Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=

Overview

General Information

Sample URL:https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2gua
Analysis ID:1426757
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
HTTP GET or POST without a user agent
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1992,i,890557561073113856,7788657320205780345,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:04/16/24-15:28:34.842464
SID:2811577
Source Port:53
Destination Port:63384
Protocol:UDP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: splendidanimations.comVirustotal: Detection: 5%Perma Link
Source: rnindk.comVirustotal: Detection: 13%Perma Link
Multi AV Scanner detection for submitted file
Source: https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=Virustotal: Detection: 8%Perma Link
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2811577 ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com) 1.1.1.1:53 -> 192.168.2.17:63384
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: global trafficHTTP traffic detected: GET /campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ= HTTP/1.1Host: tracker.club-os.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ= HTTP/1.1Host: splendidanimations.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: splendidanimations.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://splendidanimations.com/@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=v8Vt6bO+Vf97ZAz&MD=EYdXYgso HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWtA4VCaY/GibGeuZLLnYeKvaiICHPX7T9eywC88CdWaPWiMf5Xzh7qm9bdrutSntIP1wDs99GXKPhAG6P30nEmIGXUs8HfOR4ntWBI2VRaYczHDRNQiRKFgmLCCdgUuIn6zwUocMpDFwK6SkEg0Wvte4Lt63fYGg7uQHC/wOjFsR6WxqtInY8QmrnKbr33DnuPfuCWDSd4ltkhCED/7JMDewNL/PE87H6ZudnVYCTkMv9fzWn2Koc%2Btj4AJSA/sMxZ7kgSlwKa%2B8O8fmXlz9TRBtZBLNvhxe2/1KzYLqnq6U5use3TZ20UHtpilB6IPpOvPQnN4kvXwtvNCORiJqjQDZgAACPa93WAAMeMEqAGynKubWlWZuHMHl7fAZuPjQUx%2BEoto/AX1ntt7vH7cSEXIIr67Jqhv3nCVfPn3ZVUJAIZftkht5Cbh/dhggzOd0xV9sHPUWkGCIkvfGsd/673KuPuiacGrklACMHbVcNM%2Bur%2Be3H7la7T8gvq0W5by2jgMJz0R1tLvE1g6w6HPfutaw/KiXuCu66jgnA59l2Sk2f8NQZeM5L3aKxBN4K4XSmPqrvy5hbm56mSUgZdyQDdaNEI5ASzHx5HllmmRKZz%2BS4OcmVvJ1kKBckqiWvLuzzYmSruHHBNFwyLxCo2%2By6/dYHwE0EMaRlKt4W824h2Ef6KkgycempMxZaQsbH3%2Blysup4GQkbBAQeSa4CfITDxKvg2ZJMJ1ZSl9spD0xsgoEeuCdPYaGMPPk%2BdL1/8BJeVsmIgqYreTqsn%2Bg9GXMvxVhC9aZSAypKTJHkiK%2BYJ9sBUXB7kzvXZUC5tQPGl44hGIMQR0878m1/1/gXX40qj0VZdEBpz0JvYOoxYUuoygZha/8g1a6M8o0ipdcYvBBIjrDjz9SOMA%2BwuhcX9SB/1z%2B2Q7e8ON2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713274138User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 91034E343A784E81B23B6F193A69D2CAX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=v8Vt6bO+Vf97ZAz&MD=EYdXYgso HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: tracker.club-os.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.13:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: classification engineClassification label: mal64.win@22/8@31/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1992,i,890557561073113856,7788657320205780345,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1992,i,890557561073113856,7788657320205780345,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=9%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
splendidanimations.com5%VirustotalBrowse
rnindk.com13%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
splendidanimations.com
192.185.104.70
truefalseunknown
google.com
74.125.138.113
truefalse
    		high
    tracker.club-os.com
    		52.0.248.145
    		truefalse
      		high
      www.google.com
      		64.233.177.106
      		truefalse
        		high
        rnindk.com
        		unknown
        		unknownfalseunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://splendidanimations.com/favicon.icofalse
          		unknown
          https://splendidanimations.com/@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=false
            		unknown
            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
              		high
              https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=false
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                64.233.177.106
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                52.0.248.145
                		tracker.club-os.comUnited States
                		14618AMAZON-AESUSfalse
                192.185.104.70
                		splendidanimations.comUnited States
                		46606UNIFIEDLAYER-AS-1USfalse

                Private

                IP
                192.168.2.17

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1426757
                Start date and time:2024-04-16 15:28:03 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 3m 21s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:19
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal64.win@22/8@31/5
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 74.125.136.94, 64.233.185.113, 64.233.185.138, 64.233.185.100, 64.233.185.101, 64.233.185.139, 64.233.185.102, 64.233.176.84, 34.104.35.123, 23.40.205.59, 192.229.211.108, 74.125.138.94, 108.177.122.139, 108.177.122.101, 108.177.122.100, 108.177.122.113, 108.177.122.138, 108.177.122.102
                • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:28:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9897727364365974
                Encrypted:false
                SSDEEP:48:8oadwT17SLHZidAKZdA1JehwiZUklqeh3y+3:8oxkL8y
                MD5:42969BECB9FD07D49B4959013A5BB388
                SHA1:42B8FD120648D425CAAA71F1AC5C1733BF52450C
                SHA-256:55C08D1BBE2CC5A27C4394F6B9650C884F301227DEB4DF7223BC139D32B3D180
                SHA-512:A2B753F638879B688E4DAAC2A20A3F5B9E545DE15125B8C28249DD77649456080E678DFE3EC5A4A970F1DD712D24E09646FDADB184678D5A206BCB30C3F026C9
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:28:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):4.0039294903566605
                Encrypted:false
                SSDEEP:48:89adwT17SLHZidAKZdA10eh/iZUkAQkqehsy+2:89xkp9Qly
                MD5:AFE39CBC5CC9661C3516AFA6B56193F4
                SHA1:76AB61066AD209C989963C7057691E1078E1109E
                SHA-256:BE123313261B937D21373E1D4A11F6EDFF6574AF6F9A7E4D55BC79A7523832A0
                SHA-512:BE6D9B892877AF023AD2A5D58F729BCFCAD87DEF43635FB8539A7A7DA62484883FB006E0336B7D3621A6E37559A4F68F03CCA4BECFAD45A2788040E4E3375FA2
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,....+...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2693
                Entropy (8bit):4.014370524082538
                Encrypted:false
                SSDEEP:48:8eadwT17SjHZidAKZdA14tIeh7sFiZUkmgqeh7syy+BX:8exkBngy
                MD5:5681DD8F3C498AB6C120001BE040A6B0
                SHA1:68A45638B67A397A857F5003D8E237F79F6079B0
                SHA-256:2CC90BB16594BD64A1848CEAD8C1AD9DE6567115F882876E8EBE99D381A66760
                SHA-512:E74FD406717066A2A7E2C9CA7A328045275565E8FD3F6EDEF716C8A288ECDC1F2D1C2B8903E094389ACDF86DB2950AC12EFCB5FA50F011175332CD6379451812
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:28:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):4.002585357763343
                Encrypted:false
                SSDEEP:48:8vadwT17SLHZidAKZdA1behDiZUkwqeh4y+R:8vxkaKy
                MD5:3F80F1E37F1AF0AB5D5215E2B22FC2E5
                SHA1:FFDEED54CDEE144CDA6C6D531EDAFB1EEB7DFA4A
                SHA-256:5FCC471A717D87600D4E703B95431EF61AB98B9F45025B057EDE2E2D5F21FF7B
                SHA-512:05A2A671AA00BA37E052EE2B726FE9A545A436D9CAC155FCA0C255620703D5AEB7385D3503168D35CDE86046510EE46A9ED6AE8C07084689BA31D598D386E17A
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:28:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):3.9912347068821656
                Encrypted:false
                SSDEEP:48:8KadwT17SLHZidAKZdA1VehBiZUk1W1qehmy+C:8Kxk69Gy
                MD5:22C6120A2301363CECF2F24244D77617
                SHA1:4E79FA93AE75F67713F0BA07329DA2C5BEF28500
                SHA-256:D1CB32727C82A4A4FE0A87227E4837D5330660D8786EF66A7F9609B7F49BE078
                SHA-512:05236C102AAAAF5F37A8B7C43792C87A165FCFA29872CFC55195870D505E0972C2AB985C10760139D3C0235FC998ECF19C879A99B2D5FE733EB92DB9ED75B0FB
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,.....U..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:28:33 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2683
                Entropy (8bit):4.001947341584915
                Encrypted:false
                SSDEEP:48:8madwT17SLHZidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbgy+yT+:8mxkoTTTbxWOvTbgy7T
                MD5:09BE9FE96FD1F90E73D6EAE5D17F140B
                SHA1:D6E8FEE91F4E71CC0A101EC2B23EB6D38D681187
                SHA-256:1DDB34B633EB6A6269F86334EF5295CA884CE11642B89EEFDEC0A4940D26B688
                SHA-512:F2298DF5CEAA410EBF0AFD10443735BCBDA5636FA8821B8D282BDC08658A4D97B80DF63FD56EE4DB75DECF00AACDA0C4DCA5E84BA842D1EB7D42ECBED9B74801
                Malicious:false
                Reputation:low
                Preview:L..................F.@.. ...$+.,....On..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 61

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (791)
                Category:downloaded
                Size (bytes):796
                Entropy (8bit):5.134685688831079
                Encrypted:false
                SSDEEP:24:Xb6RQCK96/eigLlBHslgT9lCuABuoB7HHHHHHHYqmffffffo:rRj6/eiglKlgZ01BuSEqmffffffo
                MD5:4DC4CAB6DE55B5075ACB59690045D126
                SHA1:97B56D19B7E1F0E50F5F18E0598C43FE5FFDB3F0
                SHA-256:CEEC1556D9C735976D085DA2D5EA807B8F8C92DFDCB986088DBEED519718BFB9
                SHA-512:521DDEAC2FF9B07B7FFD05B9A8E5A0AF4FCD6D74B66D79DB3F853529027145DE813EA1A92041C36493C2B83454DCF421515384B1C1FD354E538095C61CB0D7C4
                Malicious:false
                Reputation:low
                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                Preview:)]}'.["",["ncaa transfer portal football","fallout upgrade","key biscayne bridge traffic","dune part two streaming release date","severe weather tornadoes","frankie fidler basketball","sweet relief rewards monopoly go","shiba inu bitcoin halving"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                Static File Info

                No static file info

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                04/16/24-15:28:34.842464UDP2811577ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com)53633841.1.1.1192.168.2.17

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 16, 2024 15:28:32.181941032 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.181965113 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.182852983 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.182852983 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.182879925 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.183131933 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.183160067 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.183458090 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.184140921 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.184151888 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.429048061 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.429965019 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.429977894 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.431056023 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.431162119 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.432074070 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.432158947 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.432230949 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.432250977 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.432482004 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.432496071 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.433528900 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.433600903 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.434568882 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.434633017 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.476136923 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.477962017 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.477992058 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.478135109 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.478151083 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.526077032 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.526079893 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.668385029 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.668489933 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.668545008 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.668935061 CEST49700443192.168.2.1752.0.248.145
                Apr 16, 2024 15:28:32.668948889 CEST4434970052.0.248.145192.168.2.17
                Apr 16, 2024 15:28:32.836875916 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:32.836922884 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:32.836981058 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:32.837421894 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:32.837440968 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.056493998 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.056773901 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.056804895 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.057874918 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.057940006 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.059190035 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.059273005 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.059407949 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.059422016 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.099925995 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.408565998 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.408655882 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.408782959 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.409492970 CEST49704443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.409524918 CEST44349704192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.457962990 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.458013058 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.458156109 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.460131884 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.460156918 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.675180912 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.675993919 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.676012993 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.676358938 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.676862955 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.676862955 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.676884890 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.676930904 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.720941067 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.724788904 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:33.724886894 CEST44349705192.185.104.70192.168.2.17
                Apr 16, 2024 15:28:33.724951982 CEST49705443192.168.2.17192.185.104.70
                Apr 16, 2024 15:28:34.595983982 CEST49678443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:34.595989943 CEST49677443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:34.595994949 CEST49676443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:36.919253111 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:36.919301033 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:36.919363976 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:36.919595957 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:36.919608116 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.141052008 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.141446114 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:37.141458035 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.142698050 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.142776966 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:37.143902063 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:37.143969059 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.195004940 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:37.195022106 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:37.242980003 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:41.708493948 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:41.756118059 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:41.845032930 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:41.845068932 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:41.845134974 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:41.845150948 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:41.848344088 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:41.848437071 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:41.848491907 CEST49707443192.168.2.1764.233.177.106
                Apr 16, 2024 15:28:41.848511934 CEST4434970764.233.177.106192.168.2.17
                Apr 16, 2024 15:28:44.894890070 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:44.894936085 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:44.895045996 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:44.896804094 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:44.896816969 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.292439938 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.292587042 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.296097040 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.296113014 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.296365976 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.351965904 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.356378078 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.404114008 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.664982080 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665005922 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665013075 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665041924 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665065050 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665076971 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665106058 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.665106058 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.665123940 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665133953 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665153027 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.665160894 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.665221930 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.665221930 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.678355932 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.678356886 CEST49710443192.168.2.1713.85.23.86
                Apr 16, 2024 15:28:45.678375006 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.678383112 CEST4434971013.85.23.86192.168.2.17
                Apr 16, 2024 15:28:45.906327009 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:45.956841946 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.060909986 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.062197924 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.062243938 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.062308073 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.062308073 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.063216925 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.063334942 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.063400030 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.063646078 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.063796043 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.167134047 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.167174101 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.167290926 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.167577982 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.167610884 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.167917013 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.168087959 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.208975077 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:46.272064924 CEST44349690204.79.197.200192.168.2.17
                Apr 16, 2024 15:28:46.272474051 CEST49690443192.168.2.17204.79.197.200
                Apr 16, 2024 15:28:46.815996885 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:48.030977964 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:48.137104988 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.137144089 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.137218952 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.138431072 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.138443947 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.354161978 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.354254007 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.356892109 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.356904030 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.357151031 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.394221067 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.436121941 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.557106018 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.557274103 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.557349920 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.557349920 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.557349920 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.557390928 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.593147993 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.593184948 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.593272924 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.593512058 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.593527079 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.806477070 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.806550026 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.807811975 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.807821035 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.808064938 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.809246063 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.856118917 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:48.861057997 CEST49713443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:48.861090899 CEST44349713184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:49.020025015 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:49.020116091 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:49.020198107 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:49.020992041 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:49.021013021 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:49.021022081 CEST49714443192.168.2.17184.31.62.93
                Apr 16, 2024 15:28:49.021028042 CEST44349714184.31.62.93192.168.2.17
                Apr 16, 2024 15:28:50.067595959 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:50.370094061 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:50.434005022 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:50.976978064 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:52.185509920 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:54.596060038 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:55.235178947 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:28:59.399101019 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:28:59.541476011 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:28:59.541563988 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:28:59.541678905 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:28:59.542632103 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:28:59.542644024 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:28:59.726413012 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:28:59.726461887 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:28:59.726547956 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:28:59.756330967 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:28:59.756357908 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:28:59.957659006 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:28:59.957760096 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.001616001 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.001658916 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.002648115 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.003998041 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.004049063 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.004069090 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.093796968 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.093877077 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.096687078 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.096709967 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.097007036 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.140336037 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.184123993 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.267955065 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268130064 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268204927 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.268218994 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268245935 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268399954 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268445015 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.268471003 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268554926 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268641949 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.268651009 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268718004 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.268804073 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.275145054 CEST49716443192.168.2.1713.107.5.88
                Apr 16, 2024 15:29:00.275171995 CEST4434971613.107.5.88192.168.2.17
                Apr 16, 2024 15:29:00.292289972 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292324066 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292372942 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292392969 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.292407990 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292418003 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.292443991 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292484999 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.292854071 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.292871952 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.292881966 CEST49715443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.292886972 CEST4434971540.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.355325937 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.355362892 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.355515957 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.355726957 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.355739117 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.743612051 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.743691921 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.752855062 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.752885103 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.753325939 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:00.753810883 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.753839970 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:00.753858089 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.043554068 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.043617010 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.043780088 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.043785095 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.043838978 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.043862104 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.043865919 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.044029951 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.044051886 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.044070005 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.044081926 CEST49717443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.044086933 CEST4434971740.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.089577913 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.089626074 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.089719057 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.089946985 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.089960098 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.490989923 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.491578102 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.491600037 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.492352009 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.492352009 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.492362022 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.492378950 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.770593882 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.770622969 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.770680904 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.770694971 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.770710945 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.771188021 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.771188021 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.771498919 CEST49718443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.771532059 CEST4434971840.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.823764086 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.823812008 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:01.823899031 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.824068069 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:01.824079990 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.222192049 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.222744942 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.222769976 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.223572969 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.223578930 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.223640919 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.223648071 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.495723963 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.495785952 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.495839119 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.495853901 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.495871067 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.495896101 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.495975018 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.496033907 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.496253014 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.496269941 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.496280909 CEST49719443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.496287107 CEST4434971940.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.541074991 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.541115046 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.541208029 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.541358948 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.541372061 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.931454897 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.932064056 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.932137966 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.932792902 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.932809114 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:02.932858944 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:02.932877064 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201241970 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201276064 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201309919 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201342106 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:03.201370955 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201383114 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:03.201386929 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201436996 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:03.201745987 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:03.201761007 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.201770067 CEST49720443192.168.2.1740.126.29.13
                Apr 16, 2024 15:29:03.201775074 CEST4434972040.126.29.13192.168.2.17
                Apr 16, 2024 15:29:03.405886889 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.405926943 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.407953024 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.407953024 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.407979012 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.741262913 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.741415024 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.742356062 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.742486954 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.784177065 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.784240007 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.784805059 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:03.784984112 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.784984112 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:03.785048962 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.023551941 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.023607969 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.023649931 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:04.023667097 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.023691893 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:04.023792028 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.023818970 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:04.024019957 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:04.027218103 CEST49721443192.168.2.1713.107.21.200
                Apr 16, 2024 15:29:04.027236938 CEST4434972113.107.21.200192.168.2.17
                Apr 16, 2024 15:29:04.842143059 CEST49675443192.168.2.17204.79.197.203
                Apr 16, 2024 15:29:09.010082960 CEST49680443192.168.2.1720.189.173.13
                Apr 16, 2024 15:29:17.483084917 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:29:17.483099937 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:29:22.114779949 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.114866972 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.114993095 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.115338087 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.115359068 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.510217905 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.510396004 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.511971951 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.511997938 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.512490034 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.513632059 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.560112000 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884524107 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884557009 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884577990 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884680033 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.884699106 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884722948 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.884773016 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.888482094 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.888493061 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:22.888513088 CEST49722443192.168.2.1713.85.23.86
                Apr 16, 2024 15:29:22.888518095 CEST4434972213.85.23.86192.168.2.17
                Apr 16, 2024 15:29:32.419737101 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:29:32.419909954 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:29:32.419987917 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:29:34.306765079 CEST49701443192.168.2.1752.0.248.145
                Apr 16, 2024 15:29:34.306793928 CEST4434970152.0.248.145192.168.2.17
                Apr 16, 2024 15:29:36.876359940 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:36.876394987 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:36.876507044 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:36.876785040 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:36.876804113 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:37.096070051 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:37.096550941 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:37.096616983 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:37.097769976 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:37.098113060 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:37.098314047 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:37.147325039 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:47.101543903 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:47.101655006 CEST4434972464.233.177.106192.168.2.17
                Apr 16, 2024 15:29:47.101754904 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:48.304713964 CEST49724443192.168.2.1764.233.177.106
                Apr 16, 2024 15:29:48.304750919 CEST4434972464.233.177.106192.168.2.17

