Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9v

Overview

General Information

Sample URL:https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsM
Analysis ID:1523243
Infos:

Detection

Anonymous Proxy
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Anonymous Proxy detection
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4352 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2028,i,15626684673136995110,272168911264175477,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 2968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_117JoeSecurity_AnonymousProxyYara detected Anonymous Proxy detectionJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    1.0.pages.csvJoeSecurity_AnonymousProxyYara detected Anonymous Proxy detectionJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected Anonymous Proxy detection
      Source: Yara matchFile source: 1.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_117, type: DROPPED
      Source: https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15QHTTP Parser: No favicon
      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50451 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.5:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50446 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50447 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50448 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50452 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50454 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50453 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50455 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50457 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50461 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50462 version: TLS 1.2
      Source: global trafficTCP traffic: 192.168.2.5:50444 -> 1.1.1.1:53
      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:50451 version: TLS 1.0
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
      Source: global trafficHTTP traffic detected: GET /l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA HTTP/1.1Host: l.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q HTTP/1.1Host: glossydollyknock.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l.facebook.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: glossydollyknock.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15QAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=22483156
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: glossydollyknock.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: u_pl=22483156
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficDNS traffic detected: DNS query: l.facebook.com
      Source: global trafficDNS traffic detected: DNS query: glossydollyknock.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50457
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50452
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50451
      Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50447 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50454
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50453
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50455
      Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50461
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50460
      Source: unknownNetwork traffic detected: HTTP traffic on port 50448 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50461 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50462
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50455 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50451 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50454 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50447
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50446
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50446 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50448
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50457 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50453 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50460 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.5:49722 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:50446 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50447 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50448 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50452 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50454 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50453 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50455 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50457 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50461 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:50462 version: TLS 1.2
      Source: classification engineClassification label: mal48.phis.win@23/8@8/5
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2028,i,15626684673136995110,272168911264175477,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2028,i,15626684673136995110,272168911264175477,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA0%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      glossydollyknock.com
      		172.240.108.84
      		truefalse
        		unknown
        z-m.c10r.facebook.com
        		157.240.0.37
        		truefalse
          		unknown
          www.google.com
          		216.58.206.36
          		truefalse
            		unknown
            l.facebook.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Qfalse
                		unknown
                https://glossydollyknock.com/favicon.icofalse
                  		unknown
                  https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvAfalse
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    172.240.108.84
                    		glossydollyknock.comUnited States
                    		7979SERVERS-COMUSfalse
                    157.240.0.37
                    		z-m.c10r.facebook.comUnited States
                    		32934FACEBOOKUSfalse
                    216.58.206.36
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.5

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1523243
                    Start date and time:2024-10-01 10:49:19 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 17s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:7
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal48.phis.win@23/8@8/5
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 192.229.221.95, 216.58.212.131, 172.217.18.14, 74.125.133.84, 88.221.110.91, 34.104.35.123, 4.175.87.197, 52.165.164.15, 20.114.59.183, 40.69.42.241, 199.232.210.172, 216.58.206.67
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtSetInformationFile calls found.

                    Simulations

                    Behavior and APIs

                    No simulations

                    LLM Input / Output

                    InputOutput
                    URL: https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q Model: jbxai
                    {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 07:50:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.975981093704228
                    Encrypted:false
                    SSDEEP:48:87d5Th5lHCidAKZdA19ehwiZUklqehhy+3:8nbSiy
                    MD5:F4EFFBBF216F6D951857922B6F84A662
                    SHA1:58C591797A4C9D31EDC63AE6339EF3752DD87C63
                    SHA-256:17A35FD101A3B3448BB2475A461650BC47057486760CEC0A91D1D28AD06AFE69
                    SHA-512:43A6C5E28E955E63683082768D47C866E1C1471C19BA3689DC42323D1B177132955B1B55316E78F0E87D4659116640D82F8511F22000AF245048DB0E8AEBF1BC
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,.....G......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYLF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 07:50:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.9897123849070004
                    Encrypted:false
                    SSDEEP:48:8ed5Th5lHCidAKZdA1weh/iZUkAQkqehSy+2:8cbI9Q/y
                    MD5:258FD4787248AA2EB1C471C58F99A617
                    SHA1:42A19771DDCA246C42B4E548249052E29344F19C
                    SHA-256:4DC2CB8B32144730527C4831050B484FEF32B47CA01561AA1115832AB7C155C8
                    SHA-512:9D0ED233F9E3194388A1DC51F7B3F7170536F0BB9678991B82DDD84B294E8581A12D2084A25BC60F075F13FD95697C1DB0D3FA25F700C1056E8002A30927CCD1
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....Y.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYLF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2693
                    Entropy (8bit):4.0032788066113785
                    Encrypted:false
                    SSDEEP:48:8x6d5Th5sHCidAKZdA14tseh7sFiZUkmgqeh7sgy+BX:8xwb/nmy
                    MD5:D919EBA73DAABFCEAB43078EA2C97988
                    SHA1:2F4B909325B43A08B158C5E8368F7AC40DD8F5C6
                    SHA-256:20F39E66BE79DF7E4C790811113A39365FC23429B56E574F752EB492EFC4517C
                    SHA-512:E36B250C8B5666EEEFA4A6867FB20E362AB31457E66911BEF2FA6B675220C7DBD9B207ACA222142DB7780CA5C6764B6F4FC474CB476219284BA01812F4622650
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 07:50:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.9898494369760744
                    Encrypted:false
                    SSDEEP:48:8Xd5Th5lHCidAKZdA1vehDiZUkwqehuy+R:8LbToy
                    MD5:1882689D00490A7CFCC4E9FB566905D7
                    SHA1:91933A6CE00A9D187164FD6303E91E5432A0368C
                    SHA-256:480F88FFC09467AD30195020C01FE45E129BB8C77AB2AA1D0A9E39D7B2FDC6E8
                    SHA-512:6AD55FFD367FAE35311A153C6D4CF3BBCA1EA2173F7CD2DC9659B9DDBCDAB37415286BF487C73880EFA18ACFD0CFF12445D90C6653CB48D26DD24F7862D8494B
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYLF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 07:50:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2681
                    Entropy (8bit):3.979301311106678
                    Encrypted:false
                    SSDEEP:48:8ad5Th5lHCidAKZdA1hehBiZUk1W1qehEy+C:8QbD9ky
                    MD5:ADEA090BCF7099AB81CB5A765B9F95BB
                    SHA1:91B0E9F2D33D6F4D69F3EC371230E24C536B8E7D
                    SHA-256:50303162A2DD1B7FAD0A31AC41AD55DD6097D264586ECC590EAA4429740B8A98
                    SHA-512:4CD29D22656035761A02116D9C5DECC0C52058DCE968607511602024C231FAF669B01EC33C81C0A69FCEAD45222C2F605233475EFA64C4A89F0323F36B7EA5D8
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYLF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 07:50:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2683
                    Entropy (8bit):3.9884365836354316
                    Encrypted:false
                    SSDEEP:48:8Bd5Th5lHCidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbmy+yT+:8VbzT/TbxWOvTbmy7T
                    MD5:E12C6DAFC16776F058C9E434A1986EF4
                    SHA1:7B685D8EB70E815AB42EA2CB4E33238E66BFCC0D
                    SHA-256:FC7383BA339C3DFE239F768AF254060CD52F02F7ED05B62E965254FEFB9F3759
                    SHA-512:A4E8B748DD7C740EB0D990CEFACA13907695F1947766E38C14D01311B9A8B8B07CAC7D2CDE8941FCCA4AB6F6BF44FC081F5012544A5F9C5B842417AC2CC4DA95
                    Malicious:false
                    Reputation:low
                    Preview:L..................F.@.. ...$+.,....J......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IAYJF....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYJF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYJF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYJF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYLF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    Chrome Cache Entry: 117

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):118
                    Entropy (8bit):4.7818237798351575
                    Encrypted:false
                    SSDEEP:3:PouVWJhquHbs0sJYkAK3BbZ6iFRDTiHj:h4hqIY0gYk/B96oTiD
                    MD5:B0F623103CD51D764412D46F8A7E0816
                    SHA1:3C88223ADEF88D7CB3EF5536B4B398EF54F31781
                    SHA-256:FE40B26BCB3F34BA8F180D33623BB3B109597BA9B3F5596BA1BC6B665B8DCB67
                    SHA-512:1C052EE3706787FC215FF4808784BDE23EBA8DD4028FE6CF3BA7C0D30D2869A2A0BD5231523BB4F3435B3653A481858E861CF855E908D468E4A1C10FCA95D2EB
                    Malicious:false
                    Reputation:low
                    URL:https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q
                    Preview:<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></head><body><p>Anonymous Proxy detected.</p></body></html>

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 1, 2024 10:50:14.970809937 CEST49674443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:14.970937967 CEST49675443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:15.064506054 CEST49673443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:16.744060993 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744107962 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744143963 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744179010 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744208097 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.744211912 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744246960 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744256020 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.744285107 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744335890 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.744757891 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744791985 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744818926 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.744826078 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744860888 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744875908 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.744898081 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.744982004 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.745613098 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.745647907 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.745682955 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.745744944 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.749161959 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.749195099 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.749239922 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.749263048 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.749537945 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.749622107 CEST49711443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.754323006 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.754375935 CEST4434971140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.816966057 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.817008018 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:16.817064047 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.817711115 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:16.817727089 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:17.608458042 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:17.608521938 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:19.780486107 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:19.780519962 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:19.780901909 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:19.787609100 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:19.787674904 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:19.787704945 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181598902 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181622028 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181663990 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181691885 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.181727886 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181740999 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.181744099 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.181788921 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.299525023 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.299550056 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.299559116 CEST49712443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.299566984 CEST4434971240.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.560547113 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.560575008 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:21.560667038 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.576673985 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:21.576684952 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.365566015 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.366132975 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.366167068 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.369683027 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.369688988 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.369987011 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.369997978 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.852899075 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.852930069 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.852977037 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.852981091 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.852996111 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.853040934 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.853339911 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.853343964 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.853373051 CEST49714443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.853420019 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.853467941 CEST4434971440.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.875648022 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.875691891 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.875971079 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.876111984 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:22.876128912 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:22.883531094 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:22.883627892 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:22.883696079 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:22.883930922 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:22.883966923 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:23.244167089 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.244204044 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.244265079 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.244611025 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.244700909 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.244931936 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.244946003 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.244967937 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.245167971 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.245198965 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.674638033 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:23.674717903 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:23.679847002 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.680262089 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.680279016 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.681977034 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.681991100 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.682039976 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.682049990 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.682785988 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:23.682837963 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:23.683154106 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:23.683545113 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:23.683602095 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:23.683635950 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:23.888159990 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.889013052 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.889040947 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.890713930 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.890783072 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.897936106 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.902065039 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.902148008 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.902425051 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.902439117 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.902932882 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.902952909 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.904021025 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.904092073 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.904405117 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.904473066 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.944291115 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.945739985 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:23.945760012 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:23.985771894 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.985882998 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.985969067 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.986270905 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:23.986305952 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:23.990322113 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:24.082596064 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.082621098 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.082709074 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.082755089 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.082817078 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.082942963 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.082995892 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.083026886 CEST49722443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.083040953 CEST4434972220.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.110160112 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.110204935 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.110285044 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.110424042 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.110435963 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.155647039 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.155673027 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.155704021 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.155755043 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.155772924 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:24.155800104 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:24.156060934 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:24.156090021 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.156100988 CEST49721443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:24.156107903 CEST4434972140.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.181406975 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:24.181443930 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:24.181515932 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:24.182060957 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:24.182074070 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:24.368011951 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368202925 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368257999 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:24.368277073 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368422985 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368474007 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:24.368482113 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368732929 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.368786097 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:24.370592117 CEST49723443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:50:24.370601892 CEST44349723157.240.0.37192.168.2.5
                    Oct 1, 2024 10:50:24.544128895 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.544188023 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:24.544256926 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.545556068 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.545609951 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:24.545667887 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.555107117 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.555130959 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:24.555802107 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:24.555819988 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:24.579644918 CEST49674443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:24.579705954 CEST49675443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:24.673376083 CEST49673443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:24.760931015 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:24.805600882 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:24.909533978 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:24.964010000 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:24.986728907 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:24.986818075 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.126071930 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.153371096 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.166711092 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.171181917 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.171199083 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.171461105 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.171472073 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.171819925 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.171842098 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.172141075 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.172339916 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.172399998 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.172734976 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.172792912 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.206137896 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.206264019 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.207746983 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.207879066 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.208703995 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.208724022 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.211642027 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.211821079 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.211827993 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.212573051 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.251486063 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.251499891 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.251538992 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.255400896 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.262536049 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.262593985 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.264192104 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.264204979 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.264462948 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.264488935 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.269165039 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.269188881 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.270620108 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.270623922 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.270710945 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.270718098 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.303792953 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.319474936 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.319540977 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.319618940 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.389921904 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.390038013 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.390125990 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.390290976 CEST49728443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.390302896 CEST4434972840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.448493004 CEST49731443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.448532104 CEST44349731172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.562066078 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.607408047 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.718322039 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.718493938 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.718748093 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.742669106 CEST49730443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:25.742683887 CEST44349730172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:25.743071079 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743099928 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743108034 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743140936 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743174076 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.743196964 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743212938 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.743418932 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.743462086 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.766309977 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.766335011 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.766351938 CEST49726443192.168.2.540.126.32.136
                    Oct 1, 2024 10:50:25.766359091 CEST4434972640.126.32.136192.168.2.5
                    Oct 1, 2024 10:50:25.811043024 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.811078072 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.811233997 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.811878920 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:25.811903000 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:25.898534060 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898556948 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898562908 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898576975 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898582935 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898653030 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.898650885 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.898735046 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.899000883 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.899055004 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.899091005 CEST49727443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.899106026 CEST4434972720.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.922436953 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.922470093 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:25.922544003 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.922718048 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:25.922733068 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.271302938 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.271351099 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.271455050 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.271975994 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.271991968 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.303967953 CEST4434970823.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:26.304050922 CEST49708443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:26.342977047 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.343012094 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.343117952 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.343622923 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.343638897 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.708429098 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:26.708462000 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:26.708570004 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:26.712271929 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:26.712291002 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:26.811234951 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.816625118 CEST53504441.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.816688061 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.817081928 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.822839022 CEST53504441.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.866607904 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:26.866664886 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:26.869081020 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:26.869092941 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:26.869318962 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:26.872070074 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.874175072 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:26.874193907 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.875065088 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:26.875070095 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.875135899 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:26.875147104 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.875164032 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:26.875170946 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:26.875205040 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:26.875432968 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:26.875438929 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:26.875648975 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:26.906409979 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.913566113 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.914439917 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.914458990 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.915095091 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.915118933 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.915555000 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.915644884 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.916141033 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.916179895 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.916208029 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.916229963 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.917207003 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.917217016 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:26.917637110 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.917706966 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:26.923391104 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:26.970626116 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:26.970626116 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:26.970639944 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:27.015881062 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:27.015950918 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:27.016056061 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:27.017493963 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:27.042740107 CEST49735443192.168.2.5172.240.108.84
                    Oct 1, 2024 10:50:27.042757988 CEST44349735172.240.108.84192.168.2.5
                    Oct 1, 2024 10:50:27.046114922 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:27.046511889 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:27.046587944 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:27.047343969 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:27.047357082 CEST4434973240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:27.047368050 CEST49732443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:27.272876978 CEST53504441.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:27.277363062 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.277420998 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.277476072 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.277497053 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:27.277507067 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.277540922 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:27.277625084 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.277755022 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:27.284626961 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:27.284646034 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.284656048 CEST49733443192.168.2.520.190.160.22
                    Oct 1, 2024 10:50:27.284662008 CEST4434973320.190.160.22192.168.2.5
                    Oct 1, 2024 10:50:27.314373970 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:27.339016914 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:27.345307112 CEST53504441.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:27.345372915 CEST5044453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:27.350625992 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.350722075 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.539494991 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.539525986 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.539783955 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.595623016 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.637993097 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.679404020 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.822911978 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.822994947 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.823111057 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.823141098 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.823153973 CEST49736443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.823159933 CEST44349736184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.850663900 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.850687027 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:27.850740910 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.851022005 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:27.851035118 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.514467001 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.514549017 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:28.537224054 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:28.537241936 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.537532091 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.540152073 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:28.587402105 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.797652960 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.797725916 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:28.797770977 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:28.805963039 CEST50446443192.168.2.5184.28.90.27
                    Oct 1, 2024 10:50:28.805979013 CEST44350446184.28.90.27192.168.2.5
                    Oct 1, 2024 10:50:30.556701899 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:30.556754112 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:30.556829929 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:30.557398081 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:30.557410955 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.531250954 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.531342030 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.533035994 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.533044100 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.533354044 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.535355091 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.535512924 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.535512924 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.535521984 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.579397917 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.706758022 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.706847906 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:31.707145929 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.708050966 CEST50447443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:31.708069086 CEST4435044740.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:34.323163986 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:34.323209047 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:34.323283911 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:34.324836969 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:34.324850082 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.101375103 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.101437092 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.105781078 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.105789900 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.106040955 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.109241962 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.122824907 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.122831106 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.123258114 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.167397976 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.297529936 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.297615051 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:35.299751997 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.304982901 CEST50448443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:35.304996967 CEST4435044840.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:36.667237043 CEST49708443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:36.667356014 CEST49708443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:36.669029951 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:36.669070959 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:36.669148922 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:36.670241117 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:36.670255899 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:36.672055006 CEST4434970823.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:36.672125101 CEST4434970823.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:36.818536043 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:36.818695068 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:36.818742037 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:37.270608902 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.270942926 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.301992893 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.302011013 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.303155899 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.304981947 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.305623055 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.305675983 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.308805943 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.308814049 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.577451944 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.577545881 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.577557087 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.577621937 CEST4435045123.1.237.91192.168.2.5
                    Oct 1, 2024 10:50:37.577665091 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.577716112 CEST50451443192.168.2.523.1.237.91
                    Oct 1, 2024 10:50:37.834456921 CEST49734443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:50:37.834485054 CEST44349734216.58.206.36192.168.2.5
                    Oct 1, 2024 10:50:39.951777935 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:39.951836109 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:39.952066898 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:39.952896118 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:39.952917099 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.729197025 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.729619980 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.730907917 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.730921030 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.731147051 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.732889891 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.733036995 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.733043909 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.733108044 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.779402971 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.907206059 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.907443047 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.907587051 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.907588005 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:40.907618999 CEST4435045240.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:40.907628059 CEST50452443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.602786064 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.602833033 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:52.606962919 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.607264042 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.607271910 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:52.607393980 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.607789040 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.607789040 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:52.607806921 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:52.607822895 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.424068928 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.424148083 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.428128004 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.428138971 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.428934097 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.432395935 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.432714939 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.432722092 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.432904005 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.475414038 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.498652935 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.498722076 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.502361059 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.502367020 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.502624989 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.505254030 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.505321980 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.505327940 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.506371975 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.551393032 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.611871958 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.612057924 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.612118006 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.612750053 CEST50454443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.612766981 CEST4435045440.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.681068897 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.681536913 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.681586027 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.682152033 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:50:53.682158947 CEST4435045340.113.110.67192.168.2.5
                    Oct 1, 2024 10:50:53.682169914 CEST50453443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:08.955697060 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:51:08.955764055 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:51:12.432862043 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:12.432904959 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:12.433125019 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:12.433660030 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:12.433674097 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.207557917 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.207772970 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.209213018 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.209222078 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.209450006 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.211162090 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.211337090 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.211342096 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.211401939 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.255445004 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.389308929 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.389718056 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.389785051 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.389785051 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:13.389806986 CEST4435045540.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:13.389914989 CEST50455443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:17.670438051 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:17.670485020 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:17.670547962 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:17.672106981 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:17.672116995 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.446417093 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.446579933 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.450831890 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.450839043 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.451061964 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.457931042 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.457931042 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.457947016 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.458416939 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.499438047 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.627156019 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.627244949 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:18.627422094 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.627541065 CEST50457443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:18.627556086 CEST4435045740.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:25.835167885 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:51:25.835326910 CEST44349724157.240.0.37192.168.2.5
                    Oct 1, 2024 10:51:25.835438967 CEST49724443192.168.2.5157.240.0.37
                    Oct 1, 2024 10:51:26.650886059 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:26.650922060 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:26.654987097 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:26.655476093 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:26.655493021 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:27.294038057 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:27.294471025 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:27.294493914 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:27.294953108 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:27.346455097 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:27.369569063 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:27.369817972 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:27.408951044 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:37.202383995 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:37.202528000 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:37.202666044 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:37.831693888 CEST50460443192.168.2.5216.58.206.36
                    Oct 1, 2024 10:51:37.831723928 CEST44350460216.58.206.36192.168.2.5
                    Oct 1, 2024 10:51:38.586798906 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:38.586908102 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:38.587019920 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:38.587629080 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:38.587666988 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.377566099 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.377660990 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.386595964 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.386635065 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.387411118 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.391621113 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.391990900 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.392005920 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.392596960 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.439397097 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.567500114 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.567714930 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:39.567787886 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.567926884 CEST50461443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:39.567962885 CEST4435046140.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:44.318638086 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:44.318749905 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:44.318836927 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:44.319447041 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:44.319485903 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.120070934 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.120323896 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.121627092 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.121651888 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.122494936 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.123553991 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.123693943 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.123693943 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.123709917 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.171405077 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.297676086 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.297889948 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.298055887 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.298055887 CEST50462443192.168.2.540.113.110.67
                    Oct 1, 2024 10:51:45.298116922 CEST4435046240.113.110.67192.168.2.5
                    Oct 1, 2024 10:51:45.298156977 CEST50462443192.168.2.540.113.110.67

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 1, 2024 10:50:21.759221077 CEST53539211.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:21.782390118 CEST53608781.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:22.772139072 CEST53522121.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:23.233705044 CEST6473553192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:23.233875036 CEST5763553192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:23.241683960 CEST53647351.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:23.243551016 CEST53576351.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:24.452975035 CEST6289953192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:24.453315973 CEST6170153192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:24.510890961 CEST53617011.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:24.526730061 CEST53628991.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.261522055 CEST6308753192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.262475967 CEST5951253192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.264852047 CEST5645753192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.265300989 CEST6215453192.168.2.51.1.1.1
                    Oct 1, 2024 10:50:26.268704891 CEST53630871.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.269275904 CEST53595121.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.311106920 CEST53621541.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.341866970 CEST53564571.1.1.1192.168.2.5
                    Oct 1, 2024 10:50:26.809663057 CEST53520111.1.1.1192.168.2.5
                    Oct 1, 2024 10:51:21.641828060 CEST53640591.1.1.1192.168.2.5

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 1, 2024 10:50:23.233705044 CEST192.168.2.51.1.1.10x5676Standard query (0)l.facebook.comA (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:23.233875036 CEST192.168.2.51.1.1.10x2c07Standard query (0)l.facebook.com65IN (0x0001)false
                    Oct 1, 2024 10:50:24.452975035 CEST192.168.2.51.1.1.10x2f3dStandard query (0)glossydollyknock.comA (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.453315973 CEST192.168.2.51.1.1.10x5264Standard query (0)glossydollyknock.com65IN (0x0001)false
                    Oct 1, 2024 10:50:26.261522055 CEST192.168.2.51.1.1.10x2f72Standard query (0)www.google.comA (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.262475967 CEST192.168.2.51.1.1.10x8149Standard query (0)www.google.com65IN (0x0001)false
                    Oct 1, 2024 10:50:26.264852047 CEST192.168.2.51.1.1.10xd10dStandard query (0)glossydollyknock.comA (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.265300989 CEST192.168.2.51.1.1.10x80a6Standard query (0)glossydollyknock.com65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 1, 2024 10:50:23.241683960 CEST1.1.1.1192.168.2.50x5676No error (0)l.facebook.comz-m.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                    Oct 1, 2024 10:50:23.241683960 CEST1.1.1.1192.168.2.50x5676No error (0)z-m.c10r.facebook.com157.240.0.37A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:23.243551016 CEST1.1.1.1192.168.2.50x2c07No error (0)l.facebook.comz-m.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com172.240.108.84A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com172.240.253.132A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com192.243.59.13A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com172.240.108.68A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com172.240.127.234A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com192.243.59.20A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com192.243.61.225A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com172.240.108.76A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com192.243.61.227A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:24.526730061 CEST1.1.1.1192.168.2.50x2f3dNo error (0)glossydollyknock.com192.243.59.12A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.268704891 CEST1.1.1.1192.168.2.50x2f72No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.269275904 CEST1.1.1.1192.168.2.50x8149No error (0)www.google.com65IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com172.240.108.84A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com172.240.253.132A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com192.243.59.13A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com172.240.108.68A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com172.240.127.234A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com192.243.59.20A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com192.243.61.225A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com172.240.108.76A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com192.243.61.227A (IP address)IN (0x0001)false
                    Oct 1, 2024 10:50:26.341866970 CEST1.1.1.1192.168.2.50xd10dNo error (0)glossydollyknock.com192.243.59.12A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • login.live.com
                    • l.facebook.com
                    • https:
                      • glossydollyknock.com
                      • www.bing.com
                    • fs.microsoft.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination Port
                    0192.168.2.54971240.126.32.136443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 3592
                    Host: login.live.com
                    2024-10-01 08:50:19 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:21 UTC653INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:20 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30374.3
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_SN1
                    x-ms-request-id: 63003be1-80fe-455a-8721-6e50b3b09fd1
                    PPServer: PPV: 30 H: SN1PEPF0003FB2D V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:19 GMT
                    Connection: close
                    Content-Length: 11389
                    2024-10-01 08:50:21 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination Port
                    1192.168.2.54971440.126.32.136443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:22 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 3592
                    Host: login.live.com
                    2024-10-01 08:50:22 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:22 UTC653INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:22 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30374.3
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_SN1
                    x-ms-request-id: 28943f3a-fb01-4892-8acc-0b2eb066b330
                    PPServer: PPV: 30 H: SN1PEPF0002F15E V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:22 GMT
                    Connection: close
                    Content-Length: 11389
                    2024-10-01 08:50:22 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination Port
                    2192.168.2.54972140.126.32.136443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 4694
                    Host: login.live.com
                    2024-10-01 08:50:23 UTC4694OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:24 UTC656INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:23 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    FdrTelemetry: &481=21&59=5&213=280810&215=0&315=1&215=0&315=1&214=30&288=16.0.30374.3
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_SN1
                    x-ms-request-id: e21fc76a-d7db-4e23-b8f6-d7ca009b36ff
                    PPServer: PPV: 30 H: SN1PEPF0002F15B V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:23 GMT
                    Connection: close
                    Content-Length: 10901
                    2024-10-01 08:50:24 UTC10901INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination Port
                    3192.168.2.54972220.190.160.22443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:23 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 4775
                    Host: login.live.com
                    2024-10-01 08:50:23 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:24 UTC568INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:23 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C555_BAY
                    x-ms-request-id: 5455265e-42f8-432b-af62-5b15dfabe392
                    PPServer: PPV: 30 H: PH1PEPF00011F5E V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:23 GMT
                    Connection: close
                    Content-Length: 1918
                    2024-10-01 08:50:24 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.549723157.240.0.374436572C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:23 UTC1285OUTGET /l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA HTTP/1.1
                    Host: l.facebook.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-User: ?1
                    Sec-Fetch-Dest: document
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-10-01 08:50:24 UTC989INHTTP/1.1 200 OK
                    Vary: Accept-Encoding
                    refresh: 1;URL=https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q
                    referrer-policy: origin
                    x-robots-tag: noindex, nofollow
                    reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                    report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                    2024-10-01 08:50:24 UTC1859INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 2a 2e 66 62 73 62 78 2e 63 6f 6d 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 63 72 69 70 74 2d 73 72 63 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 62 63 64 6e 2e 6e 65 74 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 31 32 37 2e 30 2e 30 2e 31 3a 2a 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 62 6c 6f 62 3a 20 64 61 74 61 3a 20 27 73 65 6c 66 27 20 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27
                    Data Ascii: content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net '
                    2024-10-01 08:50:24 UTC1670INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68 74 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72
                    Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewpor
                    2024-10-01 08:50:24 UTC5INData Raw: 31 38 39 0d 0a
                    Data Ascii: 189
                    2024-10-01 08:50:24 UTC400INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6e 6f 6e 63 65 3d 22 58 50 6a 69 7a 79 45 42 22 3e 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 73 3a 5c 2f 5c 2f 67 6c 6f 73 73 79 64 6f 6c 6c 79 6b 6e 6f 63 6b 2e 63 6f 6d 5c 2f 77 34 6e 33 68 6b 61 32 70 36 3f 6b 65 79 3d 34 61 64 66 37 66 36 30 39 34 38 66 63 39 37 66 32 30 65 62 37 31 61 33 37 66 34 38 38 62 36 38 26 66 62 63 6c 69 64 3d 49 77 59
                    Data Ascii: <html><head><meta charset="utf-8" /><meta name="referrer" content="origin" /></head><body><script type="text/javascript" nonce="XPjizyEB">document.location.replace("https:\/\/glossydollyknock.com\/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.549731172.240.108.844436572C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:25 UTC853OUTGET /w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q HTTP/1.1
                    Host: glossydollyknock.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    sec-ch-ua-platform: "Windows"
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Sec-Fetch-Site: cross-site
                    Sec-Fetch-Mode: navigate
                    Sec-Fetch-Dest: document
                    Referer: https://l.facebook.com/
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    2024-10-01 08:50:25 UTC825INHTTP/1.1 200 OK
                    Server: nginx/1.21.6
                    Date: Tue, 01 Oct 2024 08:50:25 GMT
                    Content-Type: text/html
                    Content-Length: 118
                    Connection: close
                    P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
                    Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
                    Set-Cookie: u_pl=22483156; expires=Wed, 02 Oct 2024 08:50:25 GMT; path=/
                    Host: glossydollyknock.com
                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                    Cache-Control: no-cache
                    X-Request-ID: bf4d006c58d26c84a625c502b66a802a
                    Cache-Control: max-age=0, private, no-cache
                    Pragma: no-cache
                    Strict-Transport-Security: max-age=0; includeSubdomains
                    2024-10-01 08:50:25 UTC118INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 70 3e 41 6e 6f 6e 79 6d 6f 75 73 20 50 72 6f 78 79 20 64 65 74 65 63 74 65 64 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"></head><body><p>Anonymous Proxy detected.</p></body></html>


                    Session IDSource IPSource PortDestination IPDestination Port
                    6192.168.2.54972840.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:25 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 41 57 32 54 4a 37 36 55 30 79 48 74 33 51 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 65 39 61 33 34 34 63 30 65 63 34 63 39 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: tAW2TJ76U0yHt3QY.1Context: 3aee9a344c0ec4c9
                    2024-10-01 08:50:25 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:25 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 41 57 32 54 4a 37 36 55 30 79 48 74 33 51 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 65 39 61 33 34 34 63 30 65 63 34 63 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 39 2b 34 61 4d 76 63 77 74 59 57 4a 50 35 2f 41 6b 37 57 79 6e 32 55 48 33 54 71 62 71 2b 5a 35 52 67 41 6a 4e 50 72 69 49 4e 49 72 57 6d 38 6c 6b 4a 51 30 73 75 56 43 76 4f 30 44 52 6d 74 35 4b 4d 57 55 72 70 53 39 57 71 4f 2f 36 4b 74 67 65 32 6f 53 75 4f 4c 71 30 35 72 30 75 56 73 49 38 48 41 73 74 6b 71 4a 44 47 42 2f
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tAW2TJ76U0yHt3QY.2Context: 3aee9a344c0ec4c9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY9+4aMvcwtYWJP5/Ak7Wyn2UH3Tqbq+Z5RgAjNPriINIrWm8lkJQ0suVCvO0DRmt5KMWUrpS9WqO/6Ktge2oSuOLq05r0uVsI8HAstkqJDGB/
                    2024-10-01 08:50:25 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 74 41 57 32 54 4a 37 36 55 30 79 48 74 33 51 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 65 65 39 61 33 34 34 63 30 65 63 34 63 39 0d 0a 0d 0a
                    Data Ascii: BND 3 CON\QOS 56MS-CV: tAW2TJ76U0yHt3QY.3Context: 3aee9a344c0ec4c9
                    2024-10-01 08:50:25 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:25 UTC58INData Raw: 4d 53 2d 43 56 3a 20 43 4f 6f 30 51 38 65 75 6d 55 4b 55 39 4d 58 76 38 47 35 64 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: COo0Q8eumUKU9MXv8G5diA.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    7192.168.2.54972640.126.32.136443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:25 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 4694
                    Host: login.live.com
                    2024-10-01 08:50:25 UTC4694OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:25 UTC656INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:25 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    FdrTelemetry: &481=21&59=5&213=280810&215=0&315=1&215=0&315=1&214=30&288=16.0.30374.3
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_SN1
                    x-ms-request-id: 949ea7f0-bbb8-437e-9b49-3a397e61f326
                    PPServer: PPV: 30 H: SN1PEPF0002F164 V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:25 GMT
                    Connection: close
                    Content-Length: 10901
                    2024-10-01 08:50:25 UTC10901INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination Port
                    8192.168.2.54972720.190.160.22443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:25 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 4775
                    Host: login.live.com
                    2024-10-01 08:50:25 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:25 UTC653INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:25 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30374.3
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_SN1
                    x-ms-request-id: a9dda338-fd53-4864-aaf3-48cd3ff03b78
                    PPServer: PPV: 30 H: SN1PEPF0002F161 V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:25 GMT
                    Connection: close
                    Content-Length: 11409
                    2024-10-01 08:50:25 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.549730172.240.108.844436572C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:25 UTC1013OUTGET /favicon.ico HTTP/1.1
                    Host: glossydollyknock.com
                    Connection: keep-alive
                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                    sec-ch-ua-mobile: ?0
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    sec-ch-ua-full-version: "117.0.5938.132"
                    sec-ch-ua-platform-version: "10.0.0"
                    sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                    sec-ch-ua-model: ""
                    sec-ch-ua-platform: "Windows"
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: image
                    Referer: https://glossydollyknock.com/w4n3hka2p6?key=4adf7f60948fc97f20eb71a37f488b68&fbclid=IwY2xjawFolyBleHRuA2FlbQIxMAABHaxYKSuJTI92Ud91FM9sK3aDzKfYHSCfj1qlmf71gMNPqaZKwwoFvrfAGA_aem_LHXLb0b6XyEafa9vMdu15Q
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: u_pl=22483156
                    2024-10-01 08:50:25 UTC377INHTTP/1.1 200 OK
                    Server: nginx/1.21.6
                    Date: Tue, 01 Oct 2024 08:50:25 GMT
                    Content-Type: image/x-icon
                    Content-Length: 0
                    Connection: close
                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                    Cache-Control: no-cache
                    X-Request-ID: dfdfb062a04802acca177d26770e32cd
                    Cache-Control: max-age=0, private, no-cache
                    Pragma: no-cache
                    Strict-Transport-Security: max-age=0; includeSubdomains


                    Session IDSource IPSource PortDestination IPDestination Port
                    10192.168.2.54973320.190.160.22443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:26 UTC422OUTPOST /RST2.srf HTTP/1.0
                    Connection: Keep-Alive
                    Content-Type: application/soap+xml
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                    Content-Length: 4775
                    Host: login.live.com
                    2024-10-01 08:50:26 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                    2024-10-01 08:50:27 UTC569INHTTP/1.1 200 OK
                    Cache-Control: no-store, no-cache
                    Pragma: no-cache
                    Content-Type: application/soap+xml; charset=utf-8
                    Expires: Tue, 01 Oct 2024 08:49:27 GMT
                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                    Referrer-Policy: strict-origin-when-cross-origin
                    x-ms-route-info: C524_BAY
                    x-ms-request-id: 1cb8a185-18c6-4d9e-8c6b-e943369e96c4
                    PPServer: PPV: 30 H: PH1PEPF00011FFE V: 0
                    X-Content-Type-Options: nosniff
                    Strict-Transport-Security: max-age=31536000
                    X-XSS-Protection: 1; mode=block
                    Date: Tue, 01 Oct 2024 08:50:26 GMT
                    Connection: close
                    Content-Length: 11409
                    2024-10-01 08:50:27 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                    Session IDSource IPSource PortDestination IPDestination Port
                    11192.168.2.54973240.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 4e 44 67 2f 38 42 58 55 30 53 4c 71 72 33 59 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 35 65 63 31 39 32 64 63 62 32 38 34 34 62 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: xNDg/8BXU0SLqr3Y.1Context: 965ec192dcb2844b
                    2024-10-01 08:50:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:26 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 4e 44 67 2f 38 42 58 55 30 53 4c 71 72 33 59 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 35 65 63 31 39 32 64 63 62 32 38 34 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: xNDg/8BXU0SLqr3Y.2Context: 965ec192dcb2844b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:50:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 4e 44 67 2f 38 42 58 55 30 53 4c 71 72 33 59 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 35 65 63 31 39 32 64 63 62 32 38 34 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: xNDg/8BXU0SLqr3Y.3Context: 965ec192dcb2844b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:50:27 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:27 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 56 6f 64 4b 48 52 51 44 45 47 6c 47 73 71 6c 2f 70 49 50 74 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: vVodKHRQDEGlGsql/pIPtw.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.549735172.240.108.844436572C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:26 UTC378OUTGET /favicon.ico HTTP/1.1
                    Host: glossydollyknock.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Sec-Fetch-Site: none
                    Sec-Fetch-Mode: cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    Accept-Language: en-US,en;q=0.9
                    Cookie: u_pl=22483156
                    2024-10-01 08:50:27 UTC377INHTTP/1.1 200 OK
                    Server: nginx/1.21.6
                    Date: Tue, 01 Oct 2024 08:50:26 GMT
                    Content-Type: image/x-icon
                    Content-Length: 0
                    Connection: close
                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                    Cache-Control: no-cache
                    X-Request-ID: 6e99aa4cb4dad6c4aba3f840380488be
                    Cache-Control: max-age=0, private, no-cache
                    Pragma: no-cache
                    Strict-Transport-Security: max-age=0; includeSubdomains


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.549736184.28.90.27443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:27 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-10-01 08:50:27 UTC467INHTTP/1.1 200 OK
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (lpl/EF06)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-neu-z1
                    Cache-Control: public, max-age=201323
                    Date: Tue, 01 Oct 2024 08:50:27 GMT
                    Connection: close
                    X-CID: 2


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.550446184.28.90.27443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:28 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    Accept-Encoding: identity
                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                    Range: bytes=0-2147483646
                    User-Agent: Microsoft BITS/7.8
                    Host: fs.microsoft.com
                    2024-10-01 08:50:28 UTC515INHTTP/1.1 200 OK
                    ApiVersion: Distribute 1.1
                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                    Content-Type: application/octet-stream
                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                    Server: ECAcc (lpl/EF06)
                    X-CID: 11
                    X-Ms-ApiVersion: Distribute 1.2
                    X-Ms-Region: prod-weu-z1
                    Cache-Control: public, max-age=201266
                    Date: Tue, 01 Oct 2024 08:50:28 GMT
                    Content-Length: 55
                    Connection: close
                    X-CID: 2
                    2024-10-01 08:50:28 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                    Session IDSource IPSource PortDestination IPDestination Port
                    15192.168.2.55044740.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:31 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 58 33 6d 56 36 5a 6b 39 55 47 55 53 52 6e 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 33 36 64 37 35 62 31 36 35 63 62 37 66 35 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: +X3mV6Zk9UGUSRnB.1Context: de36d75b165cb7f5
                    2024-10-01 08:50:31 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:31 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 58 33 6d 56 36 5a 6b 39 55 47 55 53 52 6e 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 33 36 64 37 35 62 31 36 35 63 62 37 66 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +X3mV6Zk9UGUSRnB.2Context: de36d75b165cb7f5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:50:31 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 58 33 6d 56 36 5a 6b 39 55 47 55 53 52 6e 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 33 36 64 37 35 62 31 36 35 63 62 37 66 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: +X3mV6Zk9UGUSRnB.3Context: de36d75b165cb7f5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:50:31 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:31 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2b 36 63 4b 37 58 76 41 42 6b 65 66 79 2b 6a 63 75 70 6f 49 78 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: +6cK7XvABkefy+jcupoIxg.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    16192.168.2.55044840.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:35 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 42 49 33 4f 6d 61 48 5a 6b 71 45 32 33 52 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 38 62 32 36 36 61 37 37 38 36 38 64 33 62 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: MBI3OmaHZkqE23R9.1Context: be8b266a77868d3b
                    2024-10-01 08:50:35 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:35 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 42 49 33 4f 6d 61 48 5a 6b 71 45 32 33 52 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 38 62 32 36 36 61 37 37 38 36 38 64 33 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 39 2b 34 61 4d 76 63 77 74 59 57 4a 50 35 2f 41 6b 37 57 79 6e 32 55 48 33 54 71 62 71 2b 5a 35 52 67 41 6a 4e 50 72 69 49 4e 49 72 57 6d 38 6c 6b 4a 51 30 73 75 56 43 76 4f 30 44 52 6d 74 35 4b 4d 57 55 72 70 53 39 57 71 4f 2f 36 4b 74 67 65 32 6f 53 75 4f 4c 71 30 35 72 30 75 56 73 49 38 48 41 73 74 6b 71 4a 44 47 42 2f
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MBI3OmaHZkqE23R9.2Context: be8b266a77868d3b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY9+4aMvcwtYWJP5/Ak7Wyn2UH3Tqbq+Z5RgAjNPriINIrWm8lkJQ0suVCvO0DRmt5KMWUrpS9WqO/6Ktge2oSuOLq05r0uVsI8HAstkqJDGB/
                    2024-10-01 08:50:35 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4d 42 49 33 4f 6d 61 48 5a 6b 71 45 32 33 52 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 65 38 62 32 36 36 61 37 37 38 36 38 64 33 62 0d 0a 0d 0a
                    Data Ascii: BND 3 CON\QOS 56MS-CV: MBI3OmaHZkqE23R9.3Context: be8b266a77868d3b
                    2024-10-01 08:50:35 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:35 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4c 6e 79 67 32 6b 55 59 34 30 47 43 42 79 50 58 71 74 72 35 6a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: Lnyg2kUY40GCByPXqtr5jQ.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    17192.168.2.55045123.1.237.91443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:37 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                    Origin: https://www.bing.com
                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                    Accept: */*
                    Accept-Language: en-CH
                    Content-type: text/xml
                    X-Agent-DeviceId: 01000A410900D492
                    X-BM-CBT: 1696428841
                    X-BM-DateFormat: dd/MM/yyyy
                    X-BM-DeviceDimensions: 784x984
                    X-BM-DeviceDimensionsLogical: 784x984
                    X-BM-DeviceScale: 100
                    X-BM-DTZ: 120
                    X-BM-Market: CH
                    X-BM-Theme: 000000;0078d7
                    X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                    X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                    X-Device-isOptin: false
                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                    X-Device-OSSKU: 48
                    X-Device-Touch: false
                    X-DeviceID: 01000A410900D492
                    X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                    X-MSEdge-ExternalExpType: JointCoord
                    X-PositionerType: Desktop
                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                    X-Search-CortanaAvailableCapabilities: None
                    X-Search-SafeSearch: Moderate
                    X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                    X-UserAgeClass: Unknown
                    Accept-Encoding: gzip, deflate, br
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Host: www.bing.com
                    Content-Length: 2484
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1727772604820&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                    2024-10-01 08:50:37 UTC1OUTData Raw: 3c
                    Data Ascii: <
                    2024-10-01 08:50:37 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                    Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                    2024-10-01 08:50:37 UTC476INHTTP/1.1 204 No Content
                    Access-Control-Allow-Origin: *
                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                    X-MSEdge-Ref: Ref A: E529E63409A34674BEB523A55B696EC1 Ref B: LAXEDGE1621 Ref C: 2024-10-01T08:50:37Z
                    Date: Tue, 01 Oct 2024 08:50:37 GMT
                    Connection: close
                    Alt-Svc: h3=":443"; ma=93600
                    X-CDN-TraceID: 0.5fed0117.1727772637.33f7ee52


                    Session IDSource IPSource PortDestination IPDestination Port
                    18192.168.2.55045240.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 6b 33 57 39 53 77 49 6d 55 36 61 35 68 43 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 37 38 62 39 37 32 64 36 34 62 62 37 37 32 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: Ck3W9SwImU6a5hCN.1Context: b178b972d64bb772
                    2024-10-01 08:50:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:40 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 6b 33 57 39 53 77 49 6d 55 36 61 35 68 43 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 37 38 62 39 37 32 64 36 34 62 62 37 37 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Ck3W9SwImU6a5hCN.2Context: b178b972d64bb772<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:50:40 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 6b 33 57 39 53 77 49 6d 55 36 61 35 68 43 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 37 38 62 39 37 32 64 36 34 62 62 37 37 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: Ck3W9SwImU6a5hCN.3Context: b178b972d64bb772<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:50:40 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:40 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 6c 70 37 46 47 33 32 55 45 75 61 55 55 48 30 72 6e 68 73 66 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: Dlp7FG32UEuaUUH0rnhsfA.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    19192.168.2.55045440.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 47 67 49 44 76 64 61 66 55 6d 6a 55 43 4c 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 35 31 34 37 33 64 33 36 64 61 31 34 36 35 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: sGgIDvdafUmjUCLa.1Context: 5951473d36da1465
                    2024-10-01 08:50:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:53 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 47 67 49 44 76 64 61 66 55 6d 6a 55 43 4c 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 35 31 34 37 33 64 33 36 64 61 31 34 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: sGgIDvdafUmjUCLa.2Context: 5951473d36da1465<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:50:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 47 67 49 44 76 64 61 66 55 6d 6a 55 43 4c 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 39 35 31 34 37 33 64 33 36 64 61 31 34 36 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: sGgIDvdafUmjUCLa.3Context: 5951473d36da1465<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:50:53 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:53 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4e 46 6f 33 68 31 6a 45 79 55 4f 6c 35 43 4b 34 61 45 74 67 6e 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: NFo3h1jEyUOl5CK4aEtgnw.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    20192.168.2.55045340.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:50:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 38 56 51 46 49 37 64 43 45 57 75 39 50 6f 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 65 37 63 34 63 62 32 31 64 63 39 39 61 35 65 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: I8VQFI7dCEWu9Po8.1Context: 2e7c4cb21dc99a5e
                    2024-10-01 08:50:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:50:53 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 38 56 51 46 49 37 64 43 45 57 75 39 50 6f 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 65 37 63 34 63 62 32 31 64 63 39 39 61 35 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 39 2b 34 61 4d 76 63 77 74 59 57 4a 50 35 2f 41 6b 37 57 79 6e 32 55 48 33 54 71 62 71 2b 5a 35 52 67 41 6a 4e 50 72 69 49 4e 49 72 57 6d 38 6c 6b 4a 51 30 73 75 56 43 76 4f 30 44 52 6d 74 35 4b 4d 57 55 72 70 53 39 57 71 4f 2f 36 4b 74 67 65 32 6f 53 75 4f 4c 71 30 35 72 30 75 56 73 49 38 48 41 73 74 6b 71 4a 44 47 42 2f
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: I8VQFI7dCEWu9Po8.2Context: 2e7c4cb21dc99a5e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY9+4aMvcwtYWJP5/Ak7Wyn2UH3Tqbq+Z5RgAjNPriINIrWm8lkJQ0suVCvO0DRmt5KMWUrpS9WqO/6Ktge2oSuOLq05r0uVsI8HAstkqJDGB/
                    2024-10-01 08:50:53 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 49 38 56 51 46 49 37 64 43 45 57 75 39 50 6f 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 65 37 63 34 63 62 32 31 64 63 39 39 61 35 65 0d 0a 0d 0a
                    Data Ascii: BND 3 CON\QOS 56MS-CV: I8VQFI7dCEWu9Po8.3Context: 2e7c4cb21dc99a5e
                    2024-10-01 08:50:53 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:50:53 UTC58INData Raw: 4d 53 2d 43 56 3a 20 41 53 6b 75 53 2f 42 57 6a 45 4b 32 6e 78 6d 77 4c 6b 4b 71 4d 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: ASkuS/BWjEK2nxmwLkKqMQ.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    21192.168.2.55045540.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:51:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 51 7a 4e 6f 6c 43 66 5a 45 57 77 39 59 43 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 62 62 36 65 61 38 32 34 34 65 31 66 65 35 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: GQzNolCfZEWw9YC/.1Context: 64bb6ea8244e1fe5
                    2024-10-01 08:51:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:51:13 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 51 7a 4e 6f 6c 43 66 5a 45 57 77 39 59 43 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 62 62 36 65 61 38 32 34 34 65 31 66 65 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GQzNolCfZEWw9YC/.2Context: 64bb6ea8244e1fe5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:51:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 51 7a 4e 6f 6c 43 66 5a 45 57 77 39 59 43 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 34 62 62 36 65 61 38 32 34 34 65 31 66 65 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: GQzNolCfZEWw9YC/.3Context: 64bb6ea8244e1fe5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:51:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:51:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 5a 66 44 43 72 34 2b 35 63 55 6d 79 38 4e 75 58 39 49 34 4e 6a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: ZfDCr4+5cUmy8NuX9I4NjQ.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    22192.168.2.55045740.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:51:18 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 71 63 56 76 4e 54 43 56 45 79 6d 47 43 50 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 31 34 39 36 66 64 61 65 38 65 65 32 33 62 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: CqcVvNTCVEymGCPS.1Context: ab1496fdae8ee23b
                    2024-10-01 08:51:18 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:51:18 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 71 63 56 76 4e 54 43 56 45 79 6d 47 43 50 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 31 34 39 36 66 64 61 65 38 65 65 32 33 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 39 2b 34 61 4d 76 63 77 74 59 57 4a 50 35 2f 41 6b 37 57 79 6e 32 55 48 33 54 71 62 71 2b 5a 35 52 67 41 6a 4e 50 72 69 49 4e 49 72 57 6d 38 6c 6b 4a 51 30 73 75 56 43 76 4f 30 44 52 6d 74 35 4b 4d 57 55 72 70 53 39 57 71 4f 2f 36 4b 74 67 65 32 6f 53 75 4f 4c 71 30 35 72 30 75 56 73 49 38 48 41 73 74 6b 71 4a 44 47 42 2f
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: CqcVvNTCVEymGCPS.2Context: ab1496fdae8ee23b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY9+4aMvcwtYWJP5/Ak7Wyn2UH3Tqbq+Z5RgAjNPriINIrWm8lkJQ0suVCvO0DRmt5KMWUrpS9WqO/6Ktge2oSuOLq05r0uVsI8HAstkqJDGB/
                    2024-10-01 08:51:18 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 43 71 63 56 76 4e 54 43 56 45 79 6d 47 43 50 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 62 31 34 39 36 66 64 61 65 38 65 65 32 33 62 0d 0a 0d 0a
                    Data Ascii: BND 3 CON\QOS 56MS-CV: CqcVvNTCVEymGCPS.3Context: ab1496fdae8ee23b
                    2024-10-01 08:51:18 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:51:18 UTC58INData Raw: 4d 53 2d 43 56 3a 20 75 35 42 75 47 36 52 62 4b 55 69 63 77 52 42 53 42 2f 66 2f 31 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: u5BuG6RbKUicwRBSB/f/1g.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    23192.168.2.55046140.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:51:39 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 32 33 51 73 47 51 63 78 55 2b 51 77 65 6b 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 38 30 39 65 32 61 65 31 66 64 63 65 32 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: 423QsGQcxU+Qwekn.1Context: 5c5809e2ae1fdce2
                    2024-10-01 08:51:39 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:51:39 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 32 33 51 73 47 51 63 78 55 2b 51 77 65 6b 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 38 30 39 65 32 61 65 31 66 64 63 65 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 6c 47 36 33 4d 4d 50 65 69 71 57 46 50 59 43 62 6e 72 76 41 2f 6c 37 41 30 73 6c 6d 79 2b 6b 65 44 5a 55 44 62 67 33 47 4d 37 4e 48 35 46 69 4d 76 51 4f 63 74 6a 41 42 48 64 36 46 68 37 55 44 4e 4f 35 30 52 73 4e 71 74 4c 2b 39 41 5a 2f 76 31 6b 56 55 65 61 6e 4f 51 6e 49 37 2f 4e 77 4b 49 61 66 76 6e 54 32 59 30 4f 2b 67
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 423QsGQcxU+Qwekn.2Context: 5c5809e2ae1fdce2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASlG63MMPeiqWFPYCbnrvA/l7A0slmy+keDZUDbg3GM7NH5FiMvQOctjABHd6Fh7UDNO50RsNqtL+9AZ/v1kVUeanOQnI7/NwKIafvnT2Y0O+g
                    2024-10-01 08:51:39 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 32 33 51 73 47 51 63 78 55 2b 51 77 65 6b 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 63 35 38 30 39 65 32 61 65 31 66 64 63 65 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: 423QsGQcxU+Qwekn.3Context: 5c5809e2ae1fdce2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                    2024-10-01 08:51:39 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:51:39 UTC58INData Raw: 4d 53 2d 43 56 3a 20 72 4e 78 78 54 54 65 53 33 30 61 4f 68 37 63 73 4d 6f 36 6c 37 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: rNxxTTeS30aOh7csMo6l7A.0Payload parsing failed.


                    Session IDSource IPSource PortDestination IPDestination Port
                    24192.168.2.55046240.113.110.67443
                    TimestampBytes transferredDirectionData
                    2024-10-01 08:51:45 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 63 2b 56 62 4d 73 79 38 45 47 58 36 34 4b 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 64 65 32 65 39 37 33 62 66 30 30 33 31 34 0d 0a 0d 0a
                    Data Ascii: CNT 1 CON 305MS-CV: wc+VbMsy8EGX64KR.1Context: 62de2e973bf00314
                    2024-10-01 08:51:45 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                    2024-10-01 08:51:45 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 63 2b 56 62 4d 73 79 38 45 47 58 36 34 4b 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 64 65 32 65 39 37 33 62 66 30 30 33 31 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 39 2b 34 61 4d 76 63 77 74 59 57 4a 50 35 2f 41 6b 37 57 79 6e 32 55 48 33 54 71 62 71 2b 5a 35 52 67 41 6a 4e 50 72 69 49 4e 49 72 57 6d 38 6c 6b 4a 51 30 73 75 56 43 76 4f 30 44 52 6d 74 35 4b 4d 57 55 72 70 53 39 57 71 4f 2f 36 4b 74 67 65 32 6f 53 75 4f 4c 71 30 35 72 30 75 56 73 49 38 48 41 73 74 6b 71 4a 44 47 42 2f
                    Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: wc+VbMsy8EGX64KR.2Context: 62de2e973bf00314<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAY9+4aMvcwtYWJP5/Ak7Wyn2UH3Tqbq+Z5RgAjNPriINIrWm8lkJQ0suVCvO0DRmt5KMWUrpS9WqO/6Ktge2oSuOLq05r0uVsI8HAstkqJDGB/
                    2024-10-01 08:51:45 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 77 63 2b 56 62 4d 73 79 38 45 47 58 36 34 4b 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 64 65 32 65 39 37 33 62 66 30 30 33 31 34 0d 0a 0d 0a
                    Data Ascii: BND 3 CON\QOS 56MS-CV: wc+VbMsy8EGX64KR.3Context: 62de2e973bf00314
                    2024-10-01 08:51:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                    Data Ascii: 202 1 CON 58
                    2024-10-01 08:51:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 59 6b 53 68 67 65 42 64 30 79 4c 7a 46 31 52 36 41 52 4b 56 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                    Data Ascii: MS-CV: GYkShgeBd0yLzF1R6ARKVA.0Payload parsing failed.


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:04:50:16
                    Start date:01/10/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:04:50:20
                    Start date:01/10/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2028,i,15626684673136995110,272168911264175477,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:04:50:22
                    Start date:01/10/2024
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://l.facebook.com/l.php?u=https%3A%2F%2Fglossydollyknock.com%2Fw4n3hka2p6%3Fkey%3D4adf7f60948fc97f20eb71a37f488b68%26fbclid%3DIwZXh0bgNhZW0CMTAAAR2sWCkriUyPdlHfdRTPbCt2g8yn2B0gn49apZn-9YDDT6mmSsMKBb63wBg_aem_LHXLb0b6XyEafa9vMdu15Q&h=AT3Q5pc4JYuZUEyX8rr8abFazLnrJX82c0Mzs4joBZygkyzWKVOG4MfAjLuQ9vGazIv4IV-N-QhihzSx2jrkeAjehZSm2YhcT1T0Hz7uxtZvtRIbuTkA_Am76OeQhuopaQ&__tn__=R%5D-R&c%5B0%5D=AT0B8CUrOUWDDhBkBSoY_sR_Q2IdaQRs5o-hIRLRUlMk669issrBSNbduA-V2UNVUT_XZ9QJcwePs_4iUMdBe8WDu2kbum__cQyKqnoqtSz4-dHASRwGlJAYUngRXsgxmoYUj9q1YNGw0-hNPPtRpfV-WyB5ptMMsMbm355vN9Vz8k6D9ZXB_vjILzh8k0OO_w_zawh-IINi5cndpF3-4aGCWeoOMMG3q1NB8mKT_pQljubmHEwtBLrB3RTViT2btvA"
                    Imagebase:0x7ff715980000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly