Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://usps.com-trackaddn.top/l

Overview

General Information

Sample URL:http://usps.com-trackaddn.top/l
Analysis ID:1582814
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w11x64_office
  • chrome.exe (PID: 6888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)
    • chrome.exe (PID: 7140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2028,i,13538688915386839124,12840978526519683152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2180 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)
  • chrome.exe (PID: 7300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://usps.com-trackaddn.top/l" MD5: 290DF23002E9B52249B5549F0C668A86)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://usps.com-trackaddn.top/lSlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

barindex
AI detected suspicious URL
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://usps.com-trackaddn.top
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: http://usps.com-trackaddn.top
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63517 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63519 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63520 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63522 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63523 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.24:63510 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.174.3
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 23.212.90.75
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknownTCP traffic detected without corresponding DNS query: 172.64.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.73.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.102
Source: unknownTCP traffic detected without corresponding DNS query: 72.21.81.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.9
Source: unknownTCP traffic detected without corresponding DNS query: 104.92.227.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.155
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.131
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.131
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 48.209.162.134
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknownTCP traffic detected without corresponding DNS query: 48.209.162.134
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.131
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.197.184
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.237
Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.50
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.174.3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.237
Source: global trafficHTTP traffic detected: GET /l HTTP/1.1Host: usps.com-trackaddn.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: res.public.onecdn.static.microsoftConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: */*If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org
Source: global trafficDNS traffic detected: DNS query: usps.com-trackaddn.top
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0Date: Tue, 31 Dec 2024 14:08:12 GMTTransfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 63514 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63520
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63522
Source: unknownNetwork traffic detected: HTTP traffic on port 63523 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63523
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 63513 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63517 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63520 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 63519 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63514
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63517
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63519
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63522 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63513
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63517 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63519 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63520 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63522 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.24:63523 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6888_1264975591Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6888_1264975591Jump to behavior
Source: classification engineClassification label: mal52.win@19/0@6/3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2028,i,13538688915386839124,12840978526519683152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2180 /prefetch:11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://usps.com-trackaddn.top/l"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2028,i,13538688915386839124,12840978526519683152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2180 /prefetch:11Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://usps.com-trackaddn.top/l0%Avira URL Cloudsafe
http://usps.com-trackaddn.top/l100%SlashNextFraudulent Website type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://usps.com-trackaddn.top/l0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.132
truefalse
    		high
    usps.com-trackaddn.top
    		43.153.71.154
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://res.public.onecdn.static.microsoft/creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpgfalse
        		high
        https://usps.com-trackaddn.top/lfalse
        • Avira URL Cloud: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        142.250.186.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        43.153.71.154
        		usps.com-trackaddn.topJapan4249LILLY-ASUSfalse

        Private

        IP
        192.168.2.24

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1582814
        Start date and time:2024-12-31 15:07:09 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 52s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:http://usps.com-trackaddn.top/l
        Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
        Run name:Potential for more IOCs and behavior
        Number of analysed new started processes analysed:23
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal52.win@19/0@6/3
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23, 172.217.23.99, 142.250.185.78, 173.194.76.84, 142.250.185.142, 142.250.186.78, 142.250.185.174, 216.58.206.78, 142.250.181.238, 172.217.18.14, 172.217.18.106, 142.250.185.170, 142.250.184.202, 142.250.74.202, 142.250.186.42, 172.217.16.202, 142.250.186.106, 142.250.186.170, 142.250.181.234, 172.217.18.10, 142.250.184.234, 172.217.16.138, 142.250.186.138, 142.250.185.234, 216.58.206.42, 142.250.185.202, 172.217.16.206, 199.232.214.172, 142.250.185.163, 142.250.185.238, 142.250.185.110, 20.109.210.53, 20.103.156.88, 20.190.160.22
        • Excluded domains from analysis (whitelisted): clients1.google.com, chrome.cloudflare-dns.com, client.wns.windows.com, crt.comodoca.com.cdn.cloudflare.net, accounts.google.com, slscr.update.microsoft.com, fd.api.iris.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, crt.comodoca.com, x1.c.lencr.org, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, res.public.onecdn.static.microsoft, update.googleapis.com, clients.l.google.com, c.pki.goog
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtOpenFile calls found.
        • VT rate limit hit for: http://usps.com-trackaddn.top/l

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        No static file info

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Dec 31, 2024 15:08:09.489039898 CET4434974223.217.174.3192.168.2.24
        Dec 31, 2024 15:08:09.490312099 CET4434974223.217.174.3192.168.2.24
        Dec 31, 2024 15:08:09.490421057 CET49742443192.168.2.2423.217.174.3
        Dec 31, 2024 15:08:11.177293062 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.177324057 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.177423954 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.178057909 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.178073883 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.470675945 CET4978880192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.470901966 CET4978980192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.475518942 CET804978843.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.475600004 CET4978880192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.475730896 CET804978943.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.475794077 CET4978980192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.995296001 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.995753050 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.995773077 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.997514963 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.997610092 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.998636007 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.998728991 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:11.998819113 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:11.998826981 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:12.050441980 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:12.217509985 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:12.217684031 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:12.217809916 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:12.301330090 CET49787443192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:12.301366091 CET4434978743.153.71.154192.168.2.24
        Dec 31, 2024 15:08:14.233403921 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:14.233469009 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:14.233558893 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:14.233916044 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:14.233933926 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.083570957 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.084026098 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:15.084059954 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.085177898 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.085248947 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:15.086282969 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:15.086344957 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.132527113 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:15.132550001 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:15.180541992 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:25.168703079 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:25.168785095 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:25.168849945 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:26.319613934 CET49790443192.168.2.24142.250.186.132
        Dec 31, 2024 15:08:26.319643021 CET44349790142.250.186.132192.168.2.24
        Dec 31, 2024 15:08:28.727823973 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:28.727855921 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:28.727962017 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:28.731656075 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:28.731668949 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.357837915 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.357899904 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.359302044 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.359316111 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.360296011 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.360342979 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.364006996 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.364069939 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.364114046 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.364120007 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.364272118 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.418263912 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.463340044 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.619610071 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.619641066 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.619685888 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.619710922 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.619728088 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.619728088 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:29.619770050 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.626121044 CET49796443192.168.2.2423.212.90.75
        Dec 31, 2024 15:08:29.626151085 CET4434979623.212.90.75192.168.2.24
        Dec 31, 2024 15:08:34.590087891 CET49735443192.168.2.24204.79.197.203
        Dec 31, 2024 15:08:34.594989061 CET44349735204.79.197.203192.168.2.24
        Dec 31, 2024 15:08:35.542571068 CET49744443192.168.2.2420.110.205.119
        Dec 31, 2024 15:08:35.547429085 CET4434974420.110.205.119192.168.2.24
        Dec 31, 2024 15:08:35.589690924 CET49745443192.168.2.24204.79.197.203
        Dec 31, 2024 15:08:35.594500065 CET44349745204.79.197.203192.168.2.24
        Dec 31, 2024 15:08:35.605556965 CET49743443192.168.2.24108.139.47.50
        Dec 31, 2024 15:08:35.610373974 CET44349743108.139.47.50192.168.2.24
        Dec 31, 2024 15:08:35.860584021 CET49746443192.168.2.2413.107.21.237
        Dec 31, 2024 15:08:35.865356922 CET4434974613.107.21.237192.168.2.24
        Dec 31, 2024 15:08:37.419740915 CET49755443192.168.2.24172.64.41.3
        Dec 31, 2024 15:08:37.424596071 CET44349755172.64.41.3192.168.2.24
        Dec 31, 2024 15:08:38.072678089 CET49757443192.168.2.24204.79.197.203
        Dec 31, 2024 15:08:38.077455044 CET44349757204.79.197.203192.168.2.24
        Dec 31, 2024 15:08:38.310635090 CET49758443192.168.2.2423.57.90.153
        Dec 31, 2024 15:08:38.315450907 CET4434975823.57.90.153192.168.2.24
        Dec 31, 2024 15:08:39.807609081 CET49769443192.168.2.2420.42.73.24
        Dec 31, 2024 15:08:39.812443018 CET4434976920.42.73.24192.168.2.24
        Dec 31, 2024 15:08:40.061592102 CET49768443192.168.2.2423.199.50.102
        Dec 31, 2024 15:08:40.066771030 CET4434976823.199.50.102192.168.2.24
        Dec 31, 2024 15:08:40.140575886 CET49770443192.168.2.2472.21.81.200
        Dec 31, 2024 15:08:40.145454884 CET4434977072.21.81.200192.168.2.24
        Dec 31, 2024 15:08:40.329004049 CET49737443192.168.2.24104.117.182.9
        Dec 31, 2024 15:08:40.333791971 CET44349737104.117.182.9192.168.2.24
        Dec 31, 2024 15:08:40.648765087 CET49774443192.168.2.24104.92.227.202
        Dec 31, 2024 15:08:40.653615952 CET44349774104.92.227.202192.168.2.24
        Dec 31, 2024 15:08:41.013360977 CET49776443192.168.2.2423.57.90.155
        Dec 31, 2024 15:08:41.018212080 CET4434977623.57.90.155192.168.2.24
        Dec 31, 2024 15:08:48.076777935 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:08:48.081576109 CET8049798216.58.212.131192.168.2.24
        Dec 31, 2024 15:08:48.081702948 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:08:48.081768036 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:08:48.086515903 CET8049798216.58.212.131192.168.2.24
        Dec 31, 2024 15:08:48.217833996 CET4972980192.168.2.24192.229.221.95
        Dec 31, 2024 15:08:48.217927933 CET49727443192.168.2.2448.209.162.134
        Dec 31, 2024 15:08:48.222959042 CET8049729192.229.221.95192.168.2.24
        Dec 31, 2024 15:08:48.223043919 CET4972980192.168.2.24192.229.221.95
        Dec 31, 2024 15:08:48.223334074 CET4434972748.209.162.134192.168.2.24
        Dec 31, 2024 15:08:48.223392963 CET49727443192.168.2.2448.209.162.134
        Dec 31, 2024 15:08:48.701915026 CET8049798216.58.212.131192.168.2.24
        Dec 31, 2024 15:08:48.716846943 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:08:48.721991062 CET80497992.23.197.184192.168.2.24
        Dec 31, 2024 15:08:48.722059011 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:08:48.722126007 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:08:48.726843119 CET80497992.23.197.184192.168.2.24
        Dec 31, 2024 15:08:48.757627010 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:08:49.357285023 CET80497992.23.197.184192.168.2.24
        Dec 31, 2024 15:08:49.370960951 CET6351053192.168.2.241.1.1.1
        Dec 31, 2024 15:08:49.376010895 CET53635101.1.1.1192.168.2.24
        Dec 31, 2024 15:08:49.376087904 CET6351053192.168.2.241.1.1.1
        Dec 31, 2024 15:08:49.381454945 CET53635101.1.1.1192.168.2.24
        Dec 31, 2024 15:08:49.406616926 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:08:49.835711956 CET6351053192.168.2.241.1.1.1
        Dec 31, 2024 15:08:49.840759993 CET53635101.1.1.1192.168.2.24
        Dec 31, 2024 15:08:49.840820074 CET6351053192.168.2.241.1.1.1
        Dec 31, 2024 15:08:51.797020912 CET49745443192.168.2.24204.79.197.203
        Dec 31, 2024 15:08:51.797086954 CET49746443192.168.2.2413.107.21.237
        Dec 31, 2024 15:08:51.797132015 CET49744443192.168.2.2420.110.205.119
        Dec 31, 2024 15:08:51.797168016 CET49743443192.168.2.24108.139.47.50
        Dec 31, 2024 15:08:51.797198057 CET49742443192.168.2.2423.217.174.3
        Dec 31, 2024 15:08:51.801929951 CET4434974223.217.174.3192.168.2.24
        Dec 31, 2024 15:08:51.802150965 CET44349745204.79.197.203192.168.2.24
        Dec 31, 2024 15:08:51.802222967 CET49745443192.168.2.24204.79.197.203
        Dec 31, 2024 15:08:51.802597046 CET4434974613.107.21.237192.168.2.24
        Dec 31, 2024 15:08:51.802640915 CET4434974420.110.205.119192.168.2.24
        Dec 31, 2024 15:08:51.802645922 CET49746443192.168.2.2413.107.21.237
        Dec 31, 2024 15:08:51.802653074 CET44349743108.139.47.50192.168.2.24
        Dec 31, 2024 15:08:51.802685976 CET49744443192.168.2.2420.110.205.119
        Dec 31, 2024 15:08:51.802712917 CET49743443192.168.2.24108.139.47.50
        Dec 31, 2024 15:08:52.591187954 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591213942 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:52.591213942 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591269970 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:52.591284990 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591320992 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591548920 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591562986 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:52.591758013 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:52.591773033 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.054048061 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.065723896 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.098653078 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.105439901 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.128848076 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.128854990 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.128977060 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.128992081 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.130064964 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.130127907 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.130172968 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.130223989 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.190706015 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.190825939 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.193717957 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.193855047 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.196978092 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.196994066 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.199858904 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.199872017 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.240636110 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.240638018 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.308814049 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.309097052 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.309175014 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.309236050 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.309245110 CET44363513104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.309253931 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.309289932 CET63513443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.311378956 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.311451912 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.311499119 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.311587095 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.311602116 CET44363514104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.311609030 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.311639071 CET63514443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:56.484657049 CET4978980192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:56.484658003 CET4978880192.168.2.2443.153.71.154
        Dec 31, 2024 15:08:56.734889030 CET804978843.153.71.154192.168.2.24
        Dec 31, 2024 15:08:56.734904051 CET804978943.153.71.154192.168.2.24
        Dec 31, 2024 15:09:03.864403009 CET8049780204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:03.864518881 CET4978080192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:03.864518881 CET4978080192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:03.869324923 CET8049780204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:11.979371071 CET804978843.153.71.154192.168.2.24
        Dec 31, 2024 15:09:11.979450941 CET4978880192.168.2.2443.153.71.154
        Dec 31, 2024 15:09:11.988079071 CET804978943.153.71.154192.168.2.24
        Dec 31, 2024 15:09:11.988138914 CET4978980192.168.2.2443.153.71.154
        Dec 31, 2024 15:09:12.323426962 CET4978880192.168.2.2443.153.71.154
        Dec 31, 2024 15:09:12.323467016 CET4978980192.168.2.2443.153.71.154
        Dec 31, 2024 15:09:12.328259945 CET804978843.153.71.154192.168.2.24
        Dec 31, 2024 15:09:12.328273058 CET804978943.153.71.154192.168.2.24
        Dec 31, 2024 15:09:14.277293921 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:14.277334929 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:14.277484894 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:14.277879000 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:14.277894974 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:15.135098934 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:15.135509968 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:15.135535955 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:15.135864973 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:15.136428118 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:15.136491060 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:15.185756922 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:15.344923973 CET49673443192.168.2.2420.198.118.190
        Dec 31, 2024 15:09:15.344965935 CET4434967320.198.118.190192.168.2.24
        Dec 31, 2024 15:09:15.964621067 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:15.964654922 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:15.964829922 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:15.967364073 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:15.967377901 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:16.759546041 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:16.759613991 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:16.771384954 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:16.771399021 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:16.771624088 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:16.824059963 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:17.957631111 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:17.957631111 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:17.957663059 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:17.957880974 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:17.999332905 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:18.129750013 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:18.129827023 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:18.130459070 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.130956888 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.130968094 CET4436351740.115.3.253192.168.2.24
        Dec 31, 2024 15:09:18.130995989 CET63517443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.755146980 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.755182981 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:18.755258083 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.756239891 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:18.756253958 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.544409990 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.544848919 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.547003984 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.547013998 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.547239065 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.551450968 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.551450968 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.551470041 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.551708937 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.599369049 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.605423927 CET49735443192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:19.610274076 CET44349735204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:19.723362923 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.723450899 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.724251032 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.724251032 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:19.724273920 CET4436351940.115.3.253192.168.2.24
        Dec 31, 2024 15:09:19.724304914 CET63519443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:22.435782909 CET49755443192.168.2.24172.64.41.3
        Dec 31, 2024 15:09:22.440726995 CET44349755172.64.41.3192.168.2.24
        Dec 31, 2024 15:09:23.087790966 CET49757443192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:23.092670918 CET44349757204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:23.285928011 CET443497262.16.158.192192.168.2.24
        Dec 31, 2024 15:09:23.286071062 CET49726443192.168.2.242.16.158.192
        Dec 31, 2024 15:09:23.286128998 CET443497262.16.158.192192.168.2.24
        Dec 31, 2024 15:09:23.286183119 CET49726443192.168.2.242.16.158.192
        Dec 31, 2024 15:09:23.326786041 CET49758443192.168.2.2423.57.90.153
        Dec 31, 2024 15:09:23.331602097 CET4434975823.57.90.153192.168.2.24
        Dec 31, 2024 15:09:24.826812029 CET49769443192.168.2.2420.42.73.24
        Dec 31, 2024 15:09:24.831660032 CET4434976920.42.73.24192.168.2.24
        Dec 31, 2024 15:09:25.063545942 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:25.063612938 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:25.063812017 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:25.077800989 CET49768443192.168.2.2423.199.50.102
        Dec 31, 2024 15:09:25.082696915 CET4434976823.199.50.102192.168.2.24
        Dec 31, 2024 15:09:25.156796932 CET49770443192.168.2.2472.21.81.200
        Dec 31, 2024 15:09:25.161566019 CET4434977072.21.81.200192.168.2.24
        Dec 31, 2024 15:09:25.348345995 CET49737443192.168.2.24104.117.182.9
        Dec 31, 2024 15:09:25.353219032 CET44349737104.117.182.9192.168.2.24
        Dec 31, 2024 15:09:25.666137934 CET49774443192.168.2.24104.92.227.202
        Dec 31, 2024 15:09:25.670999050 CET44349774104.92.227.202192.168.2.24
        Dec 31, 2024 15:09:26.031871080 CET49776443192.168.2.2423.57.90.155
        Dec 31, 2024 15:09:26.036823034 CET4434977623.57.90.155192.168.2.24
        Dec 31, 2024 15:09:26.315855980 CET63516443192.168.2.24142.250.186.132
        Dec 31, 2024 15:09:26.315880060 CET44363516142.250.186.132192.168.2.24
        Dec 31, 2024 15:09:27.646987915 CET49778443192.168.2.2420.189.173.11
        Dec 31, 2024 15:09:27.647120953 CET49728443192.168.2.24104.126.37.201
        Dec 31, 2024 15:09:27.652188063 CET4434977820.189.173.11192.168.2.24
        Dec 31, 2024 15:09:27.652256012 CET49778443192.168.2.2420.189.173.11
        Dec 31, 2024 15:09:27.652595997 CET44349728104.126.37.201192.168.2.24
        Dec 31, 2024 15:09:27.652651072 CET49728443192.168.2.24104.126.37.201
        Dec 31, 2024 15:09:27.800688982 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:27.800721884 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:27.800838947 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:27.801745892 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:27.801759958 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.602674961 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.602770090 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.605204105 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.605210066 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.605447054 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.609417915 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.609473944 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.609479904 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.609616041 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.651335001 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.783560991 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.783651114 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:28.783756971 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.784008980 CET63520443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:28.784018040 CET4436352040.115.3.253192.168.2.24
        Dec 31, 2024 15:09:37.562031984 CET49730443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:37.562032938 CET4973480192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:37.562130928 CET49741443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:37.567194939 CET4434973040.126.31.67192.168.2.24
        Dec 31, 2024 15:09:37.567264080 CET49730443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:37.567743063 CET8049734192.229.221.95192.168.2.24
        Dec 31, 2024 15:09:37.567794085 CET4973480192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:37.567807913 CET4434974140.126.31.67192.168.2.24
        Dec 31, 2024 15:09:37.567867041 CET49741443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:41.740021944 CET4975480192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:41.745131969 CET8049754192.229.221.95192.168.2.24
        Dec 31, 2024 15:09:41.745214939 CET4975480192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:43.371154070 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:43.371180058 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:43.371279955 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:43.372185946 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:43.372201920 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:43.985042095 CET49773443192.168.2.24184.28.90.27
        Dec 31, 2024 15:09:43.985321999 CET49772443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:43.990048885 CET44349773184.28.90.27192.168.2.24
        Dec 31, 2024 15:09:43.990122080 CET49773443192.168.2.24184.28.90.27
        Dec 31, 2024 15:09:43.990468025 CET4434977240.126.31.67192.168.2.24
        Dec 31, 2024 15:09:43.990514040 CET49772443192.168.2.2440.126.31.67
        Dec 31, 2024 15:09:44.161473036 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.161586046 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.164025068 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.164035082 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.164261103 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.168247938 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.168351889 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.168356895 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.168462038 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.211338997 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.346751928 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.346854925 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:44.346931934 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.347229004 CET63522443192.168.2.2440.115.3.253
        Dec 31, 2024 15:09:44.347239017 CET4436352240.115.3.253192.168.2.24
        Dec 31, 2024 15:09:45.079231977 CET49775443192.168.2.24184.28.90.27
        Dec 31, 2024 15:09:45.084265947 CET44349775184.28.90.27192.168.2.24
        Dec 31, 2024 15:09:45.084336042 CET49775443192.168.2.24184.28.90.27
        Dec 31, 2024 15:09:46.923146009 CET4977980192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:46.928184032 CET8049779192.229.221.95192.168.2.24
        Dec 31, 2024 15:09:46.928261995 CET4977980192.168.2.24192.229.221.95
        Dec 31, 2024 15:09:53.236289978 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:09:53.236326933 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:09:53.241611004 CET80497992.23.197.184192.168.2.24
        Dec 31, 2024 15:09:53.241704941 CET4979980192.168.2.242.23.197.184
        Dec 31, 2024 15:09:53.242207050 CET8049798216.58.212.131192.168.2.24
        Dec 31, 2024 15:09:53.242258072 CET4979880192.168.2.24216.58.212.131
        Dec 31, 2024 15:09:53.385132074 CET4434975823.57.90.153192.168.2.24
        Dec 31, 2024 15:09:53.385354042 CET4434975823.57.90.153192.168.2.24
        Dec 31, 2024 15:09:53.385380030 CET49758443192.168.2.2423.57.90.153
        Dec 31, 2024 15:09:53.385407925 CET49758443192.168.2.2423.57.90.153
        Dec 31, 2024 15:09:53.390171051 CET4434975823.57.90.153192.168.2.24
        Dec 31, 2024 15:09:54.786490917 CET44349735204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:54.786566973 CET49735443192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:54.786753893 CET49735443192.168.2.24204.79.197.203
        Dec 31, 2024 15:09:54.791501999 CET44349735204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:54.934245110 CET4434976823.199.50.102192.168.2.24
        Dec 31, 2024 15:09:54.934329987 CET4434976823.199.50.102192.168.2.24
        Dec 31, 2024 15:09:54.934391975 CET49768443192.168.2.2423.199.50.102
        Dec 31, 2024 15:09:54.934489965 CET49768443192.168.2.2423.199.50.102
        Dec 31, 2024 15:09:54.939223051 CET4434976823.199.50.102192.168.2.24
        Dec 31, 2024 15:09:55.241436005 CET44349737104.117.182.9192.168.2.24
        Dec 31, 2024 15:09:55.241615057 CET44349737104.117.182.9192.168.2.24
        Dec 31, 2024 15:09:55.241656065 CET49737443192.168.2.24104.117.182.9
        Dec 31, 2024 15:09:55.241688013 CET49737443192.168.2.24104.117.182.9
        Dec 31, 2024 15:09:55.246455908 CET44349737104.117.182.9192.168.2.24
        Dec 31, 2024 15:09:55.539417982 CET44349774104.92.227.202192.168.2.24
        Dec 31, 2024 15:09:55.539467096 CET44349774104.92.227.202192.168.2.24
        Dec 31, 2024 15:09:55.539530039 CET49774443192.168.2.24104.92.227.202
        Dec 31, 2024 15:09:55.539700985 CET49774443192.168.2.24104.92.227.202
        Dec 31, 2024 15:09:55.544487953 CET44349774104.92.227.202192.168.2.24
        Dec 31, 2024 15:09:56.081970930 CET4434977623.57.90.155192.168.2.24
        Dec 31, 2024 15:09:56.082103968 CET4434977623.57.90.155192.168.2.24
        Dec 31, 2024 15:09:56.082155943 CET49776443192.168.2.2423.57.90.155
        Dec 31, 2024 15:09:56.082196951 CET49776443192.168.2.2423.57.90.155
        Dec 31, 2024 15:09:56.086952925 CET4434977623.57.90.155192.168.2.24
        Dec 31, 2024 15:09:56.329233885 CET4434976920.42.73.24192.168.2.24
        Dec 31, 2024 15:09:56.329313040 CET49769443192.168.2.2420.42.73.24
        Dec 31, 2024 15:09:56.329488993 CET49769443192.168.2.2420.42.73.24
        Dec 31, 2024 15:09:56.335248947 CET4434976920.42.73.24192.168.2.24
        Dec 31, 2024 15:09:59.620974064 CET44349757204.79.197.203192.168.2.24
        Dec 31, 2024 15:09:59.621059895 CET49757443192.168.2.24204.79.197.203
        Dec 31, 2024 15:10:01.008407116 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.008455038 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.008553028 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.009479046 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.009493113 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.789047956 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.789256096 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.791568995 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.791580915 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.791827917 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.799518108 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.799576044 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.799581051 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.799721956 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.847325087 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.974611998 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.974704981 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:01.974757910 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.974936962 CET63523443192.168.2.2440.115.3.253
        Dec 31, 2024 15:10:01.974958897 CET4436352340.115.3.253192.168.2.24
        Dec 31, 2024 15:10:07.448051929 CET49755443192.168.2.24172.64.41.3
        Dec 31, 2024 15:10:07.453088999 CET44349755172.64.41.3192.168.2.24
        Dec 31, 2024 15:10:10.164040089 CET49770443192.168.2.2472.21.81.200
        Dec 31, 2024 15:10:10.168802977 CET4434977072.21.81.200192.168.2.24

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Dec 31, 2024 15:08:10.011416912 CET53542621.1.1.1192.168.2.24
        Dec 31, 2024 15:08:10.078794003 CET4435130823.44.203.14192.168.2.24
        Dec 31, 2024 15:08:10.108017921 CET53635681.1.1.1192.168.2.24
        Dec 31, 2024 15:08:10.115350962 CET51308443192.168.2.2423.44.203.14
        Dec 31, 2024 15:08:10.264059067 CET4436108823.57.90.153192.168.2.24
        Dec 31, 2024 15:08:10.305083990 CET61088443192.168.2.2423.57.90.153
        Dec 31, 2024 15:08:10.462050915 CET4435088123.57.90.155192.168.2.24
        Dec 31, 2024 15:08:10.511627913 CET50881443192.168.2.2423.57.90.155
        Dec 31, 2024 15:08:10.577704906 CET4435130823.44.203.14192.168.2.24
        Dec 31, 2024 15:08:10.629770041 CET5007653192.168.2.241.1.1.1
        Dec 31, 2024 15:08:10.630209923 CET5684453192.168.2.241.1.1.1
        Dec 31, 2024 15:08:10.659507036 CET51308443192.168.2.2423.44.203.14
        Dec 31, 2024 15:08:10.660520077 CET5865853192.168.2.241.1.1.1
        Dec 31, 2024 15:08:10.660725117 CET5083753192.168.2.241.1.1.1
        Dec 31, 2024 15:08:10.727953911 CET4435130823.44.203.14192.168.2.24
        Dec 31, 2024 15:08:10.728243113 CET51308443192.168.2.2423.44.203.14
        Dec 31, 2024 15:08:10.764261007 CET4436108823.57.90.153192.168.2.24
        Dec 31, 2024 15:08:10.802530050 CET61088443192.168.2.2423.57.90.153
        Dec 31, 2024 15:08:10.928729057 CET4436108823.57.90.153192.168.2.24
        Dec 31, 2024 15:08:10.929712057 CET61088443192.168.2.2423.57.90.153
        Dec 31, 2024 15:08:10.932756901 CET53508371.1.1.1192.168.2.24
        Dec 31, 2024 15:08:10.961472988 CET4435088123.57.90.155192.168.2.24
        Dec 31, 2024 15:08:11.119683027 CET4435088123.57.90.155192.168.2.24
        Dec 31, 2024 15:08:11.148834944 CET53586581.1.1.1192.168.2.24
        Dec 31, 2024 15:08:11.180085897 CET50881443192.168.2.2423.57.90.155
        Dec 31, 2024 15:08:11.355492115 CET53568441.1.1.1192.168.2.24
        Dec 31, 2024 15:08:11.380276918 CET53559371.1.1.1192.168.2.24
        Dec 31, 2024 15:08:11.468832970 CET53500761.1.1.1192.168.2.24
        Dec 31, 2024 15:08:14.225579977 CET5692953192.168.2.241.1.1.1
        Dec 31, 2024 15:08:14.225739956 CET6191953192.168.2.241.1.1.1
        Dec 31, 2024 15:08:14.232168913 CET53569291.1.1.1192.168.2.24
        Dec 31, 2024 15:08:14.232511044 CET53619191.1.1.1192.168.2.24
        Dec 31, 2024 15:08:20.078069925 CET4435130823.44.203.14192.168.2.24
        Dec 31, 2024 15:08:20.266377926 CET4436108823.57.90.153192.168.2.24
        Dec 31, 2024 15:08:20.498466969 CET4435088123.57.90.155192.168.2.24
        Dec 31, 2024 15:08:28.282390118 CET53574301.1.1.1192.168.2.24
        Dec 31, 2024 15:08:39.230216026 CET53495231.1.1.1192.168.2.24
        Dec 31, 2024 15:08:47.159559011 CET53510211.1.1.1192.168.2.24
        Dec 31, 2024 15:08:49.370579958 CET53648491.1.1.1192.168.2.24
        Dec 31, 2024 15:08:51.805713892 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:51.805846930 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:51.806062937 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.278781891 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.279443026 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.304759026 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.376979113 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.376991034 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.377000093 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.377010107 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.377403975 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.377441883 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.489806890 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.490135908 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:52.588736057 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.590280056 CET44364471162.159.61.3192.168.2.24
        Dec 31, 2024 15:08:52.623779058 CET64471443192.168.2.24162.159.61.3
        Dec 31, 2024 15:08:53.310309887 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.777023077 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.777051926 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.777064085 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.777077913 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.777610064 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.778126001 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.796572924 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.796674013 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.796905994 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.796924114 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.796937943 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.797106028 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.797131062 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.922816992 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923470020 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923479080 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923506975 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923515081 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923597097 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.923789024 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.923935890 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.934628963 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.934715033 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.934953928 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.936014891 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.936024904 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:08:53.936187029 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:53.972215891 CET53572443192.168.2.24104.117.182.75
        Dec 31, 2024 15:08:54.034847021 CET44353572104.117.182.75192.168.2.24
        Dec 31, 2024 15:09:09.549835920 CET53583491.1.1.1192.168.2.24
        Dec 31, 2024 15:09:09.674319983 CET53627461.1.1.1192.168.2.24
        Dec 31, 2024 15:09:39.530586958 CET53593351.1.1.1192.168.2.24

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Dec 31, 2024 15:08:10.629770041 CET192.168.2.241.1.1.10x856eStandard query (0)usps.com-trackaddn.topA (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:10.630209923 CET192.168.2.241.1.1.10x355bStandard query (0)usps.com-trackaddn.top65IN (0x0001)false
        Dec 31, 2024 15:08:10.660520077 CET192.168.2.241.1.1.10xc119Standard query (0)usps.com-trackaddn.topA (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:10.660725117 CET192.168.2.241.1.1.10xb740Standard query (0)usps.com-trackaddn.top65IN (0x0001)false
        Dec 31, 2024 15:08:14.225579977 CET192.168.2.241.1.1.10x9ee0Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:14.225739956 CET192.168.2.241.1.1.10xd105Standard query (0)www.google.com65IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Dec 31, 2024 15:08:11.148834944 CET1.1.1.1192.168.2.240xc119No error (0)usps.com-trackaddn.top43.153.71.154A (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:11.468832970 CET1.1.1.1192.168.2.240x856eNo error (0)usps.com-trackaddn.top43.153.71.154A (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:14.232168913 CET1.1.1.1192.168.2.240x9ee0No error (0)www.google.com142.250.186.132A (IP address)IN (0x0001)false
        Dec 31, 2024 15:08:14.232511044 CET1.1.1.1192.168.2.240xd105No error (0)www.google.com65IN (0x0001)false

        HTTP Request Dependency Graph

        • usps.com-trackaddn.top
        • res.public.onecdn.static.microsoft
        • c.pki.goog
        • x1.c.lencr.org

        HTTP Packets

        Session IDSource IPSource PortDestination IPDestination Port
        0192.168.2.2449798216.58.212.13180
        TimestampBytes transferredDirectionData
        Dec 31, 2024 15:08:48.081768036 CET200OUTGET /r/r1.crl HTTP/1.1
        Cache-Control: max-age = 3000
        Connection: Keep-Alive
        Accept: */*
        If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: c.pki.goog
        Dec 31, 2024 15:08:48.701915026 CET222INHTTP/1.1 304 Not Modified
        Date: Tue, 31 Dec 2024 14:01:53 GMT
        Expires: Tue, 31 Dec 2024 14:51:53 GMT
        Age: 415
        Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
        Cache-Control: public, max-age=3000
        Vary: Accept-Encoding


        Session IDSource IPSource PortDestination IPDestination Port
        1192.168.2.24497992.23.197.18480
        TimestampBytes transferredDirectionData
        Dec 31, 2024 15:08:48.722126007 CET227OUTGET / HTTP/1.1
        Cache-Control: max-age = 3600
        Connection: Keep-Alive
        Accept: */*
        If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT
        If-None-Match: "65ca969f-2cd"
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: x1.c.lencr.org
        Dec 31, 2024 15:08:49.357285023 CET1023INHTTP/1.1 200 OK
        Server: nginx
        Content-Type: application/pkix-crl
        Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT
        ETag: "675c7673-2de"
        Cache-Control: max-age=3600
        Expires: Tue, 31 Dec 2024 15:08:49 GMT
        Date: Tue, 31 Dec 2024 14:08:49 GMT
        Content-Length: 734
        Connection: keep-alive
        Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED]
        Data Ascii: 000*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00*H%/5Pe;s?^i)_*)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCG*wsS:


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        2192.168.2.244978943.153.71.154807140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Dec 31, 2024 15:08:56.484657049 CET6OUTData Raw: 00
        Data Ascii:


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        3192.168.2.244978843.153.71.154807140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        Dec 31, 2024 15:08:56.484658003 CET6OUTData Raw: 00
        Data Ascii:


        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.244978743.153.71.1544437140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2024-12-31 14:08:11 UTC673OUTGET /l HTTP/1.1
        Host: usps.com-trackaddn.top
        Connection: keep-alive
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
        sec-ch-ua-mobile: ?0
        sec-ch-ua-platform: "Windows"
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate, br, zstd
        Accept-Language: en-US,en;q=0.9
        2024-12-31 14:08:12 UTC164INHTTP/1.1 404 Not Found
        Server: nginx/1.24.0
        Date: Tue, 31 Dec 2024 14:08:12 GMT
        Transfer-Encoding: chunked
        Connection: close
        Access-Control-Allow-Origin: *
        2024-12-31 14:08:12 UTC5INData Raw: 30 0d 0a 0d 0a
        Data Ascii: 0


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.244979623.212.90.75443
        TimestampBytes transferredDirectionData
        2024-12-31 14:08:29 UTC399OUTGET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1
        Accept: */*
        Accept-Encoding: gzip, deflate, br
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631
        Host: res.public.onecdn.static.microsoft
        Connection: Keep-Alive
        2024-12-31 14:08:29 UTC1213INHTTP/1.1 200 OK
        Content-Type: text/plain
        Last-Modified: Thu, 12 Dec 2024 01:09:10 GMT
        x-ms-request-id: e7c69371-a01e-0058-4332-4c27c8000000
        Cache-Control: max-age=630720000
        Date: Tue, 31 Dec 2024 14:08:29 GMT
        Alt-Svc: h3=":443"; ma=93600
        Content-Length: 2495
        Connection: close
        Akamai-Request-BC: [a=23.38.99.77,b=1479009602,c=g,n=DE_HE_FRANKFURT,o=20940]
        AK-Network: ESSL
        Report-To: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=FRANKFURT&ASN=16625&Country=DE&Region=HE&RequestIdentifier=0.4d632617.1735654109.5827e542&TotalRTCDNTime=162&CompressionType=gzip&FileSize="}],"include_subdomains ":true}
        NEL: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
        Server-Timing: clientrtt; dur=162, clienttt; dur=, origin; dur=0 , cdntime; dur=0
        Akamai-Cache-Status: Hit from child
        Timing-Allow-Origin: *
        Access-Control-Expose-Headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id
        Access-Control-Allow-Origin: *
        Strict-Transport-Security: max-age=31536000; includeSubDomains
        X-CDN-Provider: Akamai
        2024-12-31 14:08:29 UTC2495INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 00 40 00 40 03 01 11 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
        Data Ascii: JFIFHHCC@@}!1AQa"q2


        Session IDSource IPSource PortDestination IPDestination Port
        2192.168.2.2463513104.117.182.75443
        TimestampBytes transferredDirectionData
        2024-12-31 14:08:53 UTC436OUTOPTIONS /api/report?cat=bingth&ndcParam=QUZE HTTP/1.1
        Host: aefd.nelreports.net
        Connection: keep-alive
        Origin: https://th.bing.com
        Access-Control-Request-Method: POST
        Access-Control-Request-Headers: content-type
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-12-31 14:08:53 UTC443INHTTP/1.1 200 OK
        Content-Length: 0
        Server: Kestrel
        Date: Tue, 31 Dec 2024 14:08:53 GMT
        Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
        Connection: close
        PMUSER_FORMAT_QS:
        X-CDN-TraceId: 0.2db67568.1735654133.72c35c
        Access-Control-Allow-Headers: *
        Access-Control-Allow-Credentials: false
        Access-Control-Allow-Methods: GET, OPTIONS, POST
        Access-Control-Allow-Origin: *


        Session IDSource IPSource PortDestination IPDestination Port
        3192.168.2.2463514104.117.182.75443
        TimestampBytes transferredDirectionData
        2024-12-31 14:08:53 UTC441OUTOPTIONS /api/report?cat=bingth&ndcParam=QWthbWFp HTTP/1.1
        Host: aefd.nelreports.net
        Connection: keep-alive
        Origin: https://www.bing.com
        Access-Control-Request-Method: POST
        Access-Control-Request-Headers: content-type
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-12-31 14:08:53 UTC445INHTTP/1.1 200 OK
        Content-Length: 0
        Server: Kestrel
        Date: Tue, 31 Dec 2024 14:08:53 GMT
        Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
        Connection: close
        PMUSER_FORMAT_QS:
        X-CDN-TraceId: 0.47b67568.1735654133.11e6765f
        Access-Control-Allow-Headers: *
        Access-Control-Allow-Credentials: false
        Access-Control-Allow-Methods: GET, OPTIONS, POST
        Access-Control-Allow-Origin: *


        Session IDSource IPSource PortDestination IPDestination Port
        4192.168.2.246351740.115.3.253443
        TimestampBytes transferredDirectionData
        2024-12-31 14:09:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 74 62 65 38 48 43 4d 70 44 55 79 44 71 2f 30 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 61 62 30 63 66 66 36 62 39 33 33 66 61 34 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 316MS-CV: tbe8HCMpDUyDq/0s.1Context: d2ab0cff6b933fa4
        2024-12-31 14:09:17 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
        2024-12-31 14:09:17 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 62 65 38 48 43 4d 70 44 55 79 44 71 2f 30 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 61 62 30 63 66 66 36 62 39 33 33 66 61 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tbe8HCMpDUyDq/0s.2Context: d2ab0cff6b933fa4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
        2024-12-31 14:09:17 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 62 65 38 48 43 4d 70 44 55 79 44 71 2f 30 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 61 62 30 63 66 66 36 62 39 33 33 66 61 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: tbe8HCMpDUyDq/0s.3Context: d2ab0cff6b933fa4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2024-12-31 14:09:18 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2024-12-31 14:09:18 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2b 58 57 66 52 4a 62 72 56 30 69 36 73 4f 68 56 59 35 4f 6c 67 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: +XWfRJbrV0i6sOhVY5Olgw.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        5192.168.2.246351940.115.3.253443
        TimestampBytes transferredDirectionData
        2024-12-31 14:09:19 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 45 32 76 39 74 30 64 76 46 55 47 61 44 57 44 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 64 61 36 38 65 34 38 62 34 61 38 38 31 63 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 316MS-CV: E2v9t0dvFUGaDWDv.1Context: 23da68e48b4a881c
        2024-12-31 14:09:19 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
        2024-12-31 14:09:19 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 32 76 39 74 30 64 76 46 55 47 61 44 57 44 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 64 61 36 38 65 34 38 62 34 61 38 38 31 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: E2v9t0dvFUGaDWDv.2Context: 23da68e48b4a881c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
        2024-12-31 14:09:19 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 32 76 39 74 30 64 76 46 55 47 61 44 57 44 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 64 61 36 38 65 34 38 62 34 61 38 38 31 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: E2v9t0dvFUGaDWDv.3Context: 23da68e48b4a881c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2024-12-31 14:09:19 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2024-12-31 14:09:19 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4d 66 4d 51 63 73 6d 47 6c 45 43 44 57 36 4c 30 52 70 58 65 58 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: MfMQcsmGlECDW6L0RpXeXg.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        6192.168.2.246352040.115.3.253443
        TimestampBytes transferredDirectionData
        2024-12-31 14:09:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 56 76 6f 75 76 4b 35 79 68 55 32 41 6e 31 7a 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 62 64 64 30 65 38 34 35 61 65 37 32 61 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 316MS-CV: VvouvK5yhU2An1zc.1Context: da2bdd0e845ae72a
        2024-12-31 14:09:28 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
        2024-12-31 14:09:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 76 6f 75 76 4b 35 79 68 55 32 41 6e 31 7a 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 62 64 64 30 65 38 34 35 61 65 37 32 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VvouvK5yhU2An1zc.2Context: da2bdd0e845ae72a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
        2024-12-31 14:09:28 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 76 6f 75 76 4b 35 79 68 55 32 41 6e 31 7a 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 32 62 64 64 30 65 38 34 35 61 65 37 32 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: VvouvK5yhU2An1zc.3Context: da2bdd0e845ae72a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2024-12-31 14:09:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2024-12-31 14:09:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 58 58 62 63 31 69 4b 37 59 30 6d 30 6f 4a 73 32 2b 51 2f 53 42 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: XXbc1iK7Y0m0oJs2+Q/SBw.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        7192.168.2.246352240.115.3.253443
        TimestampBytes transferredDirectionData
        2024-12-31 14:09:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 4d 69 41 33 4f 2f 58 49 68 45 75 2f 50 46 52 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 35 32 33 63 32 30 36 32 66 64 38 63 66 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 316MS-CV: MiA3O/XIhEu/PFR9.1Context: 96e523c2062fd8cf
        2024-12-31 14:09:44 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
        2024-12-31 14:09:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 69 41 33 4f 2f 58 49 68 45 75 2f 50 46 52 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 35 32 33 63 32 30 36 32 66 64 38 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MiA3O/XIhEu/PFR9.2Context: 96e523c2062fd8cf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
        2024-12-31 14:09:44 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 69 41 33 4f 2f 58 49 68 45 75 2f 50 46 52 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 65 35 32 33 63 32 30 36 32 66 64 38 63 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: MiA3O/XIhEu/PFR9.3Context: 96e523c2062fd8cf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2024-12-31 14:09:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2024-12-31 14:09:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 6f 4c 46 2b 31 79 62 53 45 36 75 62 6c 48 4c 6c 6a 41 72 48 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: 8oLF+1ybSE6ublHLljArHA.0Payload parsing failed.


        Session IDSource IPSource PortDestination IPDestination Port
        8192.168.2.246352340.115.3.253443
        TimestampBytes transferredDirectionData
        2024-12-31 14:10:01 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 31 36 0d 0a 4d 53 2d 43 56 3a 20 62 43 63 46 65 74 31 49 6f 30 32 4a 57 78 6a 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 65 36 65 31 65 35 38 64 35 37 64 30 30 35 0d 0a 0d 0a
        Data Ascii: CNT 1 CON 316MS-CV: bCcFet1Io02JWxjm.1Context: d9e6e1e58d57d005
        2024-12-31 14:10:01 UTC260OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 32 32 36 33 31 2e 34 31 36 39 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 30 30 31 38 30 30 31 32 41 38 34 34 37 39 41 41 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e
        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.22631.4169</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>00180012A84479AA</deviceName><followRetry>true</followRetry></agent></con
        2024-12-31 14:10:01 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 43 63 46 65 74 31 49 6f 30 32 4a 57 78 6a 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 65 36 65 31 65 35 38 64 35 37 64 30 30 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 63 4b 74 71 50 53 30 32 58 70 57 57 57 6f 35 4b 39 44 67 76 75 5a 53 55 69 6a 4d 4c 4a 69 4a 48 32 61 7a 2f 72 67 58 4b 4d 64 6c 59 68 33 75 58 63 4e 78 78 42 69 30 2f 6c 38 46 62 38 6b 4a 45 4a 6c 44 51 73 34 63 2b 56 79 68 44 78 65 52 32 68 6b 76 64 50 57 65 32 63 54 49 34 71 49 4d 4e 46 65 79 33 37 34 42 61 52 69 70 36 4d
        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bCcFet1Io02JWxjm.2Context: d9e6e1e58d57d005<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAcKtqPS02XpWWWo5K9DgvuZSUijMLJiJH2az/rgXKMdlYh3uXcNxxBi0/l8Fb8kJEJlDQs4c+VyhDxeR2hkvdPWe2cTI4qIMNFey374BaRip6M
        2024-12-31 14:10:01 UTC224OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 31 30 34 34 34 37 39 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 43 63 46 65 74 31 49 6f 30 32 4a 57 78 6a 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 39 65 36 65 31 65 35 38 64 35 37 64 30 30 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
        Data Ascii: BND 3 CON\WNS 1044479 197MS-CV: bCcFet1Io02JWxjm.3Context: d9e6e1e58d57d005<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
        2024-12-31 14:10:01 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
        Data Ascii: 202 1 CON 58
        2024-12-31 14:10:01 UTC58INData Raw: 4d 53 2d 43 56 3a 20 62 48 50 30 68 41 50 7a 6d 6b 65 61 36 69 4a 4a 35 44 44 6b 55 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
        Data Ascii: MS-CV: bHP0hAPzmkea6iJJ5DDkUw.0Payload parsing failed.


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:09:08:07
        Start date:31/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff72bf20000
        File size:3'001'952 bytes
        MD5 hash:290DF23002E9B52249B5549F0C668A86
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:1
        Start time:09:08:07
        Start date:31/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=2028,i,13538688915386839124,12840978526519683152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2180 /prefetch:11
        Imagebase:0x7ff72bf20000
        File size:3'001'952 bytes
        MD5 hash:290DF23002E9B52249B5549F0C668A86
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false

        General

        Target ID:2
        Start time:09:08:09
        Start date:31/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://usps.com-trackaddn.top/l"
        Imagebase:0x7ff72bf20000
        File size:3'001'952 bytes
        MD5 hash:290DF23002E9B52249B5549F0C668A86
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true

        Disassembly

        No disassembly