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 16, 2024 15:28:32.073951006 CEST5166753192.168.2.171.1.1.1
                Apr 16, 2024 15:28:32.073951006 CEST4937953192.168.2.171.1.1.1
                Apr 16, 2024 15:28:32.153842926 CEST53585621.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.180602074 CEST53516671.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.181351900 CEST53493791.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.203524113 CEST53587461.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.675956011 CEST6234453192.168.2.171.1.1.1
                Apr 16, 2024 15:28:32.675992012 CEST5895753192.168.2.171.1.1.1
                Apr 16, 2024 15:28:32.782993078 CEST53589571.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.800143003 CEST53645401.1.1.1192.168.2.17
                Apr 16, 2024 15:28:32.836282015 CEST53623441.1.1.1192.168.2.17
                Apr 16, 2024 15:28:33.456132889 CEST5739353192.168.2.171.1.1.1
                Apr 16, 2024 15:28:33.456268072 CEST5842153192.168.2.171.1.1.1
                Apr 16, 2024 15:28:33.563683033 CEST53573931.1.1.1192.168.2.17
                Apr 16, 2024 15:28:33.577183962 CEST53584211.1.1.1192.168.2.17
                Apr 16, 2024 15:28:33.578159094 CEST4925253192.168.2.171.1.1.1
                Apr 16, 2024 15:28:33.698518991 CEST53492521.1.1.1192.168.2.17
                Apr 16, 2024 15:28:33.724133968 CEST6360853192.168.2.178.8.8.8
                Apr 16, 2024 15:28:33.724152088 CEST6478853192.168.2.171.1.1.1
                Apr 16, 2024 15:28:33.829222918 CEST53647881.1.1.1192.168.2.17
                Apr 16, 2024 15:28:33.834198952 CEST53636088.8.8.8192.168.2.17
                Apr 16, 2024 15:28:34.734628916 CEST5592953192.168.2.171.1.1.1
                Apr 16, 2024 15:28:34.734891891 CEST6338453192.168.2.171.1.1.1
                Apr 16, 2024 15:28:34.842241049 CEST53559291.1.1.1192.168.2.17
                Apr 16, 2024 15:28:34.842463970 CEST53633841.1.1.1192.168.2.17
                Apr 16, 2024 15:28:36.813409090 CEST6441453192.168.2.171.1.1.1
                Apr 16, 2024 15:28:36.813409090 CEST6092553192.168.2.171.1.1.1
                Apr 16, 2024 15:28:36.917722940 CEST53609251.1.1.1192.168.2.17
                Apr 16, 2024 15:28:36.918215990 CEST53644141.1.1.1192.168.2.17
                Apr 16, 2024 15:28:39.865247965 CEST5697753192.168.2.171.1.1.1
                Apr 16, 2024 15:28:39.865247965 CEST6350553192.168.2.171.1.1.1
                Apr 16, 2024 15:28:39.984357119 CEST53569771.1.1.1192.168.2.17
                Apr 16, 2024 15:28:39.988097906 CEST53635051.1.1.1192.168.2.17
                Apr 16, 2024 15:28:39.988866091 CEST6065153192.168.2.171.1.1.1
                Apr 16, 2024 15:28:40.106633902 CEST53606511.1.1.1192.168.2.17
                Apr 16, 2024 15:28:40.476946115 CEST6211753192.168.2.171.1.1.1
                Apr 16, 2024 15:28:40.477231026 CEST5767953192.168.2.171.1.1.1
                Apr 16, 2024 15:28:40.597074986 CEST53576791.1.1.1192.168.2.17
                Apr 16, 2024 15:28:40.599893093 CEST53621171.1.1.1192.168.2.17
                Apr 16, 2024 15:28:40.611627102 CEST6144753192.168.2.178.8.8.8
                Apr 16, 2024 15:28:40.611753941 CEST5071153192.168.2.171.1.1.1
                Apr 16, 2024 15:28:40.715933084 CEST53507111.1.1.1192.168.2.17
                Apr 16, 2024 15:28:40.720596075 CEST53614478.8.8.8192.168.2.17
                Apr 16, 2024 15:28:49.714497089 CEST53538731.1.1.1192.168.2.17
                Apr 16, 2024 15:29:08.539625883 CEST53495911.1.1.1192.168.2.17
                Apr 16, 2024 15:29:10.628607035 CEST6397153192.168.2.171.1.1.1
                Apr 16, 2024 15:29:10.629290104 CEST6130453192.168.2.171.1.1.1
                Apr 16, 2024 15:29:10.746130943 CEST53613041.1.1.1192.168.2.17
                Apr 16, 2024 15:29:10.754399061 CEST53639711.1.1.1192.168.2.17
                Apr 16, 2024 15:29:10.755047083 CEST4960553192.168.2.171.1.1.1
                Apr 16, 2024 15:29:10.860493898 CEST53496051.1.1.1192.168.2.17
                Apr 16, 2024 15:29:23.513070107 CEST5849153192.168.2.171.1.1.1
                Apr 16, 2024 15:29:23.639434099 CEST53584911.1.1.1192.168.2.17
                Apr 16, 2024 15:29:30.868871927 CEST53526031.1.1.1192.168.2.17
                Apr 16, 2024 15:29:32.131094933 CEST53504981.1.1.1192.168.2.17
                Apr 16, 2024 15:29:44.770207882 CEST5936653192.168.2.171.1.1.1
                Apr 16, 2024 15:29:44.890255928 CEST53593661.1.1.1192.168.2.17
                Apr 16, 2024 15:29:47.287271023 CEST138138192.168.2.17192.168.2.255
                Apr 16, 2024 15:30:00.110790014 CEST5241053192.168.2.171.1.1.1
                Apr 16, 2024 15:30:00.110974073 CEST5280953192.168.2.171.1.1.1
                Apr 16, 2024 15:30:00.219149113 CEST53528091.1.1.1192.168.2.17
                Apr 16, 2024 15:30:00.233000994 CEST53524101.1.1.1192.168.2.17
                Apr 16, 2024 15:30:00.233998060 CEST6520753192.168.2.171.1.1.1
                Apr 16, 2024 15:30:00.341770887 CEST53652071.1.1.1192.168.2.17
                Apr 16, 2024 15:30:00.352232933 CEST5936053192.168.2.171.1.1.1
                Apr 16, 2024 15:30:00.352715015 CEST5228953192.168.2.178.8.8.8
                Apr 16, 2024 15:30:00.412313938 CEST53595621.1.1.1192.168.2.17
                Apr 16, 2024 15:30:00.457392931 CEST53522898.8.8.8192.168.2.17
                Apr 16, 2024 15:30:00.457432032 CEST53593601.1.1.1192.168.2.17
                Apr 16, 2024 15:30:15.407161951 CEST6361153192.168.2.171.1.1.1
                Apr 16, 2024 15:30:15.512200117 CEST53636111.1.1.1192.168.2.17

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Apr 16, 2024 15:28:32.073951006 CEST192.168.2.171.1.1.10x45f8Standard query (0)tracker.club-os.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:32.073951006 CEST192.168.2.171.1.1.10x3b0fStandard query (0)tracker.club-os.com65IN (0x0001)false
                Apr 16, 2024 15:28:32.675956011 CEST192.168.2.171.1.1.10x8a52Standard query (0)splendidanimations.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:32.675992012 CEST192.168.2.171.1.1.10x3c47Standard query (0)splendidanimations.com65IN (0x0001)false
                Apr 16, 2024 15:28:33.456132889 CEST192.168.2.171.1.1.10xa9a8Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.456268072 CEST192.168.2.171.1.1.10x5b5aStandard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:28:33.578159094 CEST192.168.2.171.1.1.10x7ba7Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.724133968 CEST192.168.2.178.8.8.80x1360Standard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.724152088 CEST192.168.2.171.1.1.10xf33fStandard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:34.734628916 CEST192.168.2.171.1.1.10x2c86Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:34.734891891 CEST192.168.2.171.1.1.10x4071Standard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:28:36.813409090 CEST192.168.2.171.1.1.10x749dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.813409090 CEST192.168.2.171.1.1.10xc625Standard query (0)www.google.com65IN (0x0001)false
                Apr 16, 2024 15:28:39.865247965 CEST192.168.2.171.1.1.10x8bc9Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:39.865247965 CEST192.168.2.171.1.1.10xc9f7Standard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:28:39.988866091 CEST192.168.2.171.1.1.10xe2f7Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.476946115 CEST192.168.2.171.1.1.10xf7f5Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.477231026 CEST192.168.2.171.1.1.10xe30Standard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:28:40.611627102 CEST192.168.2.178.8.8.80xe0afStandard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.611753941 CEST192.168.2.171.1.1.10x1809Standard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:10.628607035 CEST192.168.2.171.1.1.10xefe0Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:10.629290104 CEST192.168.2.171.1.1.10xe6ddStandard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:29:10.755047083 CEST192.168.2.171.1.1.10x1a27Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:23.513070107 CEST192.168.2.171.1.1.10xf37cStandard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:44.770207882 CEST192.168.2.171.1.1.10x6eeeStandard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.110790014 CEST192.168.2.171.1.1.10x65d8Standard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.110974073 CEST192.168.2.171.1.1.10xc63Standard query (0)rnindk.com65IN (0x0001)false
                Apr 16, 2024 15:30:00.233998060 CEST192.168.2.171.1.1.10x8b8fStandard query (0)rnindk.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.352232933 CEST192.168.2.171.1.1.10xb20fStandard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.352715015 CEST192.168.2.178.8.8.80x36fcStandard query (0)google.comA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:15.407161951 CEST192.168.2.171.1.1.10xc264Standard query (0)rnindk.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Apr 16, 2024 15:28:32.180602074 CEST1.1.1.1192.168.2.170x45f8No error (0)tracker.club-os.com52.0.248.145A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:32.180602074 CEST1.1.1.1192.168.2.170x45f8No error (0)tracker.club-os.com54.166.130.75A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:32.180602074 CEST1.1.1.1192.168.2.170x45f8No error (0)tracker.club-os.com34.205.254.71A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:32.836282015 CEST1.1.1.1192.168.2.170x8a52No error (0)splendidanimations.com192.185.104.70A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.563683033 CEST1.1.1.1192.168.2.170xa9a8Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.577183962 CEST1.1.1.1192.168.2.170x5b5aName error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:28:33.698518991 CEST1.1.1.1192.168.2.170x7ba7Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.113A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.102A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.100A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.138A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.139A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.829222918 CEST1.1.1.1192.168.2.170xf33fNo error (0)google.com74.125.138.101A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:33.834198952 CEST8.8.8.8192.168.2.170x1360No error (0)google.com142.250.217.174A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:34.842241049 CEST1.1.1.1192.168.2.170x2c86Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:34.842463970 CEST1.1.1.1192.168.2.170x4071Name error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:28:36.917722940 CEST1.1.1.1192.168.2.170xc625No error (0)www.google.com65IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.106A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.105A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.104A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.103A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.147A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:36.918215990 CEST1.1.1.1192.168.2.170x749dNo error (0)www.google.com64.233.177.99A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:39.984357119 CEST1.1.1.1192.168.2.170x8bc9Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:39.988097906 CEST1.1.1.1192.168.2.170xc9f7Name error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:28:40.106633902 CEST1.1.1.1192.168.2.170xe2f7Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.597074986 CEST1.1.1.1192.168.2.170xe30Name error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:28:40.599893093 CEST1.1.1.1192.168.2.170xf7f5Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.138A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.113A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.139A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.102A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.100A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.715933084 CEST1.1.1.1192.168.2.170x1809No error (0)google.com74.125.136.101A (IP address)IN (0x0001)false
                Apr 16, 2024 15:28:40.720596075 CEST8.8.8.8192.168.2.170xe0afNo error (0)google.com142.250.217.174A (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:10.746130943 CEST1.1.1.1192.168.2.170xe6ddName error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:29:10.754399061 CEST1.1.1.1192.168.2.170xefe0Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:10.860493898 CEST1.1.1.1192.168.2.170x1a27Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:23.639434099 CEST1.1.1.1192.168.2.170xf37cName error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:29:44.890255928 CEST1.1.1.1192.168.2.170x6eeeName error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.219149113 CEST1.1.1.1192.168.2.170xc63Name error (3)rnindk.comnonenone65IN (0x0001)false
                Apr 16, 2024 15:30:00.233000994 CEST1.1.1.1192.168.2.170x65d8Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.341770887 CEST1.1.1.1192.168.2.170x8b8fName error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457392931 CEST8.8.8.8192.168.2.170x36fcNo error (0)google.com142.250.217.174A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.100A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.113A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.101A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.138A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.102A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:00.457432032 CEST1.1.1.1192.168.2.170xb20fNo error (0)google.com172.253.124.139A (IP address)IN (0x0001)false
                Apr 16, 2024 15:30:15.512200117 CEST1.1.1.1192.168.2.170xc264Name error (3)rnindk.comnonenoneA (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • tracker.club-os.com
                • splendidanimations.com
                • https:
                • www.google.com
                • slscr.update.microsoft.com
                • fs.microsoft.com
                • login.live.com
                • evoke-windowsservices-tas.msedge.net
                • www.bing.com

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.174970052.0.248.1454435464C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:32 UTC837OUTGET /campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ= HTTP/1.1
                Host: tracker.club-os.com
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-04-16 13:28:32 UTC257INHTTP/1.1 303
                Date: Tue, 16 Apr 2024 13:28:32 GMT
                Content-Length: 0
                Connection: close
                Server: Apache/2.4.57 () OpenSSL/1.0.2k-fips
                Location: http://splendidanimations.com/@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.1749704192.185.104.704435464C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:33 UTC742OUTGET /@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ= HTTP/1.1
                Host: splendidanimations.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-04-16 13:28:33 UTC242INHTTP/1.1 200 OK
                Date: Tue, 16 Apr 2024 13:28:33 GMT
                Server: Apache
                refresh: 0;url=https://rnindk.com/Tfabiano.benedetti@beantech.it
                Upgrade: h2,h2c
                Connection: Upgrade, close
                Content-Length: 0
                Content-Type: text/html; charset=UTF-8


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.1749705192.185.104.704435464C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:33 UTC677OUTGET /favicon.ico HTTP/1.1
                Host: splendidanimations.com
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                sec-ch-ua-platform: "Windows"
                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: image
                Referer: https://splendidanimations.com/@/Beantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                3192.168.2.174970764.233.177.1064435464C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:41 UTC621OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                Host: www.google.com
                Connection: keep-alive
                X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIksrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2024-04-16 13:28:41 UTC1703INHTTP/1.1 200 OK
                Date: Tue, 16 Apr 2024 13:28:41 GMT
                Pragma: no-cache
                Expires: -1
                Cache-Control: no-cache, must-revalidate
                Content-Type: text/javascript; charset=UTF-8
                Strict-Transport-Security: max-age=31536000
                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-FnLTaNvPqwAcczgzRez-sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                Accept-CH: Sec-CH-UA-Platform
                Accept-CH: Sec-CH-UA-Platform-Version
                Accept-CH: Sec-CH-UA-Full-Version
                Accept-CH: Sec-CH-UA-Arch
                Accept-CH: Sec-CH-UA-Model
                Accept-CH: Sec-CH-UA-Bitness
                Accept-CH: Sec-CH-UA-Full-Version-List
                Accept-CH: Sec-CH-UA-WoW64
                Permissions-Policy: unload=()
                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                Content-Disposition: attachment; filename="f.txt"
                Server: gws
                X-XSS-Protection: 0
                X-Frame-Options: SAMEORIGIN
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Accept-Ranges: none
                Vary: Accept-Encoding
                Connection: close
                Transfer-Encoding: chunked
                2024-04-16 13:28:41 UTC803INData Raw: 33 31 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 63 61 61 20 74 72 61 6e 73 66 65 72 20 70 6f 72 74 61 6c 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 66 61 6c 6c 6f 75 74 20 75 70 67 72 61 64 65 22 2c 22 6b 65 79 20 62 69 73 63 61 79 6e 65 20 62 72 69 64 67 65 20 74 72 61 66 66 69 63 22 2c 22 64 75 6e 65 20 70 61 72 74 20 74 77 6f 20 73 74 72 65 61 6d 69 6e 67 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 73 65 76 65 72 65 20 77 65 61 74 68 65 72 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 66 72 61 6e 6b 69 65 20 66 69 64 6c 65 72 20 62 61 73 6b 65 74 62 61 6c 6c 22 2c 22 73 77 65 65 74 20 72 65 6c 69 65 66 20 72 65 77 61 72 64 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 22 2c 22 73 68 69 62 61 20 69 6e 75 20 62 69 74 63 6f 69 6e 20 68 61 6c 76 69 6e 67 22 5d 2c 5b 22
                Data Ascii: 31c)]}'["",["ncaa transfer portal football","fallout upgrade","key biscayne bridge traffic","dune part two streaming release date","severe weather tornadoes","frankie fidler basketball","sweet relief rewards monopoly go","shiba inu bitcoin halving"],["
                2024-04-16 13:28:41 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                4192.168.2.174971013.85.23.86443
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:45 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=v8Vt6bO+Vf97ZAz&MD=EYdXYgso HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                Host: slscr.update.microsoft.com
                2024-04-16 13:28:45 UTC560INHTTP/1.1 200 OK
                Cache-Control: no-cache
                Pragma: no-cache
                Content-Type: application/octet-stream
                Expires: -1
                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                MS-CorrelationId: 1262d3a9-4755-4b70-b7aa-e62277a9c060
                MS-RequestId: 2601c0bf-d62f-4437-988f-33e74d875340
                MS-CV: faWqrJLQl0WugYpP.0
                X-Microsoft-SLSClientCache: 2880
                Content-Disposition: attachment; filename=environment.cab
                X-Content-Type-Options: nosniff
                Date: Tue, 16 Apr 2024 13:28:45 GMT
                Connection: close
                Content-Length: 24490
                2024-04-16 13:28:45 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                2024-04-16 13:28:45 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                5192.168.2.1749713184.31.62.93443
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:48 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-04-16 13:28:48 UTC468INHTTP/1.1 200 OK
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                Content-Type: application/octet-stream
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (chd/079C)
                X-CID: 11
                X-Ms-ApiVersion: Distribute 1.2
                X-Ms-Region: prod-eus2-z1
                Cache-Control: public, max-age=149731
                Date: Tue, 16 Apr 2024 13:28:48 GMT
                Connection: close
                X-CID: 2


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                6192.168.2.1749714184.31.62.93443
                TimestampBytes transferredDirectionData
                2024-04-16 13:28:48 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                Accept-Encoding: identity
                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                Range: bytes=0-2147483646
                User-Agent: Microsoft BITS/7.8
                Host: fs.microsoft.com
                2024-04-16 13:28:49 UTC805INHTTP/1.1 200 OK
                ApiVersion: Distribute 1.1
                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                Server: ECAcc (chd/0778)
                X-CID: 11
                X-CCC: US
                X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
                X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
                Content-Type: application/octet-stream
                X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                Cache-Control: public, max-age=149668
                Date: Tue, 16 Apr 2024 13:28:48 GMT
                Content-Length: 55
                Connection: close
                X-CID: 2
                2024-04-16 13:28:49 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                7192.168.2.174971540.126.29.13443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:00 UTC422OUTPOST /RST2.srf HTTP/1.0
                Connection: Keep-Alive
                Content-Type: application/soap+xml
                Accept: */*
                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                Content-Length: 3592
                Host: login.live.com
                2024-04-16 13:29:00 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                2024-04-16 13:29:00 UTC569INHTTP/1.1 200 OK
                Cache-Control: no-store, no-cache
                Pragma: no-cache
                Content-Type: application/soap+xml; charset=utf-8
                Expires: Tue, 16 Apr 2024 13:28:00 GMT
                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                Referrer-Policy: strict-origin-when-cross-origin
                x-ms-route-info: C529_SN1
                x-ms-request-id: 289b261b-ebf7-4a52-a33a-5e04272f6cc2
                PPServer: PPV: 30 H: SN1PEPF0002F997 V: 0
                X-Content-Type-Options: nosniff
                Strict-Transport-Security: max-age=31536000
                X-XSS-Protection: 1; mode=block
                Date: Tue, 16 Apr 2024 13:28:59 GMT
                Connection: close
                Content-Length: 11390
                2024-04-16 13:29:00 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                Session IDSource IPSource PortDestination IPDestination Port
                8192.168.2.174971613.107.5.88443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:00 UTC537OUTGET /ab HTTP/1.1
                Host: evoke-windowsservices-tas.msedge.net
                Cache-Control: no-store, no-cache
                X-PHOTOS-CALLERID: 9NMPJ99VJBWV
                X-EVOKE-RING:
                X-WINNEXT-RING: Public
                X-WINNEXT-TELEMETRYLEVEL: Basic
                X-WINNEXT-OSVERSION: 10.0.19045.0
                X-WINNEXT-APPVERSION: 1.23082.131.0
                X-WINNEXT-PLATFORM: Desktop
                X-WINNEXT-CANTAILOR: False
                X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
                X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
                If-None-Match: 2056388360_-1434155563
                Accept-Encoding: gzip, deflate, br
                2024-04-16 13:29:00 UTC439INHTTP/1.1 200 OK
                Content-Length: 7285
                Content-Type: application/json; charset=utf-8
                ETag: -1117563734_-1440397599
                Strict-Transport-Security: max-age=2592000
                X-Content-Type-Options: nosniff
                X-ExP-TrackingId: 4ce28d70-2a6d-446f-a482-67b8130a00ce
                X-Cache: CONFIG_NOCACHE
                X-MSEdge-Ref: Ref A: 4F0C3CCB6FF64624B95A614CEE3A07D3 Ref B: ATL331000106009 Ref C: 2024-04-16T13:29:00Z
                Date: Tue, 16 Apr 2024 13:28:59 GMT
                Connection: close
                2024-04-16 13:29:00 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 79 6f 63 33 37 32 31 22 2c 22 61 61 74 65 73 31 32 31 22 2c 22 79 6f 63 61 6c 38 33 30 22 2c 22 65 6d 70 72 6f 37 30 32 22 2c 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 79 6f 79 70 70 31 31 37 22 2c 22 79 6f 79 70 70 35 36 31 22 2c 22 79 6f 70 68 6f 31 35 36 22 2c 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 79 6f 72 65 6d 37 38 32 22 2c 22 79 6f 72 65 6d 33 32 35 22 2c 22 79 6f 72 6f 6d 39 33 39 22 2c 22 79 6f 79 70 70 36 33 38 22 2c 22 79 6f 61 61 6f 77 63 34 36 63 66 22 2c 22 79 6f 35 35 36 22 2c 22 79 6f 61 61 6f 32 36 37 22 2c 22 79 6f 70 72 69 32 35
                Data Ascii: {"Features":["highqualitycapturec","yoalw9801cf","yoc3721","aates121","yocal830","empro702","yonon248","contactsv2synconly","yoypp117","yoypp561","yopho156","ypromeless","yorem782","yorem325","yorom939","yoypp638","yoaaowc46cf","yo556","yoaao267","yopri25
                2024-04-16 13:29:00 UTC1024INData Raw: 2c 22 31 34 67 36 22 3a 22 61 61 74 65 73 31 32 31 22 2c 22 31 38 66 7a 22 3a 22 79 6f 63 61 6c 38 33 30 22 2c 22 31 68 6a 65 22 3a 22 65 6d 70 72 6f 37 30 32 22 2c 22 31 71 61 38 22 3a 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 31 77 6d 74 22 3a 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 32 69 77 6a 22 3a 22 79 6f 79 70 70 31 31 37 22 2c 22 32 6a 36 61 22 3a 22 79 6f 79 70 70 35 36 31 22 2c 22 32 6b 71 32 22 3a 22 79 6f 70 68 6f 31 35 36 22 2c 22 32 6c 61 64 22 3a 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 32 6f 63 64 22 3a 22 79 6f 72 65 6d 37 38 32 22 2c 22 32 72 65 6b 22 3a 22 79 6f 72 65 6d 33 32 35 22 2c 22 32 73 63 78 22 3a 22 79 6f 72 6f 6d 39 33 39 22 2c 22 32 74 70 33 22 3a 22 79 6f 79 70 70 36 33 38 22 2c 22 33 30 62 38 22 3a 22
                Data Ascii: ,"14g6":"aates121","18fz":"yocal830","1hje":"empro702","1qa8":"yonon248","1wmt":"contactsv2synconly","2iwj":"yoypp117","2j6a":"yoypp561","2kq2":"yopho156","2lad":"ypromeless","2ocd":"yorem782","2rek":"yorem325","2scx":"yorom939","2tp3":"yoypp638","30b8":"
                2024-04-16 13:29:00 UTC1024INData Raw: 32 36 34 22 2c 22 35 39 30 71 22 3a 22 34 61 33 30 64 34 35 35 22 2c 22 35 39 67 67 22 3a 22 32 69 32 68 65 31 31 38 22 2c 22 35 39 67 6a 22 3a 22 34 64 65 35 67 35 34 32 22 2c 22 35 39 76 7a 22 3a 22 62 65 63 34 34 37 35 37 22 2c 22 35 61 39 73 22 3a 22 39 38 34 65 39 37 37 34 22 2c 22 35 61 74 6b 22 3a 22 35 35 35 64 37 39 37 38 22 2c 22 35 62 61 74 22 3a 22 65 6a 66 34 36 37 39 35 22 2c 22 35 63 70 66 22 3a 22 34 39 62 34 67 31 33 33 22 2c 22 35 63 72 73 22 3a 22 33 62 66 39 67 38 35 35 22 2c 22 35 64 77 37 22 3a 22 69 34 37 62 65 31 37 38 22 2c 22 35 65 74 36 22 3a 22 32 34 38 66 61 31 38 36 22 2c 22 35 66 6c 32 22 3a 22 68 35 31 66 30 33 34 32 22 2c 22 35 66 79 6f 22 3a 22 68 64 65 31 67 32 36 37 22 2c 22 35 66 79 71 22 3a 22 34 6a 6a 66 62 37 36 38
                Data Ascii: 264","590q":"4a30d455","59gg":"2i2he118","59gj":"4de5g542","59vz":"bec44757","5a9s":"984e9774","5atk":"555d7978","5bat":"ejf46795","5cpf":"49b4g133","5crs":"3bf9g855","5dw7":"i47be178","5et6":"248fa186","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768
                2024-04-16 13:29:00 UTC1024INData Raw: 7d 7d 2c 7b 22 49 64 22 3a 22 59 6f 75 72 50 68 6f 6e 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 41 4f 57 43 34 36 22 3a 36 34 30 30 2c 22 41 41 4f 57 43 34 37 22 3a 37 34 30 30 2c 22 41 41 4f 57 43 36 31 22 3a 31 36 30 30 2c 22 41 41 4f 57 43 36 32 22 3a 32 36 30 30 2c 22 41 41 4f 57 43 36 33 22 3a 33 36 30 30 2c 22 41 69 72 70 6c 61 6e 65 4d 6f 64 65 53 74 61 74 75 73 22 3a 74 72 75 65 2c 22 41 75 74 6f 48 79 64 72 61 74 65 64 49 6d 61 67 65 73 43 6f 75 6e 74 22 3a 30 2c 22 43 61 6c 6c 69 6e 67 41 6c 74 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 45 76 65 6e 74 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 45 78 69 74 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 4f 53 53 65 72 76 69 63 69 6e 67 46 69
                Data Ascii: }},{"Id":"YourPhone","Parameters":{"AAOWC46":6400,"AAOWC47":7400,"AAOWC61":1600,"AAOWC62":2600,"AAOWC63":3600,"AirplaneModeStatus":true,"AutoHydratedImagesCount":0,"CallingAltBluetoothPairingEvent":true,"CallingExitConfirmation":true,"CallingOSServicingFi
                2024-04-16 13:29:00 UTC1024INData Raw: 3a 74 72 75 65 2c 22 49 73 41 75 74 68 56 32 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 4d 65 64 69 61 50 61 63 6b 43 68 65 63 6b 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 68 61 74 46 69 6c 74 65 72 54 6f 67 67 6c 65 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 73 65 6e 74 56 32 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 76 65 72 73 61 74 69 6f 6e 56 69 65 77 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 48 69 64 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 4d 75 74 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 50 69 6e 6e 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22
                Data Ascii: :true,"IsAuthV2Enabled":true,"MediaPackCheck":true,"MessagingChatFilterToggle":true,"MessagingConsentV2":true,"MessagingConversationView":true,"MessagingEnableHiding":true,"MessagingEnableMuting":true,"MessagingEnablePinning":true,"MessagingSearch":true,"
                2024-04-16 13:29:00 UTC1024INData Raw: 69 6e 67 54 6f 70 30 31 31 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 32 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 35 22 3a 74 72 75 65 2c 22 52 6f 6d 65 44 69 73 61 62 6c 65 64 22 3a 34 34 31 35 30 33 2c 22 53 65 63 75 72 65 43 6f 6e 74 65 6e 74 22 3a 74 72 75 65 2c 22 53 68 65 6c 6c 45 78 74 65 6e 64 65 64 4c 65 66 74 50 61 6e 65 22 3a 74 72 75 65 2c 22 54 65 73 74 46 65 61 74 75 72 65 32 22 3a 66 61 6c 73 65 2c 22 55 6e 69 76 65 72 73 61 6c 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 22 3a 74 72 75 65 2c 22 57 68 61 74 73 4e 65 77 43 4e 22 3a 74 72 75 65 2c 22 59 50 50 43 61 74 61 73 74 72 6f 70 68 69 63 45 72 72 6f 72 41 75 74 6f 52 65 73 65 74 22 3a 74 72 75 65 2c 22 59 50 50 43 6f 6e 73 65 63 75 74 69 76
                Data Ascii: ingTop011":true,"RemotingTop012":true,"RemotingTop015":true,"RomeDisabled":441503,"SecureContent":true,"ShellExtendedLeftPane":true,"TestFeature2":false,"UniversalBluetoothPairing":true,"WhatsNewCN":true,"YPPCatastrophicErrorAutoReset":true,"YPPConsecutiv
                2024-04-16 13:29:00 UTC1024INData Raw: 79 6f 35 35 36 3a 33 30 39 38 36 35 35 36 3b 79 6f 61 61 6f 32 36 37 3a 33 30 34 33 34 36 37 32 3b 79 6f 70 72 69 32 35 37 3a 33 30 34 36 34 34 33 33 3b 79 6f 31 37 39 3a 33 30 34 34 35 33 31 30 3b 79 6f 69 73 61 38 36 31 3a 33 30 35 32 35 38 36 38 3b 79 6f 72 65 6d 31 34 31 3a 33 30 34 38 36 33 35 33 3b 79 6f 79 70 70 36 35 32 3a 33 30 35 31 35 34 38 33 3b 79 6f 35 32 35 3a 33 30 35 35 33 39 38 35 3b 79 6f 36 30 36 3a 33 30 35 32 37 38 35 30 3b 79 6f 6e 6f 74 36 33 33 3a 33 30 36 32 36 30 37 38 3b 79 6f 79 70 70 38 35 39 3a 33 30 36 38 37 38 35 39 3b 79 6f 69 6e 64 36 36 35 3a 33 30 35 39 35 31 36 33 3b 79 6f 64 63 67 38 33 30 3a 33 30 37 31 32 39 34 39 3b 6f 6e 6c 79 5f 74 6f 61 73 74 63 6f 6e 74 65 78 74 6d 65 6e 75 3a 33 30 36 34 38 30 38 31 3b 61 6a
                Data Ascii: yo556:30986556;yoaao267:30434672;yopri257:30464433;yo179:30445310;yoisa861:30525868;yorem141:30486353;yoypp652:30515483;yo525:30553985;yo606:30527850;yonot633:30626078;yoypp859:30687859;yoind665:30595163;yodcg830:30712949;only_toastcontextmenu:30648081;aj
                2024-04-16 13:29:00 UTC117INData Raw: 38 33 38 35 30 33 3b 35 30 63 37 39 31 30 36 3a 33 30 38 33 38 36 31 39 3b 6a 61 35 63 34 32 34 39 3a 33 31 30 30 36 32 34 34 3b 68 33 65 64 34 31 36 31 3a 33 30 38 39 31 37 38 34 3b 61 62 69 30 67 38 31 37 3a 33 30 39 35 32 38 37 35 3b 61 35 34 66 61 35 37 34 3a 33 30 39 39 33 33 34 39 3b 64 69 66 32 32 32 31 39 3a 33 30 39 36 30 34 30 32 3b 22 7d
                Data Ascii: 838503;50c79106:30838619;ja5c4249:31006244;h3ed4161:30891784;abi0g817:30952875;a54fa574:30993349;dif22219:30960402;"}


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                9192.168.2.174971740.126.29.13443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:00 UTC422OUTPOST /RST2.srf HTTP/1.0
                Connection: Keep-Alive
                Content-Type: application/soap+xml
                Accept: */*
                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                Content-Length: 3592
                Host: login.live.com
                2024-04-16 13:29:00 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                2024-04-16 13:29:01 UTC569INHTTP/1.1 200 OK
                Cache-Control: no-store, no-cache
                Pragma: no-cache
                Content-Type: application/soap+xml; charset=utf-8
                Expires: Tue, 16 Apr 2024 13:28:00 GMT
                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                Referrer-Policy: strict-origin-when-cross-origin
                x-ms-route-info: C529_SN1
                x-ms-request-id: 1195021d-60cb-4605-bf79-f04d4599f074
                PPServer: PPV: 30 H: SN1PEPF0002F04F V: 0
                X-Content-Type-Options: nosniff
                Strict-Transport-Security: max-age=31536000
                X-XSS-Protection: 1; mode=block
                Date: Tue, 16 Apr 2024 13:29:00 GMT
                Connection: close
                Content-Length: 11390
                2024-04-16 13:29:01 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                10192.168.2.174971840.126.29.13443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:01 UTC422OUTPOST /RST2.srf HTTP/1.0
                Connection: Keep-Alive
                Content-Type: application/soap+xml
                Accept: */*
                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                Content-Length: 4775
                Host: login.live.com
                2024-04-16 13:29:01 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                2024-04-16 13:29:01 UTC569INHTTP/1.1 200 OK
                Cache-Control: no-store, no-cache
                Pragma: no-cache
                Content-Type: application/soap+xml; charset=utf-8
                Expires: Tue, 16 Apr 2024 13:28:01 GMT
                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                Referrer-Policy: strict-origin-when-cross-origin
                x-ms-route-info: C529_SN1
                x-ms-request-id: 20cfbf34-9992-4f46-933f-ecc93b5945d2
                PPServer: PPV: 30 H: SN1PEPF0002FABD V: 0
                X-Content-Type-Options: nosniff
                Strict-Transport-Security: max-age=31536000
                X-XSS-Protection: 1; mode=block
                Date: Tue, 16 Apr 2024 13:29:00 GMT
                Connection: close
                Content-Length: 11370
                2024-04-16 13:29:01 UTC11370INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                11192.168.2.174971940.126.29.13443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:02 UTC422OUTPOST /RST2.srf HTTP/1.0
                Connection: Keep-Alive
                Content-Type: application/soap+xml
                Accept: */*
                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                Content-Length: 4775
                Host: login.live.com
                2024-04-16 13:29:02 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                2024-04-16 13:29:02 UTC569INHTTP/1.1 200 OK
                Cache-Control: no-store, no-cache
                Pragma: no-cache
                Content-Type: application/soap+xml; charset=utf-8
                Expires: Tue, 16 Apr 2024 13:28:02 GMT
                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                Referrer-Policy: strict-origin-when-cross-origin
                x-ms-route-info: C529_SN1
                x-ms-request-id: a3b6de5d-6285-418e-b232-42de9c4217cf
                PPServer: PPV: 30 H: SN1PEPF0002FA90 V: 0
                X-Content-Type-Options: nosniff
                Strict-Transport-Security: max-age=31536000
                X-XSS-Protection: 1; mode=block
                Date: Tue, 16 Apr 2024 13:29:02 GMT
                Connection: close
                Content-Length: 11370
                2024-04-16 13:29:02 UTC11370INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                12192.168.2.174972040.126.29.13443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:02 UTC422OUTPOST /RST2.srf HTTP/1.0
                Connection: Keep-Alive
                Content-Type: application/soap+xml
                Accept: */*
                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                Content-Length: 4788
                Host: login.live.com
                2024-04-16 13:29:02 UTC4788OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                2024-04-16 13:29:03 UTC569INHTTP/1.1 200 OK
                Cache-Control: no-store, no-cache
                Pragma: no-cache
                Content-Type: application/soap+xml; charset=utf-8
                Expires: Tue, 16 Apr 2024 13:28:03 GMT
                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                Referrer-Policy: strict-origin-when-cross-origin
                x-ms-route-info: C529_SN1
                x-ms-request-id: 384d7834-2c51-4b3c-8a2b-880991593030
                PPServer: PPV: 30 H: SN1PEPF0002F1A9 V: 0
                X-Content-Type-Options: nosniff
                Strict-Transport-Security: max-age=31536000
                X-XSS-Protection: 1; mode=block
                Date: Tue, 16 Apr 2024 13:29:02 GMT
                Connection: close
                Content-Length: 11153
                2024-04-16 13:29:03 UTC11153INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                13192.168.2.174972113.107.21.200443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:03 UTC2566OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                X-Search-CortanaAvailableCapabilities: None
                X-Search-SafeSearch: Moderate
                Accept-Encoding: gzip, deflate
                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                X-UserAgeClass: Unknown
                X-BM-Market: CH
                X-BM-DateFormat: dd/MM/yyyy
                X-Device-OSSKU: 48
                X-BM-DTZ: 120
                X-DeviceID: 01000A41090080B6
                X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                X-BM-Theme: 000000;0078d7
                X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAWtA4VCaY/GibGeuZLLnYeKvaiICHPX7T9eywC88CdWaPWiMf5Xzh7qm9bdrutSntIP1wDs99GXKPhAG6P30nEmIGXUs8HfOR4ntWBI2VRaYczHDRNQiRKFgmLCCdgUuIn6zwUocMpDFwK6SkEg0Wvte4Lt63fYGg7uQHC/wOjFsR6WxqtInY8QmrnKbr33DnuPfuCWDSd4ltkhCED/7JMDewNL/PE87H6ZudnVYCTkMv9fzWn2Koc%2Btj4AJSA/sMxZ7kgSlwKa%2B8O8fmXlz9TRBtZBLNvhxe2/1KzYLqnq6U5use3TZ20UHtpilB6IPpOvPQnN4kvXwtvNCORiJqjQDZgAACPa93WAAMeMEqAGynKubWlWZuHMHl7fAZuPjQUx%2BEoto/AX1ntt7vH7cSEXIIr67Jqhv3nCVfPn3ZVUJAIZftkht5Cbh/dhggzOd0xV9sHPUWkGCIkvfGsd/673KuPuiacGrklACMHbVcNM%2Bur%2Be3H7la7T8gvq0W5by2jgMJz0R1tLvE1g6w6HPfutaw/KiXuCu66jgnA59l2Sk2f8NQZeM5L3aKxBN4K4XSmPqrvy5hbm56mSUgZdyQDdaNEI5ASzHx5HllmmRKZz%2BS4OcmVvJ1kKBckqiWvLuzzYmSruHHBNFwyLxCo2%2By6/dYHwE0EMaRlKt4W824h2Ef6KkgycempMxZaQsbH3%2Blysup4GQkbBAQeSa4CfITDxKvg2ZJMJ1ZSl9spD0xsgoEeuCdPYaGMPPk%2BdL1/8BJeVsmIgqYreTqsn%2Bg9GXMvxVhC9aZSAypKTJHkiK%2BYJ9sBUXB7kzvXZUC5tQPGl44hGIMQR0878m1/1/gXX40qj0VZdEBpz0JvYOoxYUuoygZha/8g1a6M8o0ipdcYvBBIjrDjz9SOMA%2BwuhcX9SB/1z%2B2Q7e8ON2AE%3D%26p%3D
                X-Agent-DeviceId: 01000A41090080B6
                X-BM-CBT: 1713274138
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                X-Device-isOptin: false
                Accept-language: en-GB, en, en-US
                X-Device-Touch: false
                X-Device-ClientSession: 91034E343A784E81B23B6F193A69D2CA
                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                Host: www.bing.com
                Connection: Keep-Alive
                Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                2024-04-16 13:29:04 UTC1463INHTTP/1.1 200 OK
                Cache-Control: private
                Content-Length: 2215
                Content-Type: application/json; charset=utf-8
                P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                Set-Cookie: _EDGE_S=SID=28D6A294EC7964A31384B6F7ED50656C&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Sun, 11-May-2025 13:29:03 GMT; path=/; HttpOnly
                Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Sun, 11-May-2025 13:29:03 GMT; path=/; secure; SameSite=None
                Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                Set-Cookie: _SS=SID=28D6A294EC7964A31384B6F7ED50656C; domain=.bing.com; path=/; secure; SameSite=None
                X-EventID: 661e7d1f2b514625a4feb8cd5debaae6
                UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                X-XSS-Protection: 0
                X-Cache: CONFIG_NOCACHE
                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                X-MSEdge-Ref: Ref A: 77AD0B94D29849D29B41AA8D586531B5 Ref B: ATL331000101047 Ref C: 2024-04-16T13:29:03Z
                Date: Tue, 16 Apr 2024 13:29:03 GMT
                Connection: close
                2024-04-16 13:29:04 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                14192.168.2.174972213.85.23.86443
                TimestampBytes transferredDirectionData
                2024-04-16 13:29:22 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=v8Vt6bO+Vf97ZAz&MD=EYdXYgso HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                Host: slscr.update.microsoft.com
                2024-04-16 13:29:22 UTC560INHTTP/1.1 200 OK
                Cache-Control: no-cache
                Pragma: no-cache
                Content-Type: application/octet-stream
                Expires: -1
                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                MS-CorrelationId: 57401c60-6259-457a-a1e2-22a4393324ee
                MS-RequestId: 9da54c5c-52c0-4beb-8473-462866ba3e64
                MS-CV: 88RmWSn/K0inrHrk.0
                X-Microsoft-SLSClientCache: 2160
                Content-Disposition: attachment; filename=environment.cab
                X-Content-Type-Options: nosniff
                Date: Tue, 16 Apr 2024 13:29:22 GMT
                Connection: close
                Content-Length: 25457
                2024-04-16 13:29:22 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                2024-04-16 13:29:22 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:15:28:30
                Start date:16/04/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBeantech/dPFlf78424dPFlf78424dPFlf/ZmFiaWFuby5iZW5lZGV0dGlAYmVhbnRlY2guaXQ=
                Imagebase:0x7ff7d6f10000
                File size:3'242'272 bytes
                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:1
                Start time:15:28:31
                Start date:16/04/2024
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1992,i,890557561073113856,7788657320205780345,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff7d6f10000
                File size:3'242'272 bytes
                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                Disassembly

                No disassembly