Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://take.supersurvey.com/Q6RX6UV5H/*

Overview

General Information

Sample URL:https://take.supersurvey.com/Q6RX6UV5H/*
Analysis ID:1524993
Infos:
Errors
  • URL not reachable

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2000,i,14063492633837651287,242067405089379618,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://take.supersurvey.com/Q6RX6UV5H/*" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:65290 version: TLS 1.0
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:65267 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65269 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65270 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65283 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65284 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65291 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65292 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.5:65265 -> 1.1.1.1:53
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:65290 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: global trafficHTTP traffic detected: GET /Q6RX6UV5H/* HTTP/1.1Host: take.supersurvey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: take.supersurvey.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Oct 2024 13:13:02 GMTContent-Length: 0Connection: closex-powered-by: ASP.NETCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvS8k4QRwyrIFJ8hRZ2acI7gWOPZ%2FwOgp6g%2FfM%2BZUECGINIbwqxG89fNaDfD4n2c4jOeCs23KFKfIK7oxVZC%2F%2FpmJkx82re0507%2BXzsCGF%2FcrqAwoDQiaHwP5KisLu049%2Bvv7%2BYE"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ccd2fece9138ce8-EWR
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65291
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65270
Source: unknownNetwork traffic detected: HTTP traffic on port 65279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65292
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65276
Source: unknownNetwork traffic detected: HTTP traffic on port 65285 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65290
Source: unknownNetwork traffic detected: HTTP traffic on port 65267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65268
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65269
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65267
Source: unknownNetwork traffic detected: HTTP traffic on port 65276 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65270 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65282
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65283
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65284
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65285
Source: unknownNetwork traffic detected: HTTP traffic on port 65284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65282 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65268 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65279
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65277
Source: unknownNetwork traffic detected: HTTP traffic on port 65277 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:65267 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65269 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65270 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65283 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65284 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65291 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:65292 version: TLS 1.2
Source: classification engineClassification label: unknown1.win@17/6@6/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2000,i,14063492633837651287,242067405089379618,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://take.supersurvey.com/Q6RX6UV5H/*"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2000,i,14063492633837651287,242067405089379618,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		unknown
    take.supersurvey.com
    		172.66.40.100
    		truefalse
      		unknown
      www.google.com
      		172.217.18.4
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://take.supersurvey.com/Q6RX6UV5H/*false
            		unknown
            https://a.nel.cloudflare.com/report/v4?s=rvS8k4QRwyrIFJ8hRZ2acI7gWOPZ%2FwOgp6g%2FfM%2BZUECGINIbwqxG89fNaDfD4n2c4jOeCs23KFKfIK7oxVZC%2F%2FpmJkx82re0507%2BXzsCGF%2FcrqAwoDQiaHwP5KisLu049%2Bvv7%2BYEfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              172.66.40.100
              		take.supersurvey.comUnited States
              		13335CLOUDFLARENETUSfalse
              172.217.18.4
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              35.190.80.1
              		a.nel.cloudflare.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.22
              192.168.2.5

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1524993
              Start date and time:2024-10-03 15:11:50 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 11s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://take.supersurvey.com/Q6RX6UV5H/*
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:6
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:UNKNOWN
              Classification:unknown1.win@17/6@6/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • URL browsing timeout or error

              Errors

              • URL not reachable

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 20.190.152.22, 40.126.24.83, 40.126.24.149, 20.190.152.20, 40.126.24.148, 40.126.24.146, 40.126.24.81, 40.126.24.82, 216.58.206.35, 172.217.16.206, 108.177.15.84, 34.104.35.123, 184.28.90.27, 172.202.163.200, 192.229.221.95, 13.85.23.206
              • Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: https://take.supersurvey.com/Q6RX6UV5H/*

