age":1,"body":{"elapsed_time":893,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","url":"https://www.cajamar-sopor
          2024-07-03 12:34:52 UTC168INHTTP/1.1 200 OK
          Content-Length: 0
          date: Wed, 03 Jul 2024 12:34:52 GMT
          Via: 1.1 google
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.649723184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:54 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-07-03 12:34:54 UTC466INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-neu-z1
          Cache-Control: public, max-age=99250
          Date: Wed, 03 Jul 2024 12:34:54 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.649724184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:55 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-07-03 12:34:55 UTC514INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=99259
          Date: Wed, 03 Jul 2024 12:34:55 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-07-03 12:34:55 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination Port
          8192.168.2.64972540.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:34:55 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 57 5a 4e 45 78 56 79 79 45 43 33 6b 49 32 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 61 32 36 64 35 64 65 61 64 33 39 64 36 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: tWZNExVyyEC3kI2L.1Context: 60a26d5dead39d6a
          2024-07-03 12:34:55 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:34:55 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 74 57 5a 4e 45 78 56 79 79 45 43 33 6b 49 32 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 61 32 36 64 35 64 65 61 64 33 39 64 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: tWZNExVyyEC3kI2L.2Context: 60a26d5dead39d6a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:34:55 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 74 57 5a 4e 45 78 56 79 79 45 43 33 6b 49 32 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 30 61 32 36 64 35 64 65 61 64 33 39 64 36 61 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: tWZNExVyyEC3kI2L.3Context: 60a26d5dead39d6a
          2024-07-03 12:34:55 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:34:55 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 53 4e 32 58 53 42 42 38 55 75 38 75 51 39 43 65 70 79 4c 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 8SN2XSBB8Uu8uQ9CepyL/A.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          9192.168.2.64972640.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 57 72 32 63 59 6e 4f 66 6b 36 38 31 2f 4a 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 30 36 65 61 38 31 36 62 32 66 66 66 32 66 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: DWr2cYnOfk681/J5.1Context: f606ea816b2fff2f
          2024-07-03 12:35:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:00 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 44 57 72 32 63 59 6e 4f 66 6b 36 38 31 2f 4a 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 30 36 65 61 38 31 36 62 32 66 66 66 32 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: DWr2cYnOfk681/J5.2Context: f606ea816b2fff2f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:00 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 57 72 32 63 59 6e 4f 66 6b 36 38 31 2f 4a 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 36 30 36 65 61 38 31 36 62 32 66 66 66 32 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: DWr2cYnOfk681/J5.3Context: f606ea816b2fff2f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-07-03 12:35:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 46 64 34 6f 76 44 68 37 78 30 6d 51 30 69 32 71 43 41 59 76 44 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: Fd4ovDh7x0mQ0i2qCAYvDA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          10192.168.2.64973140.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:12 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 33 73 4a 70 2b 72 6f 52 45 4f 4f 74 48 66 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 39 33 33 33 61 37 35 64 63 32 36 39 35 65 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: M3sJp+roREOOtHf/.1Context: 2a9333a75dc2695e
          2024-07-03 12:35:12 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:12 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4d 33 73 4a 70 2b 72 6f 52 45 4f 4f 74 48 66 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 39 33 33 33 61 37 35 64 63 32 36 39 35 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: M3sJp+roREOOtHf/.2Context: 2a9333a75dc2695e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:12 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 33 73 4a 70 2b 72 6f 52 45 4f 4f 74 48 66 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 39 33 33 33 61 37 35 64 63 32 36 39 35 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: M3sJp+roREOOtHf/.3Context: 2a9333a75dc2695e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-07-03 12:35:12 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:12 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6b 43 67 6f 65 49 38 4d 70 30 47 63 55 5a 65 74 2b 56 7a 69 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: kCgoeI8Mp0GcUZet+VziVw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          11192.168.2.64973240.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 4d 6c 36 52 46 6f 4f 32 45 65 30 4b 4a 35 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 66 37 64 63 36 62 37 32 63 32 30 33 33 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: XMl6RFoO2Ee0KJ5h.1Context: dbf7dc6b72c2033a
          2024-07-03 12:35:17 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:17 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 58 4d 6c 36 52 46 6f 4f 32 45 65 30 4b 4a 35 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 66 37 64 63 36 62 37 32 63 32 30 33 33 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: XMl6RFoO2Ee0KJ5h.2Context: dbf7dc6b72c2033a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:17 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 58 4d 6c 36 52 46 6f 4f 32 45 65 30 4b 4a 35 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 62 66 37 64 63 36 62 37 32 63 32 30 33 33 61 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: XMl6RFoO2Ee0KJ5h.3Context: dbf7dc6b72c2033a
          2024-07-03 12:35:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 72 64 71 46 46 63 64 59 73 55 65 46 33 6b 6d 74 59 6c 61 71 75 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: rdqFFcdYsUeF3kmtYlaquw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          12192.168.2.64973340.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:30 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 45 78 4b 4a 4c 71 63 43 45 79 59 4e 51 35 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 61 34 63 34 33 66 34 63 36 34 30 65 35 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: IExKJLqcCEyYNQ5l.1Context: baa4c43f4c640e53
          2024-07-03 12:35:30 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:30 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 49 45 78 4b 4a 4c 71 63 43 45 79 59 4e 51 35 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 61 34 63 34 33 66 34 63 36 34 30 65 35 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: IExKJLqcCEyYNQ5l.2Context: baa4c43f4c640e53<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:30 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 45 78 4b 4a 4c 71 63 43 45 79 59 4e 51 35 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 61 34 63 34 33 66 34 63 36 34 30 65 35 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: IExKJLqcCEyYNQ5l.3Context: baa4c43f4c640e53<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-07-03 12:35:31 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:31 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4a 37 35 6a 42 61 50 73 76 55 79 78 74 67 52 73 33 79 4f 6d 62 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: J75jBaPsvUyxtgRs3yOmbA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          13192.168.2.66310140.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 53 30 42 4e 33 61 77 75 6b 53 54 43 52 43 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 32 31 31 33 32 61 62 39 35 32 65 65 34 34 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: 7S0BN3awukSTCRCT.1Context: d721132ab952ee44
          2024-07-03 12:35:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:40 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 37 53 30 42 4e 33 61 77 75 6b 53 54 43 52 43 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 32 31 31 33 32 61 62 39 35 32 65 65 34 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 7S0BN3awukSTCRCT.2Context: d721132ab952ee44<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:40 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 37 53 30 42 4e 33 61 77 75 6b 53 54 43 52 43 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 37 32 31 31 33 32 61 62 39 35 32 65 65 34 34 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: 7S0BN3awukSTCRCT.3Context: d721132ab952ee44
          2024-07-03 12:35:40 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:40 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 50 5a 51 64 42 32 52 4d 45 79 2f 46 53 36 39 72 37 37 69 68 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: fPZQdB2RMEy/FS69r77ihA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          14192.168.2.65522640.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:35:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 34 49 2b 48 2f 5a 2f 44 45 65 44 4b 4b 58 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 63 37 39 37 32 37 39 62 34 63 33 62 31 66 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: k4I+H/Z/DEeDKKXE.1Context: 45c797279b4c3b1f
          2024-07-03 12:35:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:35:53 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6b 34 49 2b 48 2f 5a 2f 44 45 65 44 4b 4b 58 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 63 37 39 37 32 37 39 62 34 63 33 62 31 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: k4I+H/Z/DEeDKKXE.2Context: 45c797279b4c3b1f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:35:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 34 49 2b 48 2f 5a 2f 44 45 65 44 4b 4b 58 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 63 37 39 37 32 37 39 62 34 63 33 62 31 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: k4I+H/Z/DEeDKKXE.3Context: 45c797279b4c3b1f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-07-03 12:35:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:35:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 58 7a 4c 41 42 37 6f 66 30 4b 6c 76 4d 48 70 52 71 62 6e 6a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: hXzLAB7of0KlvMHpRqbnjw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          15192.168.2.65522940.113.103.199443
          TimestampBytes transferredDirectionData
          2024-07-03 12:36:08 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 6d 38 4c 65 5a 7a 6b 4e 45 47 2f 75 5a 46 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 61 35 66 30 37 65 62 39 33 64 61 33 31 64 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: Pm8LeZzkNEG/uZFj.1Context: f2a5f07eb93da31d
          2024-07-03 12:36:08 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-07-03 12:36:08 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 50 6d 38 4c 65 5a 7a 6b 4e 45 47 2f 75 5a 46 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 61 35 66 30 37 65 62 39 33 64 61 33 31 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 61 44 44 6d 46 75 41 66 4a 6a 4a 41 78 51 78 68 39 47 5a 42 31 7a 34 6a 35 39 59 62 59 4b 30 6f 68 45 33 36 74 2f 68 52 54 79 39 62 71 7a 56 65 59 41 55 37 63 56 45 45 38 6e 61 38 48 6b 38 42 66 4e 4d 53 76 30 35 58 4a 76 4b 4d 45 41 49 36 31 30 4e 55 46 71 35 4a 57 72 37 79 33 34 51 33 33 61 67 6f 42 41 6d 75 6d 66 64 69 34
          Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Pm8LeZzkNEG/uZFj.2Context: f2a5f07eb93da31d<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAaDDmFuAfJjJAxQxh9GZB1z4j59YbYK0ohE36t/hRTy9bqzVeYAU7cVEE8na8Hk8BfNMSv05XJvKMEAI610NUFq5JWr7y34Q33agoBAmumfdi4
          2024-07-03 12:36:08 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 50 6d 38 4c 65 5a 7a 6b 4e 45 47 2f 75 5a 46 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 61 35 66 30 37 65 62 39 33 64 61 33 31 64 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: Pm8LeZzkNEG/uZFj.3Context: f2a5f07eb93da31d
          2024-07-03 12:36:08 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-07-03 12:36:08 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 49 67 68 49 44 6c 43 77 6b 32 70 58 35 69 56 6a 48 75 49 51 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: /IghIDlCwk2pX5iVjHuIQg.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:08:34:42
          Start date:03/07/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:08:34:47
          Start date:03/07/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1968,i,4168028207707315712,12834125092476391758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:08:34:49
          Start date:03/07/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.cajamar-soporte.com"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly