Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882

Overview

General Information

Sample URL:https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882
Analysis ID:1500185
Infos:
Errors
  • URL not reachable

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 64 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1972,i,6953073780709153962,2333920208916373190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882Avira URL Cloud: detection malicious, Label: malware
Source: https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49730 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: global trafficDNS traffic detected: DNS query: office.microsoftoniline.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: classification engineClassification label: mal48.win@18/0@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1972,i,6953073780709153962,2333920208916373190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1972,i,6953073780709153962,2333920208916373190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882100%Avira URL Cloudmalware
https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882100%SlashNextCredential Stealing type: Phishing & Social usering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
office.microsoftoniline.com
51.79.237.104
truefalse
    		unknown
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		unknown
      www.google.com
      		172.217.16.132
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          51.79.237.104
          		office.microsoftoniline.comCanada
          		16276OVHFRfalse
          172.217.16.132
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.16
          192.168.2.6

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1500185
          Start date and time:2024-08-28 00:50:32 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 2m 17s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:8
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal48.win@18/0@6/5
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • URL browsing timeout or error

          Errors

          • URL not reachable

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.142, 66.102.1.84, 34.104.35.123, 104.115.89.234, 20.12.23.50, 192.229.221.95, 20.242.39.171, 199.232.210.172, 52.165.164.15, 142.250.184.227
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 28, 2024 00:51:18.134882927 CEST49674443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:18.134884119 CEST49673443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:18.447362900 CEST49672443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:24.265445948 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:24.265501976 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:24.265564919 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:24.267241955 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:24.267256975 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.042718887 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.042798996 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.062863111 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.062905073 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.063117027 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.097105980 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.107917070 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.107942104 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.108381987 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.152509928 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.286123991 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.286494970 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:25.286555052 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.290589094 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.290589094 CEST49710443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:25.290617943 CEST4434971040.115.3.253192.168.2.6
          Aug 28, 2024 00:51:26.542273998 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:26.542320967 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:26.542432070 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:26.546293020 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:26.546308041 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:27.741813898 CEST49674443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:27.741813898 CEST49673443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:27.905286074 CEST49719443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.905323982 CEST4434971951.79.237.104192.168.2.6
          Aug 28, 2024 00:51:27.905381918 CEST49719443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.907375097 CEST49720443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.907382011 CEST4434972051.79.237.104192.168.2.6
          Aug 28, 2024 00:51:27.907438993 CEST49720443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.908046961 CEST49719443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.908057928 CEST4434971951.79.237.104192.168.2.6
          Aug 28, 2024 00:51:27.908566952 CEST49720443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:27.908575058 CEST4434972051.79.237.104192.168.2.6
          Aug 28, 2024 00:51:28.055902958 CEST49672443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:28.076435089 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.076508045 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.088500977 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.088529110 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.088721037 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.098031998 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.098417044 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.098426104 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.098982096 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.144495964 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.273195982 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.273257971 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:28.273313046 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.274167061 CEST49716443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:28.274192095 CEST4434971640.115.3.253192.168.2.6
          Aug 28, 2024 00:51:29.670545101 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:29.670572042 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:29.670631886 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:29.671458006 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:29.671468973 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:29.784775019 CEST44349705173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:29.784858942 CEST49705443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:30.309912920 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:30.316158056 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:30.316168070 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:30.317045927 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:30.317106009 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:30.347413063 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:30.347476959 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:30.398071051 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:30.398080111 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:30.446410894 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:34.526062012 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:34.526110888 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:34.526798010 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:34.526994944 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:34.527009010 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.321382046 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.321484089 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.323641062 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.323652983 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.323904037 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.325685024 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.325836897 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.325836897 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.325841904 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.372497082 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.496514082 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.496592999 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.496685982 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.496939898 CEST49724443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.496961117 CEST4434972440.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.879329920 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.879369020 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:35.879431009 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.880028009 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:35.880038023 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:36.862334967 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:36.862406015 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:36.864706039 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:36.864717007 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:36.864958048 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:36.867338896 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:36.867358923 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:36.867364883 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:36.867492914 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:36.912492037 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:37.039556026 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:37.039637089 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:37.039736032 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:37.039954901 CEST49725443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:37.039972067 CEST4434972540.115.3.253192.168.2.6
          Aug 28, 2024 00:51:40.229991913 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:40.230060101 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:40.230103970 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:41.546431065 CEST49705443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:41.546613932 CEST49705443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:41.547432899 CEST49730443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:41.547473907 CEST44349730173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:41.547584057 CEST49730443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:41.548986912 CEST49730443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:41.549000025 CEST44349730173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:41.551347017 CEST44349705173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:41.551388025 CEST44349705173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:41.833897114 CEST49721443192.168.2.6172.217.16.132
          Aug 28, 2024 00:51:41.833920002 CEST44349721172.217.16.132192.168.2.6
          Aug 28, 2024 00:51:42.166959047 CEST44349730173.222.162.64192.168.2.6
          Aug 28, 2024 00:51:42.167037964 CEST49730443192.168.2.6173.222.162.64
          Aug 28, 2024 00:51:49.036309958 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:49.036351919 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:49.036420107 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:49.037883997 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:49.037895918 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.092180014 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.092282057 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.099849939 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.099864960 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.100150108 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.106012106 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.106012106 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.106030941 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.106631041 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.148504972 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.295838118 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.295928955 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.296415091 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.296448946 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.296459913 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.296461105 CEST49731443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.296468973 CEST4434973140.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.462594032 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.462649107 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:50.462717056 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.463356018 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:50.463368893 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.304425955 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.304506063 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.313003063 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.313033104 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.313270092 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.316528082 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.316706896 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.316714048 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.317059994 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.364495039 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.490423918 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.490554094 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:51.490607023 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.495763063 CEST49732443192.168.2.640.115.3.253
          Aug 28, 2024 00:51:51.495784998 CEST4434973240.115.3.253192.168.2.6
          Aug 28, 2024 00:51:57.908031940 CEST49719443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:57.908198118 CEST4434971951.79.237.104192.168.2.6
          Aug 28, 2024 00:51:57.908267021 CEST49719443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:57.908818007 CEST49720443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:57.908983946 CEST4434972051.79.237.104192.168.2.6
          Aug 28, 2024 00:51:57.909040928 CEST49720443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.015264988 CEST49734443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.015315056 CEST4434973451.79.237.104192.168.2.6
          Aug 28, 2024 00:51:59.015384912 CEST49734443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.016196966 CEST49735443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.016236067 CEST4434973551.79.237.104192.168.2.6
          Aug 28, 2024 00:51:59.016318083 CEST49735443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.031132936 CEST49735443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.031173944 CEST4434973551.79.237.104192.168.2.6
          Aug 28, 2024 00:51:59.031606913 CEST49734443192.168.2.651.79.237.104
          Aug 28, 2024 00:51:59.031627893 CEST4434973451.79.237.104192.168.2.6
          Aug 28, 2024 00:52:01.351907969 CEST44349730173.222.162.64192.168.2.6
          Aug 28, 2024 00:52:01.351969957 CEST49730443192.168.2.6173.222.162.64
          Aug 28, 2024 00:52:05.205049992 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:05.205092907 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:05.205219984 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:05.205874920 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:05.205887079 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.295455933 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.295553923 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.300666094 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.300681114 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.300942898 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.302763939 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.302993059 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.302999020 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.303195953 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.344501972 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.656836987 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.656961918 CEST4434973640.115.3.253192.168.2.6
          Aug 28, 2024 00:52:06.657061100 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.658380985 CEST49736443192.168.2.640.115.3.253
          Aug 28, 2024 00:52:06.658409119 CEST4434973640.115.3.253192.168.2.6

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Aug 28, 2024 00:51:24.886316061 CEST53524381.1.1.1192.168.2.6
          Aug 28, 2024 00:51:25.182470083 CEST53529781.1.1.1192.168.2.6
          Aug 28, 2024 00:51:26.181087017 CEST53584211.1.1.1192.168.2.6
          Aug 28, 2024 00:51:26.845226049 CEST5769553192.168.2.61.1.1.1
          Aug 28, 2024 00:51:26.847008944 CEST6495853192.168.2.61.1.1.1
          Aug 28, 2024 00:51:27.858190060 CEST6113853192.168.2.61.1.1.1
          Aug 28, 2024 00:51:27.858985901 CEST4959953192.168.2.61.1.1.1
          Aug 28, 2024 00:51:27.899739027 CEST53576951.1.1.1192.168.2.6
          Aug 28, 2024 00:51:27.899763107 CEST53649581.1.1.1192.168.2.6
          Aug 28, 2024 00:51:27.918154955 CEST53611381.1.1.1192.168.2.6
          Aug 28, 2024 00:51:27.946882963 CEST53495991.1.1.1192.168.2.6
          Aug 28, 2024 00:51:29.592401981 CEST6274653192.168.2.61.1.1.1
          Aug 28, 2024 00:51:29.593502998 CEST5774953192.168.2.61.1.1.1
          Aug 28, 2024 00:51:29.599235058 CEST53627461.1.1.1192.168.2.6
          Aug 28, 2024 00:51:29.600219965 CEST53577491.1.1.1192.168.2.6
          Aug 28, 2024 00:51:43.161873102 CEST53596361.1.1.1192.168.2.6
          Aug 28, 2024 00:51:56.858016968 CEST53531101.1.1.1192.168.2.6
          Aug 28, 2024 00:52:02.587869883 CEST53584101.1.1.1192.168.2.6

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Aug 28, 2024 00:51:27.918217897 CEST192.168.2.61.1.1.1c203(Port unreachable)Destination Unreachable

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Aug 28, 2024 00:51:26.845226049 CEST192.168.2.61.1.1.10x74ddStandard query (0)office.microsoftoniline.comA (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:26.847008944 CEST192.168.2.61.1.1.10xb595Standard query (0)office.microsoftoniline.com65IN (0x0001)false
          Aug 28, 2024 00:51:27.858190060 CEST192.168.2.61.1.1.10xcbc3Standard query (0)office.microsoftoniline.comA (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:27.858985901 CEST192.168.2.61.1.1.10x1161Standard query (0)office.microsoftoniline.com65IN (0x0001)false
          Aug 28, 2024 00:51:29.592401981 CEST192.168.2.61.1.1.10xf1e2Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:29.593502998 CEST192.168.2.61.1.1.10xb310Standard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Aug 28, 2024 00:51:27.899739027 CEST1.1.1.1192.168.2.60x74ddNo error (0)office.microsoftoniline.com51.79.237.104A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:27.918154955 CEST1.1.1.1192.168.2.60xcbc3No error (0)office.microsoftoniline.com51.79.237.104A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:29.599235058 CEST1.1.1.1192.168.2.60xf1e2No error (0)www.google.com172.217.16.132A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:29.600219965 CEST1.1.1.1192.168.2.60xb310No error (0)www.google.com65IN (0x0001)false
          Aug 28, 2024 00:51:39.249902964 CEST1.1.1.1192.168.2.60x6dceNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Aug 28, 2024 00:51:39.249902964 CEST1.1.1.1192.168.2.60x6dceNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:41.222417116 CEST1.1.1.1192.168.2.60x503eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:41.222417116 CEST1.1.1.1192.168.2.60x503eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:58.708647013 CEST1.1.1.1192.168.2.60x225No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
          Aug 28, 2024 00:51:58.708647013 CEST1.1.1.1192.168.2.60x225No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination Port
          0192.168.2.64970920.7.1.246443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:15 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 48 50 55 68 73 75 56 69 50 55 69 61 75 34 6b 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 65 62 30 64 37 64 64 63 62 65 39 62 34 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: HPUhsuViPUiau4kr.1Context: cffeb0d7ddcbe9b4
          2024-08-27 22:51:15 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:15 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 48 50 55 68 73 75 56 69 50 55 69 61 75 34 6b 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 65 62 30 64 37 64 64 63 62 65 39 62 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: HPUhsuViPUiau4kr.2Context: cffeb0d7ddcbe9b4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:15 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 48 50 55 68 73 75 56 69 50 55 69 61 75 34 6b 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 66 66 65 62 30 64 37 64 64 63 62 65 39 62 34 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: HPUhsuViPUiau4kr.3Context: cffeb0d7ddcbe9b4
          2024-08-27 22:51:15 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:15 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 71 43 4c 4a 6a 2f 58 63 55 53 73 67 59 51 72 35 41 50 6c 74 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: fqCLJj/XcUSsgYQr5APltQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          1192.168.2.64971040.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:25 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 35 74 4d 76 4c 67 2f 39 4b 6b 79 57 65 6c 37 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 34 62 34 66 36 30 31 65 61 34 30 63 63 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 304MS-CV: 5tMvLg/9KkyWel7m.1Context: f84b4f601ea40cc
          2024-08-27 22:51:25 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:25 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 35 74 4d 76 4c 67 2f 39 4b 6b 79 57 65 6c 37 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 34 62 34 66 36 30 31 65 61 34 30 63 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67 49
          Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: 5tMvLg/9KkyWel7m.2Context: f84b4f601ea40cc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWgI
          2024-08-27 22:51:25 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 35 74 4d 76 4c 67 2f 39 4b 6b 79 57 65 6c 37 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 38 34 62 34 66 36 30 31 65 61 34 30 63 63 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 55MS-CV: 5tMvLg/9KkyWel7m.3Context: f84b4f601ea40cc
          2024-08-27 22:51:25 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:25 UTC58INData Raw: 4d 53 2d 43 56 3a 20 78 4d 6d 4f 46 4f 4b 7a 67 30 36 76 65 4c 4b 6a 37 4f 4a 43 58 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: xMmOFOKzg06veLKj7OJCXw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          2192.168.2.64971640.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 72 4b 4f 31 6a 74 6f 38 32 45 6d 44 6a 59 43 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 32 61 61 34 35 32 33 33 65 61 62 31 63 61 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: rKO1jto82EmDjYCO.1Context: d52aa45233eab1ca
          2024-08-27 22:51:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 72 4b 4f 31 6a 74 6f 38 32 45 6d 44 6a 59 43 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 32 61 61 34 35 32 33 33 65 61 62 31 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: rKO1jto82EmDjYCO.2Context: d52aa45233eab1ca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:28 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 72 4b 4f 31 6a 74 6f 38 32 45 6d 44 6a 59 43 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 32 61 61 34 35 32 33 33 65 61 62 31 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: rKO1jto82EmDjYCO.3Context: d52aa45233eab1ca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-08-27 22:51:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 43 6f 55 65 44 49 6e 2f 67 30 2b 2f 74 37 37 4f 73 57 70 76 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: CoUeDIn/g0+/t77OsWpviw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          3192.168.2.64972440.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:35 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 4d 5a 6d 61 6c 76 45 66 30 53 4d 50 33 6a 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 38 61 39 39 32 35 64 38 64 37 31 39 62 64 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: gMZmalvEf0SMP3ju.1Context: 2b8a9925d8d719bd
          2024-08-27 22:51:35 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:35 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 4d 5a 6d 61 6c 76 45 66 30 53 4d 50 33 6a 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 38 61 39 39 32 35 64 38 64 37 31 39 62 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gMZmalvEf0SMP3ju.2Context: 2b8a9925d8d719bd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:35 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 67 4d 5a 6d 61 6c 76 45 66 30 53 4d 50 33 6a 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 38 61 39 39 32 35 64 38 64 37 31 39 62 64 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: gMZmalvEf0SMP3ju.3Context: 2b8a9925d8d719bd
          2024-08-27 22:51:35 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:35 UTC58INData Raw: 4d 53 2d 43 56 3a 20 62 71 79 64 39 35 64 47 37 30 4b 33 32 48 59 65 4a 46 67 4e 64 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: bqyd95dG70K32HYeJFgNdQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          4192.168.2.64972540.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 6a 6d 65 4d 71 4d 2f 4d 55 32 74 78 52 45 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 30 35 61 39 38 63 33 32 65 30 62 37 62 35 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: sjmeMqM/MU2txRE9.1Context: e05a98c32e0b7b53
          2024-08-27 22:51:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:36 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 6a 6d 65 4d 71 4d 2f 4d 55 32 74 78 52 45 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 30 35 61 39 38 63 33 32 65 30 62 37 62 35 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: sjmeMqM/MU2txRE9.2Context: e05a98c32e0b7b53<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 6a 6d 65 4d 71 4d 2f 4d 55 32 74 78 52 45 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 30 35 61 39 38 63 33 32 65 30 62 37 62 35 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: sjmeMqM/MU2txRE9.3Context: e05a98c32e0b7b53<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-08-27 22:51:37 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:37 UTC58INData Raw: 4d 53 2d 43 56 3a 20 55 44 37 67 75 62 48 71 74 45 75 6c 48 2b 75 4e 68 35 52 6b 6c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: UD7gubHqtEulH+uNh5RklQ.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          5192.168.2.64973140.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:50 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 44 68 34 4a 4a 55 4e 30 6b 53 35 6d 4b 32 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 34 32 33 34 39 37 32 65 61 62 61 30 31 33 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: 4Dh4JJUN0kS5mK2J.1Context: eb4234972eaba013
          2024-08-27 22:51:50 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:50 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 44 68 34 4a 4a 55 4e 30 6b 53 35 6d 4b 32 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 34 32 33 34 39 37 32 65 61 62 61 30 31 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4Dh4JJUN0kS5mK2J.2Context: eb4234972eaba013<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:50 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 34 44 68 34 4a 4a 55 4e 30 6b 53 35 6d 4b 32 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 62 34 32 33 34 39 37 32 65 61 62 61 30 31 33 0d 0a 0d 0a
          Data Ascii: BND 3 CON\QOS 56MS-CV: 4Dh4JJUN0kS5mK2J.3Context: eb4234972eaba013
          2024-08-27 22:51:50 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:50 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 74 5a 4c 77 71 70 6a 65 45 71 38 72 5a 73 6a 51 4b 7a 37 6d 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: GtZLwqpjeEq8rZsjQKz7mw.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          6192.168.2.64973240.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:51:51 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 41 32 37 39 34 2f 75 4d 55 65 45 75 52 30 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 66 66 63 62 31 38 32 39 61 31 34 32 30 38 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: AA2794/uMUeEuR0S.1Context: 31ffcb1829a14208
          2024-08-27 22:51:51 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:51:51 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 41 41 32 37 39 34 2f 75 4d 55 65 45 75 52 30 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 66 66 63 62 31 38 32 39 61 31 34 32 30 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: AA2794/uMUeEuR0S.2Context: 31ffcb1829a14208<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:51:51 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 41 32 37 39 34 2f 75 4d 55 65 45 75 52 30 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 66 66 63 62 31 38 32 39 61 31 34 32 30 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: AA2794/uMUeEuR0S.3Context: 31ffcb1829a14208<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-08-27 22:51:51 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:51:51 UTC58INData Raw: 4d 53 2d 43 56 3a 20 35 44 2f 30 63 72 56 62 54 30 43 62 53 38 50 48 36 5a 43 72 68 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: 5D/0crVbT0CbS8PH6ZCrhA.0Payload parsing failed.


          Session IDSource IPSource PortDestination IPDestination Port
          7192.168.2.64973640.115.3.253443
          TimestampBytes transferredDirectionData
          2024-08-27 22:52:06 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 47 50 75 6b 72 6b 57 7a 30 79 39 6a 41 76 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 34 36 62 62 37 39 35 62 31 62 66 32 39 0d 0a 0d 0a
          Data Ascii: CNT 1 CON 305MS-CV: aGPukrkWz0y9jAvE.1Context: 5c546bb795b1bf29
          2024-08-27 22:52:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
          Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
          2024-08-27 22:52:06 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 61 47 50 75 6b 72 6b 57 7a 30 79 39 6a 41 76 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 34 36 62 62 37 39 35 62 31 62 66 32 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 78 61 33 32 45 75 66 6c 70 58 32 61 71 43 49 2f 57 55 42 65 31 59 6d 6f 6d 67 74 49 7a 51 6d 69 74 4e 79 69 44 41 70 34 56 39 66 65 6a 6d 2f 30 59 62 4a 6f 31 71 49 4f 6d 70 70 30 69 4d 52 4c 32 65 4b 57 6a 31 79 52 37 30 65 67 6a 52 44 79 59 68 4c 77 4a 37 75 78 64 44 34 6c 39 55 68 2f 54 37 67 65 77 33 49 43 4c 63 57 67
          Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: aGPukrkWz0y9jAvE.2Context: 5c546bb795b1bf29<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARxa32EuflpX2aqCI/WUBe1YmomgtIzQmitNyiDAp4V9fejm/0YbJo1qIOmpp0iMRL2eKWj1yR70egjRDyYhLwJ7uxdD4l9Uh/T7gew3ICLcWg
          2024-08-27 22:52:06 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 61 47 50 75 6b 72 6b 57 7a 30 79 39 6a 41 76 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 34 36 62 62 37 39 35 62 31 62 66 32 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
          Data Ascii: BND 3 CON\WNS 0 197MS-CV: aGPukrkWz0y9jAvE.3Context: 5c546bb795b1bf29<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
          2024-08-27 22:52:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
          Data Ascii: 202 1 CON 58
          2024-08-27 22:52:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 69 31 6e 57 39 2f 41 5a 7a 55 71 69 37 50 73 72 71 6c 5a 36 74 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
          Data Ascii: MS-CV: i1nW9/AZzUqi7PsrqlZ6tQ.0Payload parsing failed.


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:18:51:19
          Start date:27/08/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:18:51:23
          Start date:27/08/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1972,i,6953073780709153962,2333920208916373190,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:18:51:25
          Start date:27/08/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://office.microsoftoniline.com/common/oauth2/v2.0/authorize/?clinet_id=2e5d6a57-eb8c-44bf3-8bd3-fc61824af882"
          Imagebase:0x7ff684c40000
          File size:3'242'272 bytes
          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          No disassembly