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:13:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9722992019381618
              Encrypted:false
              SSDEEP:48:82TdKT2SLHr0idAKZdA19ehwiZUklqehTy+3:8djaIy
              MD5:E1A350E261E4E6AC19FE009B8FAE90AC
              SHA1:C81F0C45C904E52D7B2251286922646683F3B90C
              SHA-256:ADB700D3C0268219EAE287E294FCC16BAEA2B64C5819FA4EA143B8BF8CF88BB6
              SHA-512:1B75C674B6ED7BB73291EC9EDA2B108AB610003A6DC08B40BC77E0CC11B18ECC3FA84D84F771887C477E68543535D6F5539EBDB1B3B5F43E5BE0FCA2965EF7B5
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:13:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9880684308049577
              Encrypted:false
              SSDEEP:48:8jdKT2SLHr0idAKZdA1weh/iZUkAQkqeh4y+2:80jw9Q1y
              MD5:1F6BCFA397811C1F29B9EB9B01A97775
              SHA1:17A88F61C6713CAF0AF2337F1CF4C08A8C07C00F
              SHA-256:7C8D46B0FFE867D504A3141F2D2633EF4145EEF8A02F0CBDE9930612A358D5DC
              SHA-512:8604068D0131D6BC6F39041D0867F187D3F0810E8C53B9731C4C8E64020D627708249F22DFB03DF9A583605EC415A9C2DAE57B1A1ED2FA9612D735A7674C460D
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2693
              Entropy (8bit):3.9983253336349547
              Encrypted:false
              SSDEEP:48:8xTdKT2SsHr0idAKZdA14tseh7sFiZUkmgqeh7s6y+BX:8xkjJnUy
              MD5:FFEE651C0798CF7A608D6071334A453C
              SHA1:C47F169A959E0BCDD6B5D157E421488576C512E2
              SHA-256:454ECE03C2D0853BB14CC3E98B7253E527F885021E21DECB980E7549C5CFB64A
              SHA-512:BDDD9489F04D3D8DF9F828ABED3B21299348FBBFD03766D79D4839EF24FB523FFA91163F9F5270305FF9280C7D56872B73D5913A78BDBC28B28324EE5B7C55EB
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:13:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.986775414657152
              Encrypted:false
              SSDEEP:48:8udKT2SLHr0idAKZdA1vehDiZUkwqeh8y+R:8njbCy
              MD5:9D9859B8EBCE608012B663D15DCE7A9F
              SHA1:0D708C26B1BF9F823D01729A09F57D2BCE076C09
              SHA-256:E81249AC91C7BEED06270C1F29E64B10530525E0034410DBB65320C362567B61
              SHA-512:2EED6190997B74EC832029E00D5958304F25DE470A90D0FB966A1CDB8FB596BF1B32646B7195F809DCFAA0C2FA0D055E84F464F0C6D25C29374DD82AEC647C94
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:13:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.975902020518231
              Encrypted:false
              SSDEEP:48:8tdKT2SLHr0idAKZdA1hehBiZUk1W1qehGy+C:8qj79my
              MD5:E92F6FFD22B6327F248BF41645F701D1
              SHA1:D8B0413AE205828DE90017C3BB06A4B4B1621BB7
              SHA-256:191B3283DD0C0232E963BEF5862B66F719FD35638CFC9F51EFA49D1D6A39EA10
              SHA-512:BAA433BFABD02DE8E2A49DD99DC98A27C3E21637249FF8CA184AA2DA44B72DAC8448F4420033FC9E4C2443A1A8B520B51AA1D4B9FBAF2DD06A31264E58E94F46
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.....O......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 12:13:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2683
              Entropy (8bit):3.9849227984567803
              Encrypted:false
              SSDEEP:48:8jdKT2SLHr0idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbUy+yT+:80jbT/TbxWOvTbUy7T
              MD5:9B2C95DB1E93D17B54F017FFF263480F
              SHA1:99670CBB0858018D3C862D28A8A904C3639888EB
              SHA-256:2EE5E2C6D8427D4F9971E7AC0B6E5B7CE79E7AC4AB0D671306BBD3A6529ADDCD
              SHA-512:BA1043F0148AC6FE169526B590F00C72E4F1B3E961F4879B1E5F83EE079BF0346CC7246717AF3DF1D594DDFFFAD34252810FC035A2370D8F36B372D2A2A163E7
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....;d......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.ICY.i....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VCY.i....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VCY.i..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VCY.i...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............>.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 3, 2024 15:12:48.603828907 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.603918076 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.618177891 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.618201017 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.618987083 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.619602919 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.619674921 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.619766951 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.994425058 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.994456053 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.994501114 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.994553089 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:48.994613886 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.994870901 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.994870901 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.994947910 CEST49718443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:48.994966030 CEST4434971820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.018718958 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.018802881 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.018927097 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.019073963 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.019097090 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.024786949 CEST6526553192.168.2.51.1.1.1
              Oct 3, 2024 15:12:49.030065060 CEST53652651.1.1.1192.168.2.5
              Oct 3, 2024 15:12:49.030147076 CEST6526553192.168.2.51.1.1.1
              Oct 3, 2024 15:12:49.030164003 CEST6526553192.168.2.51.1.1.1
              Oct 3, 2024 15:12:49.035269022 CEST53652651.1.1.1192.168.2.5
              Oct 3, 2024 15:12:49.447305918 CEST49675443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:49.447340012 CEST49674443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:49.484699965 CEST53652651.1.1.1192.168.2.5
              Oct 3, 2024 15:12:49.485260010 CEST6526553192.168.2.51.1.1.1
              Oct 3, 2024 15:12:49.490489006 CEST53652651.1.1.1192.168.2.5
              Oct 3, 2024 15:12:49.490556002 CEST6526553192.168.2.51.1.1.1
              Oct 3, 2024 15:12:49.556669950 CEST49673443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:49.783499002 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.784248114 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.784324884 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.788005114 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.788019896 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:49.788069010 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:49.788090944 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.172770977 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.172832966 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.172939062 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.173024893 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.173052073 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.173115015 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.173149109 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.173456907 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.173502922 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.173536062 CEST49719443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.173552036 CEST4434971920.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.198398113 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:50.198424101 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:50.198512077 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:50.199049950 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:50.199064016 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:50.501826048 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.501851082 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:50.501918077 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.535149097 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:50.535160065 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.000488997 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.000580072 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.003736019 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.003757000 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.004158020 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.005548954 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.005670071 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.005676031 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.006033897 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.051400900 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.177284002 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.177473068 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.178026915 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.178472996 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.178486109 CEST4436526740.113.103.199192.168.2.5
              Oct 3, 2024 15:12:51.178499937 CEST65267443192.168.2.540.113.103.199
              Oct 3, 2024 15:12:51.302637100 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.311393023 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.311403036 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.312354088 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.312359095 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.312403917 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.312411070 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750499964 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750523090 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750581026 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750583887 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.750608921 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750638962 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.750659943 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.750757933 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.751004934 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.751025915 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:51.751039982 CEST65268443192.168.2.520.190.159.4
              Oct 3, 2024 15:12:51.751046896 CEST4436526820.190.159.4192.168.2.5
              Oct 3, 2024 15:12:58.485321999 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.485373020 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:58.485444069 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.487441063 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.487462044 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:58.856039047 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.856093884 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:58.856173038 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.856975079 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:58.856992960 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.153295994 CEST49675443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:59.212857962 CEST49674443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:59.282299042 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.282397032 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.312422037 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.312447071 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.313221931 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.314728022 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.314790964 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.314796925 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.314886093 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.337842941 CEST49673443192.168.2.523.1.237.91
              Oct 3, 2024 15:12:59.355412960 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.492129087 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.492485046 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.492554903 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.492760897 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.492796898 CEST4436526940.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.492820978 CEST65269443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.643847942 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.643918037 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.646018028 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.646034002 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.646488905 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.662362099 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.662427902 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.662436962 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.662645102 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.707406998 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.833029985 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.833128929 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:12:59.833189964 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.833312035 CEST65270443192.168.2.540.113.110.67
              Oct 3, 2024 15:12:59.833334923 CEST4436527040.113.110.67192.168.2.5
              Oct 3, 2024 15:13:00.821269989 CEST4434971023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:00.821372986 CEST49710443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:01.370522022 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.370629072 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.370723009 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.371189117 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.371238947 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.371249914 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.371280909 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.371326923 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.371639967 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.371659994 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.834434986 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.847594976 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.887409925 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.908195972 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.908205986 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.908555984 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.908579111 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.909378052 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.909389973 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.909480095 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.912359953 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.912396908 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.912444115 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.995074987 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.995290041 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:01.995388985 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:01.995739937 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.036011934 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.036039114 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.050940037 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.050957918 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.085268021 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.158576012 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.203440905 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.216260910 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.435107946 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.435199022 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.435271025 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.466347933 CEST65277443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:02.466363907 CEST44365277172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:02.526284933 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:02.526386976 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:02.526475906 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:02.527487040 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:02.527522087 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:02.992647886 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.003657103 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.003700972 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.005306959 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.005387068 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.019659042 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.019773960 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.020988941 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.021018028 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.065785885 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.144661903 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.144753933 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.144818068 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.145103931 CEST65279443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.145152092 CEST4436527935.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.145817995 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.145857096 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.145925045 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.146150112 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.146162987 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.351912022 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.351965904 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:03.352323055 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.353116989 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.353142977 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:03.357600927 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.357640028 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:03.357867002 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.358381033 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:03.358393908 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:03.603892088 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.815406084 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.817466974 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.869668007 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.869683027 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.871001959 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.891906977 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.891906977 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:03.891933918 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:03.892174006 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:04.002613068 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.002664089 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.003020048 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.003106117 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.003118992 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.019015074 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:04.019165039 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:04.019782066 CEST65282443192.168.2.535.190.80.1
              Oct 3, 2024 15:13:04.019800901 CEST4436528235.190.80.1192.168.2.5
              Oct 3, 2024 15:13:04.154201984 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.154285908 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.158318996 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.158333063 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.158668995 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.161843061 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.161956072 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.161962986 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.162060022 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.191416979 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.191503048 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.200936079 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.200954914 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.201713085 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.203434944 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.205089092 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.205387115 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.205394030 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.205692053 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.247425079 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.342397928 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.342734098 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.343038082 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.343039036 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.385690928 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.386090040 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.386162996 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.386526108 CEST65284443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.386543989 CEST4436528440.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.641493082 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.642514944 CEST65283443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:04.642582893 CEST4436528340.113.110.67192.168.2.5
              Oct 3, 2024 15:13:04.655019999 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.655046940 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.656627893 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.656698942 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.665730953 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.665844917 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.720612049 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:04.720645905 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:04.771442890 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:10.793615103 CEST65290443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:10.793672085 CEST4436529023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:10.793747902 CEST65290443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:10.793893099 CEST49710443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:10.793893099 CEST49710443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:10.793962955 CEST65290443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:10.793977022 CEST4436529023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:10.798841953 CEST4434971023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:10.798873901 CEST4434971023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:11.393399000 CEST4436529023.1.237.91192.168.2.5
              Oct 3, 2024 15:13:11.393515110 CEST65290443192.168.2.523.1.237.91
              Oct 3, 2024 15:13:13.668469906 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.668576956 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:13.668994904 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.669734955 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.669774055 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:13.677248955 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.677294970 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:13.677428961 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.678139925 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:13.678155899 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.453677893 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.453805923 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.456341982 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.456352949 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.456679106 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.458434105 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.458790064 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.458796978 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.458960056 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.482629061 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.482717991 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.485157013 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.485166073 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.485510111 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.487883091 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.488022089 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.488028049 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.488348007 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.503403902 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.535399914 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.544886112 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:14.544956923 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:14.545212030 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:14.629926920 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.630287886 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.630431890 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.630800962 CEST65291443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.630821943 CEST4436529140.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.664268970 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.665010929 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.665097952 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.665580988 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:14.665605068 CEST4436529240.113.110.67192.168.2.5
              Oct 3, 2024 15:13:14.665615082 CEST65292443192.168.2.540.113.110.67
              Oct 3, 2024 15:13:15.916187048 CEST65285443192.168.2.5172.217.18.4
              Oct 3, 2024 15:13:15.916213036 CEST44365285172.217.18.4192.168.2.5
              Oct 3, 2024 15:13:16.751895905 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:16.752068043 CEST44365276172.66.40.100192.168.2.5
              Oct 3, 2024 15:13:16.752140999 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:17.851948023 CEST65276443192.168.2.5172.66.40.100
              Oct 3, 2024 15:13:17.851984024 CEST44365276172.66.40.100192.168.2.5

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 3, 2024 15:12:49.024467945 CEST53629371.1.1.1192.168.2.5
              Oct 3, 2024 15:12:59.727689981 CEST53614001.1.1.1192.168.2.5
              Oct 3, 2024 15:12:59.746706963 CEST53610201.1.1.1192.168.2.5
              Oct 3, 2024 15:13:00.733366966 CEST53594651.1.1.1192.168.2.5
              Oct 3, 2024 15:13:01.117820978 CEST5837153192.168.2.51.1.1.1
              Oct 3, 2024 15:13:01.118280888 CEST6270953192.168.2.51.1.1.1
              Oct 3, 2024 15:13:01.128607035 CEST53583711.1.1.1192.168.2.5
              Oct 3, 2024 15:13:01.159987926 CEST53627091.1.1.1192.168.2.5
              Oct 3, 2024 15:13:02.464174986 CEST5338153192.168.2.51.1.1.1
              Oct 3, 2024 15:13:02.464572906 CEST5133553192.168.2.51.1.1.1
              Oct 3, 2024 15:13:02.471110106 CEST53533811.1.1.1192.168.2.5
              Oct 3, 2024 15:13:02.471713066 CEST53513351.1.1.1192.168.2.5
              Oct 3, 2024 15:13:03.991173983 CEST6446053192.168.2.51.1.1.1
              Oct 3, 2024 15:13:03.991738081 CEST5401953192.168.2.51.1.1.1
              Oct 3, 2024 15:13:03.999300003 CEST53540191.1.1.1192.168.2.5
              Oct 3, 2024 15:13:03.999362946 CEST53644601.1.1.1192.168.2.5
              Oct 3, 2024 15:13:17.859536886 CEST53529221.1.1.1192.168.2.5

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 3, 2024 15:13:01.117820978 CEST192.168.2.51.1.1.10xb322Standard query (0)take.supersurvey.comA (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:01.118280888 CEST192.168.2.51.1.1.10x8458Standard query (0)take.supersurvey.com65IN (0x0001)false
              Oct 3, 2024 15:13:02.464174986 CEST192.168.2.51.1.1.10x1aeeStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:02.464572906 CEST192.168.2.51.1.1.10x958Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
              Oct 3, 2024 15:13:03.991173983 CEST192.168.2.51.1.1.10x64dbStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:03.991738081 CEST192.168.2.51.1.1.10x392cStandard query (0)www.google.com65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 3, 2024 15:13:01.128607035 CEST1.1.1.1192.168.2.50xb322No error (0)take.supersurvey.com172.66.40.100A (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:01.128607035 CEST1.1.1.1192.168.2.50xb322No error (0)take.supersurvey.com172.66.43.156A (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:01.159987926 CEST1.1.1.1192.168.2.50x8458No error (0)take.supersurvey.com65IN (0x0001)false
              Oct 3, 2024 15:13:02.471110106 CEST1.1.1.1192.168.2.50x1aeeNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:03.999300003 CEST1.1.1.1192.168.2.50x392cNo error (0)www.google.com65IN (0x0001)false
              Oct 3, 2024 15:13:03.999362946 CEST1.1.1.1192.168.2.50x64dbNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
              Oct 3, 2024 15:13:10.142906904 CEST1.1.1.1192.168.2.50xc5d5No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Oct 3, 2024 15:13:10.142906904 CEST1.1.1.1192.168.2.50xc5d5No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • login.live.com
              • take.supersurvey.com
              • a.nel.cloudflare.com

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination Port
              0192.168.2.54971820.190.159.4443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:48 UTC422OUTPOST /RST2.srf HTTP/1.0
              Connection: Keep-Alive
              Content-Type: application/soap+xml
              Accept: */*
              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
              Content-Length: 3592
              Host: login.live.com
              2024-10-03 13:12:48 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
              2024-10-03 13:12:48 UTC569INHTTP/1.1 200 OK
              Cache-Control: no-store, no-cache
              Pragma: no-cache
              Content-Type: application/soap+xml; charset=utf-8
              Expires: Thu, 03 Oct 2024 13:11:48 GMT
              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
              Referrer-Policy: strict-origin-when-cross-origin
              x-ms-route-info: C508_SN1
              x-ms-request-id: 1c3331fb-8621-4123-8443-f8702150166d
              PPServer: PPV: 30 H: SN1PEPF0002F922 V: 0
              X-Content-Type-Options: nosniff
              Strict-Transport-Security: max-age=31536000
              X-XSS-Protection: 1; mode=block
              Date: Thu, 03 Oct 2024 13:12:48 GMT
              Connection: close
              Content-Length: 11389
              2024-10-03 13:12:48 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


              Session IDSource IPSource PortDestination IPDestination Port
              1192.168.2.54971920.190.159.4443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:49 UTC422OUTPOST /RST2.srf HTTP/1.0
              Connection: Keep-Alive
              Content-Type: application/soap+xml
              Accept: */*
              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
              Content-Length: 4694
              Host: login.live.com
              2024-10-03 13:12:49 UTC4694OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
              2024-10-03 13:12:50 UTC656INHTTP/1.1 200 OK
              Cache-Control: no-store, no-cache
              Pragma: no-cache
              Content-Type: application/soap+xml; charset=utf-8
              Expires: Thu, 03 Oct 2024 13:11:50 GMT
              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
              FdrTelemetry: &481=21&59=5&213=280810&215=0&315=1&215=0&315=1&214=30&288=16.0.30374.3
              Referrer-Policy: strict-origin-when-cross-origin
              x-ms-route-info: C508_SN1
              x-ms-request-id: 86f672a1-e78f-4439-80b2-77c179adbce9
              PPServer: PPV: 30 H: SN1PEPF0002F074 V: 0
              X-Content-Type-Options: nosniff
              Strict-Transport-Security: max-age=31536000
              X-XSS-Protection: 1; mode=block
              Date: Thu, 03 Oct 2024 13:12:49 GMT
              Connection: close
              Content-Length: 10901
              2024-10-03 13:12:50 UTC10901INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


              Session IDSource IPSource PortDestination IPDestination Port
              2192.168.2.56526740.113.103.199443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:50 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 35 48 30 51 5a 57 77 30 6b 4f 78 6a 7a 66 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 31 35 64 62 35 66 39 66 33 63 64 30 33 66 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: P5H0QZWw0kOxjzfk.1Context: e915db5f9f3cd03f
              2024-10-03 13:12:50 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:12:50 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 50 35 48 30 51 5a 57 77 30 6b 4f 78 6a 7a 66 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 31 35 64 62 35 66 39 66 33 63 64 30 33 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: P5H0QZWw0kOxjzfk.2Context: e915db5f9f3cd03f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdD
              2024-10-03 13:12:50 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 50 35 48 30 51 5a 57 77 30 6b 4f 78 6a 7a 66 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 31 35 64 62 35 66 39 66 33 63 64 30 33 66 0d 0a 0d 0a
              Data Ascii: BND 3 CON\QOS 56MS-CV: P5H0QZWw0kOxjzfk.3Context: e915db5f9f3cd03f
              2024-10-03 13:12:51 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:12:51 UTC58INData Raw: 4d 53 2d 43 56 3a 20 43 55 63 49 70 54 30 47 71 45 65 4d 37 73 68 7a 74 48 39 33 77 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: CUcIpT0GqEeM7shztH93ww.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              3192.168.2.56526820.190.159.4443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:51 UTC422OUTPOST /RST2.srf HTTP/1.0
              Connection: Keep-Alive
              Content-Type: application/soap+xml
              Accept: */*
              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
              Content-Length: 3592
              Host: login.live.com
              2024-10-03 13:12:51 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
              2024-10-03 13:12:51 UTC653INHTTP/1.1 200 OK
              Cache-Control: no-store, no-cache
              Pragma: no-cache
              Content-Type: application/soap+xml; charset=utf-8
              Expires: Thu, 03 Oct 2024 13:11:51 GMT
              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
              FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30374.3
              Referrer-Policy: strict-origin-when-cross-origin
              x-ms-route-info: C508_SN1
              x-ms-request-id: 4f242a65-1620-4342-9c59-a0b7970447ad
              PPServer: PPV: 30 H: SN1PEPF0002F06B V: 0
              X-Content-Type-Options: nosniff
              Strict-Transport-Security: max-age=31536000
              X-XSS-Protection: 1; mode=block
              Date: Thu, 03 Oct 2024 13:12:51 GMT
              Connection: close
              Content-Length: 11389
              2024-10-03 13:12:51 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


              Session IDSource IPSource PortDestination IPDestination Port
              4192.168.2.56526940.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:59 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 73 4a 67 75 6b 48 56 75 57 30 47 6c 33 72 7a 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 62 39 64 63 65 39 62 34 64 38 39 66 62 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 304MS-CV: sJgukHVuW0Gl3rzf.1Context: ddb9dce9b4d89fb
              2024-10-03 13:12:59 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:12:59 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 73 4a 67 75 6b 48 56 75 57 30 47 6c 33 72 7a 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 62 39 64 63 65 39 62 34 64 38 39 66 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44 72
              Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: sJgukHVuW0Gl3rzf.2Context: ddb9dce9b4d89fb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdDr
              2024-10-03 13:12:59 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 73 4a 67 75 6b 48 56 75 57 30 47 6c 33 72 7a 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 62 39 64 63 65 39 62 34 64 38 39 66 62 0d 0a 0d 0a
              Data Ascii: BND 3 CON\QOS 55MS-CV: sJgukHVuW0Gl3rzf.3Context: ddb9dce9b4d89fb
              2024-10-03 13:12:59 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:12:59 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 72 38 57 77 41 2b 48 48 6b 2b 32 6a 47 33 37 2f 72 75 62 51 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: 2r8WwA+HHk+2jG37/rubQg.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              5192.168.2.56527040.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:12:59 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 66 31 4a 52 4a 7a 4e 79 45 53 67 6e 50 6c 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 35 32 30 65 39 33 63 33 39 31 65 64 66 63 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: Tf1JRJzNyESgnPlq.1Context: 62520e93c391edfc
              2024-10-03 13:12:59 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:12:59 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 66 31 4a 52 4a 7a 4e 79 45 53 67 6e 50 6c 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 35 32 30 65 39 33 63 33 39 31 65 64 66 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Tf1JRJzNyESgnPlq.2Context: 62520e93c391edfc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdD
              2024-10-03 13:12:59 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 66 31 4a 52 4a 7a 4e 79 45 53 67 6e 50 6c 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 35 32 30 65 39 33 63 33 39 31 65 64 66 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: Tf1JRJzNyESgnPlq.3Context: 62520e93c391edfc<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-10-03 13:12:59 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:12:59 UTC58INData Raw: 4d 53 2d 43 56 3a 20 70 6e 52 35 58 44 44 56 69 6b 32 6c 56 4b 69 6a 57 49 72 6d 54 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: pnR5XDDVik2lVKijWIrmTA.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.565277172.66.40.1004434752C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:02 UTC674OUTGET /Q6RX6UV5H/* HTTP/1.1
              Host: take.supersurvey.com
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-10-03 13:13:02 UTC539INHTTP/1.1 404 Not Found
              Date: Thu, 03 Oct 2024 13:13:02 GMT
              Content-Length: 0
              Connection: close
              x-powered-by: ASP.NET
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvS8k4QRwyrIFJ8hRZ2acI7gWOPZ%2FwOgp6g%2FfM%2BZUECGINIbwqxG89fNaDfD4n2c4jOeCs23KFKfIK7oxVZC%2F%2FpmJkx82re0507%2BXzsCGF%2FcrqAwoDQiaHwP5KisLu049%2Bvv7%2BYE"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8ccd2fece9138ce8-EWR


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.56527935.190.80.14434752C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:03 UTC555OUTOPTIONS /report/v4?s=rvS8k4QRwyrIFJ8hRZ2acI7gWOPZ%2FwOgp6g%2FfM%2BZUECGINIbwqxG89fNaDfD4n2c4jOeCs23KFKfIK7oxVZC%2F%2FpmJkx82re0507%2BXzsCGF%2FcrqAwoDQiaHwP5KisLu049%2Bvv7%2BYE HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Origin: https://take.supersurvey.com
              Access-Control-Request-Method: POST
              Access-Control-Request-Headers: content-type
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-10-03 13:13:03 UTC336INHTTP/1.1 200 OK
              Content-Length: 0
              access-control-max-age: 86400
              access-control-allow-methods: OPTIONS, POST
              access-control-allow-origin: *
              access-control-allow-headers: content-length, content-type
              date: Thu, 03 Oct 2024 13:13:02 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              8192.168.2.56528235.190.80.14434752C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:03 UTC492OUTPOST /report/v4?s=rvS8k4QRwyrIFJ8hRZ2acI7gWOPZ%2FwOgp6g%2FfM%2BZUECGINIbwqxG89fNaDfD4n2c4jOeCs23KFKfIK7oxVZC%2F%2FpmJkx82re0507%2BXzsCGF%2FcrqAwoDQiaHwP5KisLu049%2Bvv7%2BYE HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Content-Length: 402
              Content-Type: application/reports+json
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-10-03 13:13:03 UTC402OUTData Raw: 5b 7b 22 61 67 65 22 3a 34 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 38 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 36 2e 34 30 2e 31 30 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 61 6b 65 2e 73 75 70 65 72 73 75 72 76 65
              Data Ascii: [{"age":4,"body":{"elapsed_time":1081,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.66.40.100","status_code":404,"type":"http.error"},"type":"network-error","url":"https://take.supersurve
              2024-10-03 13:13:04 UTC168INHTTP/1.1 200 OK
              Content-Length: 0
              date: Thu, 03 Oct 2024 13:13:03 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Session IDSource IPSource PortDestination IPDestination Port
              9192.168.2.56528340.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:04 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 32 4c 63 73 75 55 6a 51 75 45 4b 37 79 35 7a 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 31 65 66 32 33 38 64 30 62 34 31 31 65 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 304MS-CV: 2LcsuUjQuEK7y5zT.1Context: 1a1ef238d0b411e
              2024-10-03 13:13:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:13:04 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 32 4c 63 73 75 55 6a 51 75 45 4b 37 79 35 7a 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 31 65 66 32 33 38 64 30 62 34 31 31 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44 72
              Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: 2LcsuUjQuEK7y5zT.2Context: 1a1ef238d0b411e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdDr
              2024-10-03 13:13:04 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 32 4c 63 73 75 55 6a 51 75 45 4b 37 79 35 7a 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 31 65 66 32 33 38 64 30 62 34 31 31 65 0d 0a 0d 0a
              Data Ascii: BND 3 CON\QOS 55MS-CV: 2LcsuUjQuEK7y5zT.3Context: 1a1ef238d0b411e
              2024-10-03 13:13:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:13:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 68 65 4d 68 48 52 41 42 7a 6b 71 79 42 37 6e 77 59 47 4c 77 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: heMhHRABzkqyB7nwYGLwsQ.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              10192.168.2.56528440.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:04 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 45 46 75 36 43 62 5a 74 6b 79 6e 55 70 54 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 31 32 34 32 64 61 37 35 38 36 39 39 66 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: dEFu6CbZtkynUpTG.1Context: 66b1242da758699f
              2024-10-03 13:13:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:13:04 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 64 45 46 75 36 43 62 5a 74 6b 79 6e 55 70 54 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 31 32 34 32 64 61 37 35 38 36 39 39 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: dEFu6CbZtkynUpTG.2Context: 66b1242da758699f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdD
              2024-10-03 13:13:04 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 45 46 75 36 43 62 5a 74 6b 79 6e 55 70 54 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 62 31 32 34 32 64 61 37 35 38 36 39 39 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: dEFu6CbZtkynUpTG.3Context: 66b1242da758699f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-10-03 13:13:04 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:13:04 UTC58INData Raw: 4d 53 2d 43 56 3a 20 36 65 33 48 35 68 67 58 63 6b 69 61 66 4d 35 73 41 6d 38 34 4b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: 6e3H5hgXckiafM5sAm84KA.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              11192.168.2.56529140.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 58 59 55 6a 71 36 70 37 30 79 4e 76 74 41 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 61 32 31 33 31 30 36 35 37 38 35 32 63 61 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: NXYUjq6p70yNvtA6.1Context: 50a21310657852ca
              2024-10-03 13:13:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:13:14 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 58 59 55 6a 71 36 70 37 30 79 4e 76 74 41 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 61 32 31 33 31 30 36 35 37 38 35 32 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NXYUjq6p70yNvtA6.2Context: 50a21310657852ca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdD
              2024-10-03 13:13:14 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4e 58 59 55 6a 71 36 70 37 30 79 4e 76 74 41 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 61 32 31 33 31 30 36 35 37 38 35 32 63 61 0d 0a 0d 0a
              Data Ascii: BND 3 CON\QOS 56MS-CV: NXYUjq6p70yNvtA6.3Context: 50a21310657852ca
              2024-10-03 13:13:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:13:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6a 62 35 49 46 34 52 4c 50 6b 71 76 69 4b 67 65 36 55 77 69 45 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: jb5IF4RLPkqviKge6UwiEQ.0Payload parsing failed.


              Session IDSource IPSource PortDestination IPDestination Port
              12192.168.2.56529240.113.110.67443
              TimestampBytes transferredDirectionData
              2024-10-03 13:13:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 38 39 75 69 37 4e 4d 4a 45 75 79 68 59 73 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 36 65 37 61 66 38 34 31 34 63 64 65 65 37 0d 0a 0d 0a
              Data Ascii: CNT 1 CON 305MS-CV: n89ui7NMJEuyhYsT.1Context: cc6e7af8414cdee7
              2024-10-03 13:13:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
              Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
              2024-10-03 13:13:14 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 38 39 75 69 37 4e 4d 4a 45 75 79 68 59 73 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 36 65 37 61 66 38 34 31 34 63 64 65 65 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 69 62 42 4d 64 30 58 4e 65 2f 51 64 74 30 58 7a 51 57 46 2b 6f 6f 49 43 54 52 4d 49 47 7a 41 30 6d 35 6c 34 77 45 41 31 72 77 63 39 7a 54 6e 67 63 51 73 74 35 4d 4b 58 6b 38 52 44 69 7a 52 2f 76 6e 49 55 4a 6a 57 69 47 50 6a 39 6d 6a 71 2f 59 75 72 34 51 45 59 56 65 47 76 67 41 68 4c 52 59 52 33 49 71 41 70 75 55 4e 64 44
              Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: n89ui7NMJEuyhYsT.2Context: cc6e7af8414cdee7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbibBMd0XNe/Qdt0XzQWF+ooICTRMIGzA0m5l4wEA1rwc9zTngcQst5MKXk8RDizR/vnIUJjWiGPj9mjq/Yur4QEYVeGvgAhLRYR3IqApuUNdD
              2024-10-03 13:13:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 38 39 75 69 37 4e 4d 4a 45 75 79 68 59 73 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 63 36 65 37 61 66 38 34 31 34 63 64 65 65 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
              Data Ascii: BND 3 CON\WNS 0 197MS-CV: n89ui7NMJEuyhYsT.3Context: cc6e7af8414cdee7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
              2024-10-03 13:13:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
              Data Ascii: 202 1 CON 58
              2024-10-03 13:13:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 7a 4b 55 2f 34 2b 79 41 79 55 57 57 37 50 75 4b 66 2b 70 2b 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
              Data Ascii: MS-CV: zKU/4+yAyUWW7PuKf+p+Vw.0Payload parsing failed.


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:09:12:51
              Start date:03/10/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:09:12:57
              Start date:03/10/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2000,i,14063492633837651287,242067405089379618,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:09:12:59
              Start date:03/10/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://take.supersurvey.com/Q6RX6UV5H/*"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly