Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=

Overview

General Information

Sample URL:http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=
Analysis ID:1516874
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2228,i,4008841099199349795,14814363013724915212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 1112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=Avira URL Cloud: detection malicious, Label: malware
Antivirus detection for URL or domain
Source: http://218.203.148.37.host.secureserver.net/close.htmlAvira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 24 Sep 2024 14:27:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 20 Oct 2022 03:54:24 GMTETag: "59-5eb6f47ea7c00-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 96Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 51 28 a9 2c 48 b5 55 2a 49 ad 28 d1 cf 4a 2c 4b 84 88 2a d9 f1 72 f1 72 95 67 e6 a5 e4 97 eb e5 e4 27 27 96 64 e6 e7 e9 65 14 a5 a6 d9 2a 25 26 e5 97 96 58 25 e5 24 e6 65 2b 59 83 94 d9 e8 43 34 81 f5 f0 72 01 00 34 63 a0 02 59 00 00 00 Data Ascii: )N.,(Q(,HU*I(J,K*rrg''de*%&X%$e+YC4r4cY
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ= HTTP/1.1Host: 218.203.148.37.host.secureserver.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /close.html HTTP/1.1Host: 218.203.148.37.host.secureserver.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: 218.203.148.37.host.secureserver.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: classification engineClassification label: mal56.win@16/2@4/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2228,i,4008841099199349795,14814363013724915212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ="
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2228,i,4008841099199349795,14814363013724915212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
about:blank0%Avira URL Cloudsafe
http://218.203.148.37.host.secureserver.net/close.html100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    218.203.148.37.host.secureserver.net
    		37.148.203.218
    		truefalse
      		unknown
      www.google.com
      		142.250.186.100
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://218.203.148.37.host.secureserver.net/close.htmlfalse
          • Avira URL Cloud: malware
          		unknown
          about:blankfalse
          • Avira URL Cloud: safe
          		unknown
          http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=true
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            37.148.203.218
            		218.203.148.37.host.secureserver.netGermany
            		21501GODADDY-AMSDEfalse
            142.250.186.100
            		www.google.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.6
            192.168.2.5

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1516874
            Start date and time:2024-09-24 16:26:04 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 9s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:6
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal56.win@16/2@4/5
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.181.238, 64.233.167.84, 34.104.35.123, 13.85.23.86, 192.229.221.95, 20.242.39.171, 199.232.210.172, 93.184.221.240, 216.58.206.67, 88.221.110.91, 2.16.100.168
            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.
            • VT rate limit hit for: http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ=

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            Chrome Cache Entry: 39

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:gzip compressed data, from Unix, original size modulo 2^32 89
            Category:downloaded
            Size (bytes):96
            Entropy (8bit):5.683884443804306
            Encrypted:false
            SSDEEP:3:FttPqtN0F+k98OqpMxADrASBJRZGW0ll:XtqN0FF8OarASBl0ll
            MD5:B128D728F9645DE1FE2C1BCF32B13B0A
            SHA1:739140D2A1F183B584DE964E89DEC6992329A797
            SHA-256:868E0B9922776ABE3738F771214AAF1E5F0C7DA47F2730123BAA4D204028E4F8
            SHA-512:22E2DA41E3A33BE0C164A201DA0B28D68AA684A55FEF3600507D77C79BBE01F51ADBB98172FFEFC5A7C26E5B787E077222DC0D956C4A22122A7A2618E702068B
            Malicious:false
            Reputation:low
            URL:http://218.203.148.37.host.secureserver.net/close.html
            Preview:...........)N..,(Q(.,H.U*I.(..J,K..*..r.r.g.....''.d...e....*%&.X%.$.e+Y....C4...r..4c..Y...

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Sep 24, 2024 16:26:53.482412100 CEST49673443192.168.2.6173.222.162.64
            Sep 24, 2024 16:26:53.482458115 CEST49674443192.168.2.6173.222.162.64
            Sep 24, 2024 16:26:53.732803106 CEST49672443192.168.2.6173.222.162.64
            Sep 24, 2024 16:27:02.472172976 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:02.472223043 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:02.472316027 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:02.473015070 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:02.473031044 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.152235985 CEST49674443192.168.2.6173.222.162.64
            Sep 24, 2024 16:27:03.230350018 CEST49673443192.168.2.6173.222.162.64
            Sep 24, 2024 16:27:03.356780052 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.356889009 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.368772984 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.368804932 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.369154930 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.392075062 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.392213106 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.392225981 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.392565966 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.419179916 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:03.419562101 CEST4971780192.168.2.637.148.203.218
            Sep 24, 2024 16:27:03.437730074 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:03.437813997 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:03.439410925 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.440179110 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:03.441031933 CEST804971737.148.203.218192.168.2.6
            Sep 24, 2024 16:27:03.441107988 CEST4971780192.168.2.637.148.203.218
            Sep 24, 2024 16:27:03.452008963 CEST49672443192.168.2.6173.222.162.64
            Sep 24, 2024 16:27:03.456180096 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:03.600799084 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.601465940 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:03.601651907 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.615175962 CEST49715443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:03.615200996 CEST4434971540.115.3.253192.168.2.6
            Sep 24, 2024 16:27:04.255798101 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:04.275151968 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:04.286142111 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:04.473937988 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:04.540704012 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:05.029011011 CEST44349708173.222.162.64192.168.2.6
            Sep 24, 2024 16:27:05.029115915 CEST49708443192.168.2.6173.222.162.64
            Sep 24, 2024 16:27:05.486105919 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:05.486162901 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:05.486272097 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:05.486622095 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:05.486639977 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:06.591340065 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:06.591835022 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:06.591877937 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:06.592912912 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:06.592974901 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:07.022627115 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:07.023690939 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:07.077451944 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:07.077471972 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:07.124077082 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:07.422594070 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:07.422641039 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:07.422751904 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:07.427421093 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:07.427434921 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.148859024 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.148938894 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.157715082 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.157726049 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.158025980 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.249074936 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.279041052 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.319408894 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.567368984 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.567634106 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.567657948 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.567671061 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.568037033 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.568125010 CEST44349722184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.568171024 CEST49722443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.598512888 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.598561049 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:08.598639011 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.599054098 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:08.599065065 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.612421036 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:09.612961054 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:09.617510080 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.617809057 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.620219946 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.620249987 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.620506048 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.622128963 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.667401075 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.923649073 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.923795938 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.924113989 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.924592972 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.924592972 CEST49723443192.168.2.6184.28.90.27
            Sep 24, 2024 16:27:09.924640894 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:09.924669027 CEST44349723184.28.90.27192.168.2.6
            Sep 24, 2024 16:27:10.395273924 CEST4971680192.168.2.637.148.203.218
            Sep 24, 2024 16:27:10.407589912 CEST804971637.148.203.218192.168.2.6
            Sep 24, 2024 16:27:13.986957073 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:13.987000942 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:13.987061977 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:13.987756014 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:13.987772942 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.080724001 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.080822945 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.088845015 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.088887930 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.089557886 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.096771955 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.100296974 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.100326061 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.102406979 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.143419981 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.278546095 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.278748035 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:15.278815031 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.279102087 CEST49727443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:15.279125929 CEST4434972740.115.3.253192.168.2.6
            Sep 24, 2024 16:27:16.054706097 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:16.054783106 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:16.054897070 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:16.390988111 CEST49721443192.168.2.6142.250.186.100
            Sep 24, 2024 16:27:16.391041040 CEST44349721142.250.186.100192.168.2.6
            Sep 24, 2024 16:27:27.138665915 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.138712883 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.138771057 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.139848948 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.139863014 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.927345991 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.927459002 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.933178902 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.933201075 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.933634043 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.936901093 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.937119007 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.937119007 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:27.937127113 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:27.983397007 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:28.108839989 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:28.108930111 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:28.109473944 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:28.110304117 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:28.110304117 CEST49728443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:28.110335112 CEST4434972840.115.3.253192.168.2.6
            Sep 24, 2024 16:27:44.288021088 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:44.288064003 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:44.288156986 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:44.289031982 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:44.289045095 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.087127924 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.087205887 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.089334965 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.089343071 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.089622974 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.091589928 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.091770887 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.091777086 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.091914892 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.139409065 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.269224882 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.269411087 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:45.269484997 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.269582033 CEST49729443192.168.2.640.115.3.253
            Sep 24, 2024 16:27:45.269596100 CEST4434972940.115.3.253192.168.2.6
            Sep 24, 2024 16:27:48.449780941 CEST4971780192.168.2.637.148.203.218
            Sep 24, 2024 16:27:48.454633951 CEST804971737.148.203.218192.168.2.6
            Sep 24, 2024 16:27:55.582335949 CEST804971737.148.203.218192.168.2.6
            Sep 24, 2024 16:27:55.582432032 CEST4971780192.168.2.637.148.203.218
            Sep 24, 2024 16:27:56.392940998 CEST4971780192.168.2.637.148.203.218
            Sep 24, 2024 16:27:56.397880077 CEST804971737.148.203.218192.168.2.6
            Sep 24, 2024 16:28:02.936765909 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:02.936811924 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:02.936872959 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:02.938859940 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:02.938874960 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.720628023 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.720726013 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.744388103 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.744411945 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.744745970 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.747888088 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.747956991 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.747963905 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.748389006 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.795396090 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.922926903 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.923012972 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:03.923078060 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.923275948 CEST49732443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:03.923296928 CEST4434973240.115.3.253192.168.2.6
            Sep 24, 2024 16:28:05.676422119 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:05.676454067 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:05.676537037 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:05.676805019 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:05.676819086 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:06.367363930 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:06.391745090 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:06.391755104 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:06.392132998 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:06.422776937 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:06.422863007 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:06.465662003 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:16.230304956 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:16.230416059 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:16.230494976 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:16.389854908 CEST49733443192.168.2.6142.250.186.100
            Sep 24, 2024 16:28:16.389887094 CEST44349733142.250.186.100192.168.2.6
            Sep 24, 2024 16:28:21.725195885 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:21.725251913 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:21.725368977 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:21.726191998 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:21.726212978 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.522084951 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.522176027 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.527179003 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.527194023 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.527450085 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.530930996 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.531017065 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.531023979 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.531508923 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.579404116 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.706922054 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.707119942 CEST4434973440.115.3.253192.168.2.6
            Sep 24, 2024 16:28:22.707236052 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.707792997 CEST49734443192.168.2.640.115.3.253
            Sep 24, 2024 16:28:22.707814932 CEST4434973440.115.3.253192.168.2.6

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Sep 24, 2024 16:27:01.956463099 CEST53619411.1.1.1192.168.2.6
            Sep 24, 2024 16:27:01.964689970 CEST53507481.1.1.1192.168.2.6
            Sep 24, 2024 16:27:03.066802979 CEST53579711.1.1.1192.168.2.6
            Sep 24, 2024 16:27:03.378119946 CEST6259953192.168.2.61.1.1.1
            Sep 24, 2024 16:27:03.378288031 CEST6221653192.168.2.61.1.1.1
            Sep 24, 2024 16:27:03.418040991 CEST53625991.1.1.1192.168.2.6
            Sep 24, 2024 16:27:03.418174028 CEST53622161.1.1.1192.168.2.6
            Sep 24, 2024 16:27:05.476504087 CEST4936353192.168.2.61.1.1.1
            Sep 24, 2024 16:27:05.476820946 CEST5940353192.168.2.61.1.1.1
            Sep 24, 2024 16:27:05.484082937 CEST53594031.1.1.1192.168.2.6
            Sep 24, 2024 16:27:05.484515905 CEST53493631.1.1.1192.168.2.6
            Sep 24, 2024 16:27:20.396589994 CEST53606951.1.1.1192.168.2.6
            Sep 24, 2024 16:27:40.011816978 CEST53654231.1.1.1192.168.2.6
            Sep 24, 2024 16:28:01.571141005 CEST53518161.1.1.1192.168.2.6
            Sep 24, 2024 16:28:01.869785070 CEST53573401.1.1.1192.168.2.6

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Sep 24, 2024 16:27:03.378119946 CEST192.168.2.61.1.1.10x4521Standard query (0)218.203.148.37.host.secureserver.netA (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:03.378288031 CEST192.168.2.61.1.1.10x222Standard query (0)218.203.148.37.host.secureserver.net65IN (0x0001)false
            Sep 24, 2024 16:27:05.476504087 CEST192.168.2.61.1.1.10xd190Standard query (0)www.google.comA (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:05.476820946 CEST192.168.2.61.1.1.10xe062Standard query (0)www.google.com65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Sep 24, 2024 16:27:03.418040991 CEST1.1.1.1192.168.2.60x4521No error (0)218.203.148.37.host.secureserver.net37.148.203.218A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:05.484082937 CEST1.1.1.1192.168.2.60xe062No error (0)www.google.com65IN (0x0001)false
            Sep 24, 2024 16:27:05.484515905 CEST1.1.1.1192.168.2.60xd190No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:12.840953112 CEST1.1.1.1192.168.2.60x7bf9No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
            Sep 24, 2024 16:27:12.840953112 CEST1.1.1.1192.168.2.60x7bf9No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:13.930584908 CEST1.1.1.1192.168.2.60x469eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:13.930584908 CEST1.1.1.1192.168.2.60x469eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:54.192997932 CEST1.1.1.1192.168.2.60x24e9No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Sep 24, 2024 16:27:54.192997932 CEST1.1.1.1192.168.2.60x24e9No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • fs.microsoft.com
            • 218.203.148.37.host.secureserver.net

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.64971637.148.203.218801444C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Sep 24, 2024 16:27:03.440179110 CEST488OUTGET /?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ= HTTP/1.1
            Host: 218.203.148.37.host.secureserver.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Sep 24, 2024 16:27:04.255798101 CEST578INHTTP/1.1 302 Found
            Date: Tue, 24 Sep 2024 14:27:04 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Location: close.html
            Content-Length: 348
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: text/html; charset=UTF-8
            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0d 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 2e 6d 65 6e 73 61 67 65 6d 20 7b 0d 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0d 0a 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 27 6d 65 6e 73 61 67 65 6d 27 3e 44 65 73 63 61 72 67 61 6e 64 6f 20 73 75 20 61 72 63 68 69 76 6f 20 50 44 46 2e 2e 2e 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 [TRUNCATED]
            Data Ascii: <html><head> <style> body { display: flex; align-items: center; justify-content: center; height: 100vh; margin: 0; } .mensagem { font-size: 2em; text-align: center; } </style></head><body> <div class='mensagem'>Descargando su archivo PDF...</div></body></html>
            Sep 24, 2024 16:27:04.275151968 CEST461OUTGET /close.html HTTP/1.1
            Host: 218.203.148.37.host.secureserver.net
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Sep 24, 2024 16:27:04.473937988 CEST430INHTTP/1.1 200 OK
            Date: Tue, 24 Sep 2024 14:27:04 GMT
            Server: Apache/2.4.41 (Ubuntu)
            Last-Modified: Thu, 20 Oct 2022 03:54:24 GMT
            ETag: "59-5eb6f47ea7c00-gzip"
            Accept-Ranges: bytes
            Vary: Accept-Encoding
            Content-Encoding: gzip
            Content-Length: 96
            Keep-Alive: timeout=5, max=99
            Connection: Keep-Alive
            Content-Type: text/html
            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 51 28 a9 2c 48 b5 55 2a 49 ad 28 d1 cf 4a 2c 4b 84 88 2a d9 f1 72 f1 72 95 67 e6 a5 e4 97 eb e5 e4 27 27 96 64 e6 e7 e9 65 14 a5 a6 d9 2a 25 26 e5 97 96 58 25 e5 24 e6 65 2b 59 83 94 d9 e8 43 34 81 f5 f0 72 01 00 34 63 a0 02 59 00 00 00
            Data Ascii: )N.,(Q(,HU*I(J,K*rrg''de*%&X%$e+YC4r4cY


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.64971737.148.203.218801444C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Sep 24, 2024 16:27:48.449780941 CEST6OUTData Raw: 00
            Data Ascii:


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination Port
            0192.168.2.64971540.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:03 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 6c 6f 30 63 2b 45 64 71 30 75 55 62 73 37 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 37 33 34 63 65 31 33 34 36 33 62 64 66 36 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 305MS-CV: Ilo0c+Edq0uUbs72.1Context: 62734ce13463bdf6
            2024-09-24 14:27:03 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:27:03 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 6c 6f 30 63 2b 45 64 71 30 75 55 62 73 37 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 37 33 34 63 65 31 33 34 36 33 62 64 66 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a
            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Ilo0c+Edq0uUbs72.2Context: 62734ce13463bdf6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFj
            2024-09-24 14:27:03 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 6c 6f 30 63 2b 45 64 71 30 75 55 62 73 37 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 37 33 34 63 65 31 33 34 36 33 62 64 66 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 197MS-CV: Ilo0c+Edq0uUbs72.3Context: 62734ce13463bdf6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:27:03 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:27:03 UTC58INData Raw: 4d 53 2d 43 56 3a 20 78 59 51 35 56 39 77 73 43 45 2b 5a 43 6f 4c 70 70 69 6b 6a 2f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: xYQ5V9wsCE+ZCoLppikj/w.0Payload parsing failed.


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.649722184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:08 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-09-24 14:27:08 UTC466INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=25958
            Date: Tue, 24 Sep 2024 14:27:08 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.649723184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:09 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-09-24 14:27:09 UTC514INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=25953
            Date: Tue, 24 Sep 2024 14:27:09 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-09-24 14:27:09 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination Port
            3192.168.2.64972740.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:15 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 51 44 32 66 64 4e 77 32 6b 36 38 58 6d 35 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 66 65 33 30 64 31 39 62 65 31 61 63 62 62 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 305MS-CV: zQD2fdNw2k68Xm5e.1Context: 80fe30d19be1acbb
            2024-09-24 14:27:15 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:27:15 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 51 44 32 66 64 4e 77 32 6b 36 38 58 6d 35 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 66 65 33 30 64 31 39 62 65 31 61 63 62 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a
            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zQD2fdNw2k68Xm5e.2Context: 80fe30d19be1acbb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFj
            2024-09-24 14:27:15 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 51 44 32 66 64 4e 77 32 6b 36 38 58 6d 35 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 30 66 65 33 30 64 31 39 62 65 31 61 63 62 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 197MS-CV: zQD2fdNw2k68Xm5e.3Context: 80fe30d19be1acbb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:27:15 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:27:15 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 6a 30 65 2b 76 43 39 4f 30 4f 51 2f 44 51 65 47 4c 57 50 76 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: aj0e+vC9O0OQ/DQeGLWPvQ.0Payload parsing failed.


            Session IDSource IPSource PortDestination IPDestination Port
            4192.168.2.64972840.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:27 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 41 76 43 6b 4a 74 4b 72 71 6b 4b 69 72 57 6b 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 30 64 38 62 63 64 63 34 63 61 30 66 38 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 304MS-CV: AvCkJtKrqkKirWkA.1Context: 1e0d8bcdc4ca0f8
            2024-09-24 14:27:27 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:27:27 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 41 76 43 6b 4a 74 4b 72 71 6b 4b 69 72 57 6b 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 30 64 38 62 63 64 63 34 63 61 30 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a 45
            Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: AvCkJtKrqkKirWkA.2Context: 1e0d8bcdc4ca0f8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFjE
            2024-09-24 14:27:27 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 41 76 43 6b 4a 74 4b 72 71 6b 4b 69 72 57 6b 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 65 30 64 38 62 63 64 63 34 63 61 30 66 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 196MS-CV: AvCkJtKrqkKirWkA.3Context: 1e0d8bcdc4ca0f8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:27:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:27:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 45 31 72 36 41 78 39 6d 55 75 52 30 31 44 6d 69 4e 4f 6c 63 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: vE1r6Ax9mUuR01DmiNOlcA.0Payload parsing failed.


            Session IDSource IPSource PortDestination IPDestination Port
            5192.168.2.64972940.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:27:45 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 6c 65 58 33 64 69 35 58 6b 4f 4a 73 46 5a 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 62 30 65 39 36 36 33 65 31 64 30 62 61 38 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 305MS-CV: NleX3di5XkOJsFZY.1Context: f2b0e9663e1d0ba8
            2024-09-24 14:27:45 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:27:45 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 6c 65 58 33 64 69 35 58 6b 4f 4a 73 46 5a 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 62 30 65 39 36 36 33 65 31 64 30 62 61 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a
            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NleX3di5XkOJsFZY.2Context: f2b0e9663e1d0ba8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFj
            2024-09-24 14:27:45 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 6c 65 58 33 64 69 35 58 6b 4f 4a 73 46 5a 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 62 30 65 39 36 36 33 65 31 64 30 62 61 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 197MS-CV: NleX3di5XkOJsFZY.3Context: f2b0e9663e1d0ba8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:27:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:27:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 33 6a 47 48 75 62 49 61 62 6b 57 59 6a 4d 46 69 74 31 4c 55 64 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: 3jGHubIabkWYjMFit1LUdg.0Payload parsing failed.


            Session IDSource IPSource PortDestination IPDestination Port
            6192.168.2.64973240.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:28:03 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 63 4c 62 67 61 65 2b 61 45 47 55 77 57 71 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 34 61 62 64 65 33 63 64 65 38 33 65 34 61 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 305MS-CV: ZcLbgae+aEGUwWq3.1Context: 5c4abde3cde83e4a
            2024-09-24 14:28:03 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:28:03 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 5a 63 4c 62 67 61 65 2b 61 45 47 55 77 57 71 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 34 61 62 64 65 33 63 64 65 38 33 65 34 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a
            Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ZcLbgae+aEGUwWq3.2Context: 5c4abde3cde83e4a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFj
            2024-09-24 14:28:03 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 63 4c 62 67 61 65 2b 61 45 47 55 77 57 71 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 34 61 62 64 65 33 63 64 65 38 33 65 34 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 197MS-CV: ZcLbgae+aEGUwWq3.3Context: 5c4abde3cde83e4a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:28:03 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:28:03 UTC58INData Raw: 4d 53 2d 43 56 3a 20 37 51 6b 4a 67 34 6f 5a 70 45 47 6e 4f 52 63 4a 62 4c 70 42 7a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: 7QkJg4oZpEGnORcJbLpBzg.0Payload parsing failed.


            Session IDSource IPSource PortDestination IPDestination Port
            7192.168.2.64973440.115.3.253443
            TimestampBytes transferredDirectionData
            2024-09-24 14:28:22 UTC69OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 33 0d 0a 4d 53 2d 43 56 3a 20 43 35 46 74 75 4f 35 33 62 45 71 50 63 4e 73 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 36 66 66 38 65 63 30 66 61 34 65 33 0d 0a 0d 0a
            Data Ascii: CNT 1 CON 303MS-CV: C5FtuO53bEqPcNsd.1Context: 8f6ff8ec0fa4e3
            2024-09-24 14:28:22 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
            2024-09-24 14:28:22 UTC1082OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 39 0d 0a 4d 53 2d 43 56 3a 20 43 35 46 74 75 4f 35 33 62 45 71 50 63 4e 73 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 36 66 66 38 65 63 30 66 61 34 65 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 78 43 67 33 31 4a 63 70 78 44 58 76 78 61 4e 66 68 76 36 37 72 58 79 78 35 34 43 74 67 48 44 63 56 39 32 33 33 2f 45 31 38 6f 37 67 55 37 78 64 6c 4b 47 62 32 2b 70 55 42 6a 51 5a 72 77 4b 6a 49 61 35 55 76 35 49 77 41 39 4c 4c 6c 52 36 68 65 2b 52 68 33 31 4e 2b 2b 65 2f 59 6c 32 2b 55 48 6f 51 31 73 39 39 41 4d 41 46 6a 45 70
            Data Ascii: ATH 2 CON\DEVICE 1059MS-CV: C5FtuO53bEqPcNsd.2Context: 8f6ff8ec0fa4e3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfxCg31JcpxDXvxaNfhv67rXyx54CtgHDcV9233/E18o7gU7xdlKGb2+pUBjQZrwKjIa5Uv5IwA9LLlR6he+Rh31N++e/Yl2+UHoQ1s99AMAFjEp
            2024-09-24 14:28:22 UTC216OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 35 0d 0a 4d 53 2d 43 56 3a 20 43 35 46 74 75 4f 35 33 62 45 71 50 63 4e 73 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 36 66 66 38 65 63 30 66 61 34 65 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
            Data Ascii: BND 3 CON\WNS 0 195MS-CV: C5FtuO53bEqPcNsd.3Context: 8f6ff8ec0fa4e3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
            2024-09-24 14:28:22 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
            Data Ascii: 202 1 CON 58
            2024-09-24 14:28:22 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 2b 6d 70 4a 30 38 48 4b 6b 71 36 50 5a 4e 4a 78 30 54 66 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
            Data Ascii: MS-CV: y+mpJ08HKkq6PZNJx0Tfiw.0Payload parsing failed.


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:10:26:55
            Start date:24/09/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:10:27:01
            Start date:24/09/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2228,i,4008841099199349795,14814363013724915212,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:10:27:02
            Start date:24/09/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://218.203.148.37.host.secureserver.net/?BLzDqtOtKg=YbkczbGNvZWxob0BlZW0ucHQ="
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly