Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://t.apemail.net

Overview

General Information

Sample URL:http://t.apemail.net
Analysis ID:1426791
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,3607310084960368842,4410557135685336208,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.apemail.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://t.apemail.net/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49726 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: t.apemail.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: t.apemail.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://t.apemail.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: t.apemail.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: t.apemail.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: t.apemail.net
Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713277299050&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: classification engineClassification label: clean1.win@17/11@8/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,3607310084960368842,4410557135685336208,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.apemail.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,3607310084960368842,4410557135685336208,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://t.apemail.net2%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://t.apemail.net/2%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com
52.43.73.16
truefalse
    		high
    www.google.com
    		64.233.176.106
    		truefalse
      		high
      fp2e7a.wpc.phicdn.net
      		192.229.211.108
      		truefalse
        		unknown
        t.apemail.net
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://t.apemail.net/falseunknown
          https://t.apemail.net/false
            		unknown
            https://t.apemail.net/favicon.icofalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              52.12.161.87
              		unknownUnited States
              		16509AMAZON-02USfalse
              54.184.15.69
              		unknownUnited States
              		16509AMAZON-02USfalse
              52.43.73.16
              		k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comUnited States
              		16509AMAZON-02USfalse
              64.233.176.106
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.7
              192.168.2.5

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1426791
              Start date and time:2024-04-16 16:21:02 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 13s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://t.apemail.net
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:7
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean1.win@17/11@8/7
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 74.125.136.94, 64.233.176.102, 64.233.176.138, 64.233.176.113, 64.233.176.139, 64.233.176.101, 64.233.176.100, 142.251.15.84, 34.104.35.123, 20.114.59.183, 199.232.214.172, 192.229.211.108, 23.47.204.46, 23.47.204.53, 23.47.204.61, 23.47.204.45, 23.47.204.66, 23.47.204.75, 23.47.204.67, 23.47.204.72, 23.47.204.68, 20.166.126.56, 23.47.204.54, 23.47.204.48, 23.47.204.79, 23.47.204.44, 23.47.204.77, 23.47.204.78, 13.85.23.206, 23.47.204.50, 23.47.204.81, 23.47.204.82, 23.47.204.74, 23.47.204.76, 142.251.15.94, 23.40.205.26, 23.40.205.35, 23.40.205.57, 23.40.205.81, 23.40.205.67, 23.40.205.73, 23.40.205.41, 23.40.205.75, 23.40.205.83, 23.47.204.49, 23.47.204.59, 23.47.204.65, 23.47.204.58
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 13:21:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9746413645421668
              Encrypted:false
              SSDEEP:48:8ZdzT7XPHHYidAKZdA19ehwiZUklqehBy+3:8/PPWuy
              MD5:E28346EBC03D5613C845D5094E688130
              SHA1:2E056F92023AB997AAD46E3B60AD8F594E9B667B
              SHA-256:26FA3820F8F98EE0D57652119B7B77B71A2460680087858DB2368DA81A8FC723
              SHA-512:CA6BE294DD1C502D86FC7C7674F71884ABE04D47507D9AA8B60DD3ED121A12E169FE8FD6365D96E7F280B8E1975D6BDED9E3D4DBC86344D34EA3AF64814C1912
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.....z.n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 13:21:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9892344786240557
              Encrypted:false
              SSDEEP:48:80dzT7XPHHYidAKZdA1weh/iZUkAQkqehey+2:8APP09QHy
              MD5:9E9A68234C0BA9330E462FDF965A6CD7
              SHA1:8E35024B37FB172D1EAE40BB69776714C652ECC3
              SHA-256:DB78E9224DD2BAD5AB39EF6941E6CC3F258DDB670C45BDDF9D652A68642405C5
              SHA-512:A65ABE264094D72452CCF9B2110351160BE683C7BCB2E96278D0F1F40F3D0776169059A3F4C9BCB94ED3C0DC32F1659808C3AC9F6A209A1A0AE026A54C8B2F53
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.......n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2693
              Entropy (8bit):4.001732756192261
              Encrypted:false
              SSDEEP:48:8xQdzT7XPsHYidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xsPPxnCy
              MD5:30847C1E002236BBDAD9B86EB79C9BD3
              SHA1:3BEB3B18C28BA463E563069A62AFB3C23C0A843F
              SHA-256:7BE546CBBBE6AF238E713C524A45D11CA1F7D54A130EB9EF9050F332B825A6EA
              SHA-512:53FF45FE21FD50E96EF4FFF770653AE82B42A8DA9038DCD9D74BA6951FA2DCC2E81C864F3B63D37165FAC34E647BE90E4631A97166DD140FCE3326A18205E1DA
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 13:21:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.985923845556245
              Encrypted:false
              SSDEEP:48:86dzT7XPHHYidAKZdA1vehDiZUkwqeh6y+R:8WPPfcy
              MD5:71E02BAAD28878C011DFA6A7206412D0
              SHA1:2DE683E12C454D0A05EA2FA59ECC71955243EA4C
              SHA-256:3D911902B7EEEB5F9EA413691870F25BC54B0B63377FE5356C8EA3A4E9E5867F
              SHA-512:69A5614768AA258E2F77563E5B0460ECCBC474C528D4AC75E9F6DB856B90469DECAE8EAF1980FBF74D68D06C36DC64AE7B7E3023C006216A659C314F38E141B1
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....L.n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 13:21:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.973700345301178
              Encrypted:false
              SSDEEP:48:81dzT7XPHHYidAKZdA1hehBiZUk1W1qehYy+C:8LPPf94y
              MD5:85AD077C79DE6289B6CC5FB131DE8BD2
              SHA1:8CEAC8FC790E22DBFC78D98C95FA74C53A1E7A47
              SHA-256:A2817B5DEB3B01B24866EC106F1AA02190D6E03773A215DB4F6A8CD70AE99AC3
              SHA-512:6F93DD7717A54890B8543D3E2A6DEAA15E102A8DCA0E76B81DE9DB26FFB21959FFE67573DC3C503D14BB047578FD702BEBD5BFF8EC58FCE652B9CB24B5763E8F
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,.....e.n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 13:21:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2683
              Entropy (8bit):3.986309013607971
              Encrypted:false
              SSDEEP:48:8QdzT7XPHHYidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbCy+yT+:8sPPXT/TbxWOvTbCy7T
              MD5:862B5FA6E852F219155C5DE2322D4DD1
              SHA1:2595DA8A83730D8AE0B2C32B5BD8512EFA54C3E9
              SHA-256:81FAB7B73B55142361AB815B853BAC5CD1431AD242B2BEF405E5B6FFC9458115
              SHA-512:C130157EDB0FCE42F6CBD7CD5A6C6230DD258EB5455EF66FAB53E6A1A6B5B2DA36864E0A03B929B28241A7283ACD6FA3D9FC92D5119965D6ED57E29D69923569
              Malicious:false
              Reputation:low
              Preview:L..................F.@.. ...$+.,....'..n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........6.s......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              Chrome Cache Entry: 60

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
              Category:dropped
              Size (bytes):370070
              Entropy (8bit):2.6639411917298714
              Encrypted:false
              SSDEEP:384:vXkJ9/eO2ldRLfvQXLSYOFTU3uSqSwfW9+RYTmYc/No2VTOtHRaGMQ5:vaW/9YOtCuSrwe9P
              MD5:9E1858B9A461C14ECCC1557E5411AA8A
              SHA1:63E38126D39301D08AB05449DA99732E8C9D82E2
              SHA-256:34D5385118B759B4E5CC313FAE5D541F4E46AF17EF5497F5B71F639ACC1C3D2E
              SHA-512:2820FF015209F6A8888DA742713EA5764168F1FA4AE61530C2A7307CA87A9A365C8AD55244A4E033A22DB22B9F11078EDD3D07669824F375A9C280A373F185AE
              Malicious:false
              Reputation:low
              Preview:............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .( ..n...(....... ..... .....@..............................#...........................................................w.......c...................................c.......i................;>$_..]%..]%..h.........j<l.p@a%p@a%(.#e.......................i..\.]...a.C...........^2..m>e.pAa.o@`....q...................[..\i..].e.x.=...=...]1..^2..d7w.pAa.pAay...[...................Q..]...b.@...>...>...]2..^2..^2..m>f.oAa....S...........7.......5....;..e+...+...*...DB..I5..I5..O6.w.......9.......+................ ... ...!...!...,o..?7..>7..?7......................................!..c!...!..."...:C..>7.w.......................+.......9........!...'...)...)...1p..>6.............5.......7...........S............Mw.cMw..Mw..Lv.u...............Q...................[............Mw..Mv..Lv..Lw.................[...................c................Mw.aMw.s...................a.......................A..........

              Chrome Cache Entry: 61

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (2350)
              Category:downloaded
              Size (bytes):2534
              Entropy (8bit):5.066224467217119
              Encrypted:false
              SSDEEP:48:0SppjNApnLMBIMrskexVrZoxkfzCKb/LuJwsYggX/gFOuq:xkpQYVF0EPTCJwsPgX/gFOr
              MD5:9893095B060A613EF6AEE5301332B10E
              SHA1:5697F0E54977CBD448764DD001C6CEF17EBD936F
              SHA-256:F595C6AAB7CCDA82309E98157F3A5922A91055DEABF88FF240E8FCFAB8827A5F
              SHA-512:162D89725C4A3AF7BA087B29455F94CF1C7F9A666C29D4AB89F645034249FFD00CA24A0927803FF51D1139ECCD3BB42A86CAF4DB778B4618E210DDD00C2050A0
              Malicious:false
              Reputation:low
              URL:https://t.apemail.net/
              Preview:<!doctype html>.<html>.<head>.<title>ActivePipe API</title>.</head>.<body style="background: #262933">. <div style="text-align:center; padding-top:15%">.<svg width="40%" id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 606.58 204"><defs><style>.cls-1{fill:none;}.cls-2{fill:#5dbfd4;}.cls-3{fill:#fff;}</style></defs><title>ActivePipe Logo</title><polygon class="cls-1" points="66.19 139.79 97.35 86.9 84.52 64.84 40.91 139.79 66.19 139.79"/><polygon class="cls-1" points="86.39 113.39 126.1 136.32 99.66 90.87 86.39 113.39"/><polygon class="cls-1" points="84.36 116.84 70.83 139.79 124.11 139.79 84.36 116.84"/><path class="cls-2" d="M135.08,143.79,84.52,56.89,34,143.79Zm-64.24-4,13.53-23,39.76,23Zm55.27-3.47L86.39,113.39,99.66,90.87ZM84.52,64.84,97.35,86.9,66.19,139.79H40.92Z"/><path class="cls-3" d="M158.27,143.79h-5.42L175.28,89h5.83l22.43,54.8h-5.42l-20-49.29Z"/><path class="cls-3" d="M206,116.2c0-16.23,11.8-27.32,26.76-27.32A23.82,23.82,0,0,1,252,98.22l-

              Chrome Cache Entry: 62

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
              Category:downloaded
              Size (bytes):370070
              Entropy (8bit):2.6639411917298714
              Encrypted:false
              SSDEEP:384:vXkJ9/eO2ldRLfvQXLSYOFTU3uSqSwfW9+RYTmYc/No2VTOtHRaGMQ5:vaW/9YOtCuSrwe9P
              MD5:9E1858B9A461C14ECCC1557E5411AA8A
              SHA1:63E38126D39301D08AB05449DA99732E8C9D82E2
              SHA-256:34D5385118B759B4E5CC313FAE5D541F4E46AF17EF5497F5B71F639ACC1C3D2E
              SHA-512:2820FF015209F6A8888DA742713EA5764168F1FA4AE61530C2A7307CA87A9A365C8AD55244A4E033A22DB22B9F11078EDD3D07669824F375A9C280A373F185AE
              Malicious:false
              Reputation:low
              URL:https://t.apemail.net/favicon.ico
              Preview:............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .( ..n...(....... ..... .....@..............................#...........................................................w.......c...................................c.......i................;>$_..]%..]%..h.........j<l.p@a%p@a%(.#e.......................i..\.]...a.C...........^2..m>e.pAa.o@`....q...................[..\i..].e.x.=...=...]1..^2..d7w.pAa.pAay...[...................Q..]...b.@...>...>...]2..^2..^2..m>f.oAa....S...........7.......5....;..e+...+...*...DB..I5..I5..O6.w.......9.......+................ ... ...!...!...,o..?7..>7..?7......................................!..c!...!..."...:C..>7.w.......................+.......9........!...'...)...)...1p..>6.............5.......7...........S............Mw.cMw..Mw..Lv.u...............Q...................[............Mw..Mv..Lv..Lw.................[...................c................Mw.aMw.s...................a.......................A..........

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Apr 16, 2024 16:21:49.045275927 CEST49675443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:49.045389891 CEST49674443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:49.154649973 CEST49673443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:54.822180986 CEST4970980192.168.2.552.43.73.16
              Apr 16, 2024 16:21:54.822613001 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:21:54.930222988 CEST4971180192.168.2.552.43.73.16
              Apr 16, 2024 16:21:54.996248007 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:21:54.996328115 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:21:54.996520042 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:21:54.996577978 CEST804970952.43.73.16192.168.2.5
              Apr 16, 2024 16:21:54.996642113 CEST4970980192.168.2.552.43.73.16
              Apr 16, 2024 16:21:55.105209112 CEST804971152.43.73.16192.168.2.5
              Apr 16, 2024 16:21:55.105299950 CEST4971180192.168.2.552.43.73.16
              Apr 16, 2024 16:21:55.170200109 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:21:55.170855045 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:21:55.223524094 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:21:55.297261953 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.297306061 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.297390938 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.297617912 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.297636032 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.829945087 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.830274105 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.830337048 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.831352949 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.831435919 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.832576990 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.832669020 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.832756042 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:55.832772970 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:55.881108046 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.010067940 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.010083914 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.010143042 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.010257959 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.010257959 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.053925037 CEST49712443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.053955078 CEST4434971254.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.230633020 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.230721951 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.230799913 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.231554031 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.231587887 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.584141970 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.590485096 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.590517998 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.590900898 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.597861052 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.597953081 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:56.610349894 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:56.656110048 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.112812042 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.112833023 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.112847090 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.112993956 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.113038063 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.113060951 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.113132954 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.288873911 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.288908005 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.289016008 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.289016008 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.289084911 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.289236069 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.289259911 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.289271116 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.289298058 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.289331913 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.289331913 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.289375067 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.331754923 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.331782103 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.331916094 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.331948996 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.332885027 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.465581894 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465606928 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465802908 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.465821981 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465873957 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465917110 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465922117 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.465922117 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.465955019 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.465966940 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.465992928 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466011047 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466012955 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466036081 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466048956 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466084957 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466085911 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466103077 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466125011 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466150045 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466172934 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466197968 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466217995 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466370106 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466387033 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466571093 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466571093 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.466635942 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.466727972 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.507491112 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.507513046 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.507622004 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.507622004 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.507639885 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.507920027 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641006947 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641036987 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641233921 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641295910 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641338110 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641349077 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641371965 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641376019 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641392946 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641407967 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641468048 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641468048 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641746044 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641765118 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.641846895 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641846895 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.641865969 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642045975 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642050028 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642064095 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642115116 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642132044 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642132044 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642158985 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642191887 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642290115 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642518997 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642539024 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642636061 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642636061 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642652035 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642848015 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642872095 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642889023 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642905951 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.642939091 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.642939091 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643007994 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643274069 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643294096 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643362045 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643362045 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643377066 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643668890 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643693924 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643709898 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643727064 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.643759966 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643759966 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.643922091 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644054890 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644077063 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644181013 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644181013 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644197941 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644520998 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644545078 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644556999 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644575119 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644608021 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644608021 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644921064 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644939899 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.644959927 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.644973040 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.645009041 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.645009041 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.647914886 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.652204990 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.683171034 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.683274031 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:57.683459997 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.686894894 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:57.907908916 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:57.907974005 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:57.908302069 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:57.912233114 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:57.912266970 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.128407001 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.178076982 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.347728014 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:58.347728014 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:58.347945929 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.348021030 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.349219084 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.349231958 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.349535942 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.373095989 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.373272896 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.427772999 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.427834034 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:21:58.455046892 CEST49715443192.168.2.554.184.15.69
              Apr 16, 2024 16:21:58.455115080 CEST4434971554.184.15.69192.168.2.5
              Apr 16, 2024 16:21:58.474644899 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:21:58.646512985 CEST49675443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:58.646636963 CEST49674443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:58.758550882 CEST49673443192.168.2.523.1.237.91
              Apr 16, 2024 16:21:58.943919897 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:58.943945885 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:58.944008112 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:58.946542025 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:58.946552992 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.168240070 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.168315887 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.171314001 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.171328068 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.171660900 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.211561918 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.213109016 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.260117054 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.368691921 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.368781090 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.368886948 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.369040966 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.369054079 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.369081974 CEST49718443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.369087934 CEST44349718184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.381881952 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.381927967 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.382152081 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.384138107 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.384187937 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.421226978 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.421273947 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.421345949 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.421883106 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.421896935 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.633934021 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.634012938 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.635667086 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.635679960 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.635919094 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.637722015 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.680119991 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.840431929 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.840507030 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.842202902 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.843509912 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.843530893 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.843545914 CEST49720443192.168.2.5184.31.62.93
              Apr 16, 2024 16:21:59.843552113 CEST44349720184.31.62.93192.168.2.5
              Apr 16, 2024 16:21:59.913919926 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.914932966 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.914952993 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.916429996 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.917093992 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.917448044 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.917527914 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:21:59.917587996 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.961694002 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:21:59.961709023 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.008438110 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.123898983 CEST4434970323.1.237.91192.168.2.5
              Apr 16, 2024 16:22:00.123986006 CEST49703443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:00.277337074 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277373075 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277381897 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277401924 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277412891 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277420998 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277478933 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.277478933 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.277510881 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277523994 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277558088 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277579069 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277592897 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.277614117 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.277631044 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.277785063 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.451411963 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451452971 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451488972 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.451505899 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451527119 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451554060 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451558113 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.451572895 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.451581001 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.451615095 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.451636076 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.494096994 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.494111061 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.494162083 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.494170904 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.494215965 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625328064 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625369072 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625400066 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625411987 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625439882 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625457048 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625541925 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625571012 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625595093 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625601053 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.625632048 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625648975 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.625982046 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626004934 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626049995 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626055002 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626077890 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626097918 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626429081 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626450062 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626477003 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626482010 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626506090 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626517057 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626889944 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626914978 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626944065 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626949072 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.626977921 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.626986027 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.667751074 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.667787075 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.667824030 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.667839050 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.667860031 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.667877913 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.800839901 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.800854921 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.800906897 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.800919056 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.800960064 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801028967 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801059961 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801084042 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801090002 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801116943 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801136971 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801409006 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801433086 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801460028 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801465034 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801486015 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801503897 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801851034 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801872969 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801899910 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801907063 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.801937103 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.801956892 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802329063 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802351952 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802387953 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802395105 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802414894 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802431107 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802784920 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802810907 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802836895 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802843094 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.802866936 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.802882910 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803154945 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803175926 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803210974 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803216934 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803235054 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803256989 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803536892 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803560972 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803586006 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803591967 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803613901 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803637981 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803927898 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803950071 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.803978920 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.803985119 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804008007 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804027081 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804300070 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804331064 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804362059 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804368019 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804393053 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804406881 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804661036 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804689884 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804711103 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804718018 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.804738998 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.804757118 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.841844082 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.841897011 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.841950893 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.841960907 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.841993093 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:00.841995001 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.842039108 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.874855995 CEST49719443192.168.2.552.12.161.87
              Apr 16, 2024 16:22:00.874883890 CEST4434971952.12.161.87192.168.2.5
              Apr 16, 2024 16:22:08.127849102 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:22:08.127918959 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:22:08.128324032 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:09.525094986 CEST49716443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:09.525190115 CEST4434971664.233.176.106192.168.2.5
              Apr 16, 2024 16:22:10.760847092 CEST49703443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:10.760982037 CEST49703443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:10.762202978 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:10.762265921 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:10.762353897 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:10.762842894 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:10.762872934 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:10.912652969 CEST4434970323.1.237.91192.168.2.5
              Apr 16, 2024 16:22:10.912674904 CEST4434970323.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.079960108 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.080065012 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.175889015 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.175923109 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.176496029 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.176549911 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.177660942 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.177697897 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.178141117 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.178148985 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.421235085 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.421330929 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.421639919 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.421696901 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.421709061 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.421750069 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.430066109 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.430089951 CEST4434972623.1.237.91192.168.2.5
              Apr 16, 2024 16:22:11.430104971 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:11.430143118 CEST49726443192.168.2.523.1.237.91
              Apr 16, 2024 16:22:40.013900042 CEST4970980192.168.2.552.43.73.16
              Apr 16, 2024 16:22:40.120284081 CEST4971180192.168.2.552.43.73.16
              Apr 16, 2024 16:22:40.181622028 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:22:40.188179016 CEST804970952.43.73.16192.168.2.5
              Apr 16, 2024 16:22:40.295180082 CEST804971152.43.73.16192.168.2.5
              Apr 16, 2024 16:22:40.355317116 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.170553923 CEST804970952.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.170607090 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.170631886 CEST4970980192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.170753002 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.277605057 CEST804971152.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.277957916 CEST4971180192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.497947931 CEST4970980192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.498080969 CEST4971180192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.498151064 CEST4971080192.168.2.552.43.73.16
              Apr 16, 2024 16:22:55.671818018 CEST804971052.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.672384024 CEST804970952.43.73.16192.168.2.5
              Apr 16, 2024 16:22:55.672820091 CEST804971152.43.73.16192.168.2.5
              Apr 16, 2024 16:22:57.686038017 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:57.686085939 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.686181068 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:57.686491013 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:57.686502934 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.900768995 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.908193111 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:57.908215046 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.908807039 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.927443981 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:22:57.927537918 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:22:57.975023985 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:23:07.910697937 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:23:07.910764933 CEST4434973164.233.176.106192.168.2.5
              Apr 16, 2024 16:23:07.910942078 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:23:09.494620085 CEST49731443192.168.2.564.233.176.106
              Apr 16, 2024 16:23:09.494652033 CEST4434973164.233.176.106192.168.2.5

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Apr 16, 2024 16:21:53.098865986 CEST53611991.1.1.1192.168.2.5
              Apr 16, 2024 16:21:53.218761921 CEST53505581.1.1.1192.168.2.5
              Apr 16, 2024 16:21:53.848514080 CEST53566391.1.1.1192.168.2.5
              Apr 16, 2024 16:21:54.673129082 CEST5007553192.168.2.51.1.1.1
              Apr 16, 2024 16:21:54.673233986 CEST4998353192.168.2.51.1.1.1
              Apr 16, 2024 16:21:54.799945116 CEST53500751.1.1.1192.168.2.5
              Apr 16, 2024 16:21:54.821480989 CEST53499831.1.1.1192.168.2.5
              Apr 16, 2024 16:21:55.172997952 CEST5928853192.168.2.51.1.1.1
              Apr 16, 2024 16:21:55.173124075 CEST5614753192.168.2.51.1.1.1
              Apr 16, 2024 16:21:55.278224945 CEST53592881.1.1.1192.168.2.5
              Apr 16, 2024 16:21:55.296665907 CEST53561471.1.1.1192.168.2.5
              Apr 16, 2024 16:21:57.660278082 CEST6172453192.168.2.51.1.1.1
              Apr 16, 2024 16:21:57.660476923 CEST5094653192.168.2.51.1.1.1
              Apr 16, 2024 16:21:57.764754057 CEST53509461.1.1.1192.168.2.5
              Apr 16, 2024 16:21:57.765045881 CEST53617241.1.1.1192.168.2.5
              Apr 16, 2024 16:21:59.240025043 CEST5929353192.168.2.51.1.1.1
              Apr 16, 2024 16:21:59.240648031 CEST5866953192.168.2.51.1.1.1
              Apr 16, 2024 16:21:59.349579096 CEST53592931.1.1.1192.168.2.5
              Apr 16, 2024 16:21:59.380126953 CEST53586691.1.1.1192.168.2.5
              Apr 16, 2024 16:22:12.366898060 CEST53634781.1.1.1192.168.2.5
              Apr 16, 2024 16:22:31.452866077 CEST53494481.1.1.1192.168.2.5
              Apr 16, 2024 16:22:53.085515022 CEST53558861.1.1.1192.168.2.5
              Apr 16, 2024 16:22:54.269076109 CEST53526691.1.1.1192.168.2.5
              Apr 16, 2024 16:23:20.474253893 CEST53575241.1.1.1192.168.2.5

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 16, 2024 16:21:54.673129082 CEST192.168.2.51.1.1.10x91cdStandard query (0)t.apemail.netA (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:54.673233986 CEST192.168.2.51.1.1.10xb55dStandard query (0)t.apemail.net65IN (0x0001)false
              Apr 16, 2024 16:21:55.172997952 CEST192.168.2.51.1.1.10xc40cStandard query (0)t.apemail.netA (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:55.173124075 CEST192.168.2.51.1.1.10x310dStandard query (0)t.apemail.net65IN (0x0001)false
              Apr 16, 2024 16:21:57.660278082 CEST192.168.2.51.1.1.10x3404Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.660476923 CEST192.168.2.51.1.1.10x5eb5Standard query (0)www.google.com65IN (0x0001)false
              Apr 16, 2024 16:21:59.240025043 CEST192.168.2.51.1.1.10xfdabStandard query (0)t.apemail.netA (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:59.240648031 CEST192.168.2.51.1.1.10xd820Standard query (0)t.apemail.net65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.43.73.16A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com54.184.15.69A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:54.799945116 CEST1.1.1.1192.168.2.50x91cdNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.12.161.87A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:54.821480989 CEST1.1.1.1192.168.2.50xb55dNo error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:54.821480989 CEST1.1.1.1192.168.2.50xb55dNo error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:54.821480989 CEST1.1.1.1192.168.2.50xb55dNo error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com54.184.15.69A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.12.161.87A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:55.278224945 CEST1.1.1.1192.168.2.50xc40cNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.43.73.16A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:55.296665907 CEST1.1.1.1192.168.2.50x310dNo error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.296665907 CEST1.1.1.1192.168.2.50x310dNo error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:55.296665907 CEST1.1.1.1192.168.2.50x310dNo error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:57.764754057 CEST1.1.1.1192.168.2.50x5eb5No error (0)www.google.com65IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.106A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.99A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.105A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.147A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.104A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:57.765045881 CEST1.1.1.1192.168.2.50x3404No error (0)www.google.com64.233.176.103A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.12.161.87A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com52.43.73.16A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:59.349579096 CEST1.1.1.1192.168.2.50xfdabNo error (0)k8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.com54.184.15.69A (IP address)IN (0x0001)false
              Apr 16, 2024 16:21:59.380126953 CEST1.1.1.1192.168.2.50xd820No error (0)t.apemail.netapi.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:59.380126953 CEST1.1.1.1192.168.2.50xd820No error (0)api.activepipe.comproduction-api.us-west-2.activepipe.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:21:59.380126953 CEST1.1.1.1192.168.2.50xd820No error (0)production-api.us-west-2.activepipe.comk8s-eksinternetfacing-baa4792011-459661169.us-west-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:22:10.152059078 CEST1.1.1.1192.168.2.50xe853No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Apr 16, 2024 16:22:10.152059078 CEST1.1.1.1192.168.2.50xe853No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • t.apemail.net
              • https:
                • www.bing.com
              • fs.microsoft.com

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.54971052.43.73.16805532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Apr 16, 2024 16:21:54.996520042 CEST428OUTGET / HTTP/1.1
              Host: t.apemail.net
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Apr 16, 2024 16:21:55.170855045 CEST788INHTTP/1.1 301 Moved Permanently
              Date: Tue, 16 Apr 2024 14:21:55 GMT
              Content-Type: text/html
              Content-Length: 162
              Connection: keep-alive
              Server: nginx
              Location: https://t.apemail.net/
              Access-Control-Expose-Headers: X-Total,X-Per-Page,X-Page,X-Metadata,X-One-Time-Password-Sent-To
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
              Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,Pragma,Cache,X-ActivePipe-Auth,X-Client-Version,X-One-Time-Password
              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
              Apr 16, 2024 16:22:40.181622028 CEST6OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.54970952.43.73.16805532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Apr 16, 2024 16:22:40.013900042 CEST6OUTData Raw: 00
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.54971152.43.73.16805532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Apr 16, 2024 16:22:40.120284081 CEST6OUTData Raw: 00
              Data Ascii:


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.54971254.184.15.694435532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-04-16 14:21:55 UTC656OUTGET / HTTP/1.1
              Host: t.apemail.net
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-04-16 14:21:56 UTC619INHTTP/1.1 200 OK
              Date: Tue, 16 Apr 2024 14:21:55 GMT
              Content-Type: text/html
              Content-Length: 2534
              Connection: close
              Server: nginx
              Last-Modified: Tue, 16 Apr 2024 06:32:49 GMT
              Access-Control-Expose-Headers: X-Total,X-Per-Page,X-Page,X-Metadata,X-One-Time-Password-Sent-To
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
              Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,Pragma,Cache,X-ActivePipe-Auth,X-Client-Version,X-One-Time-Password
              2024-04-16 14:21:56 UTC2534INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 41 63 74 69 76 65 50 69 70 65 20 41 50 49 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 36 32 39 33 33 22 3e 0a 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 25 22 3e 0a 3c 73 76 67 20 77 69 64 74 68 3d 22 34 30 25 22 20 69 64 3d 22 4c 61 79 65 72 5f 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 4c 61 79 65 72 20 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36
              Data Ascii: <!doctype html><html><head><title>ActivePipe API</title></head><body style="background: #262933"> <div style="text-align:center; padding-top:15%"><svg width="40%" id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 6


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.54971554.184.15.694435532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-04-16 14:21:56 UTC582OUTGET /favicon.ico HTTP/1.1
              Host: t.apemail.net
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://t.apemail.net/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-04-16 14:21:57 UTC636INHTTP/1.1 200 OK
              Date: Tue, 16 Apr 2024 14:21:56 GMT
              Content-Type: image/vnd.microsoft.icon
              Content-Length: 370070
              Connection: close
              Server: nginx
              Last-Modified: Tue, 16 Apr 2024 06:32:49 GMT
              Access-Control-Expose-Headers: X-Total,X-Per-Page,X-Page,X-Metadata,X-One-Time-Password-Sent-To
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
              Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,Pragma,Cache,X-ActivePipe-Auth,X-Client-Version,X-One-Time-Password
              2024-04-16 14:21:57 UTC15748INData Raw: 00 00 01 00 06 00 10 10 00 00 00 00 20 00 68 04 00 00 66 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ce 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 76 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 1e 3b 00 00 80 80 00 00 00 00 20 00 28 08 01 00 46 7d 00 00 00 00 00 00 00 00 20 00 28 20 04 00 6e 85 01 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 00 00 00 23 00 00 00 15 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 0d 00 00 00 13 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 77 00 00 00 ff 00 00 00 63 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00
              Data Ascii: hf 00 %v@@ (B; (F} ( n( @#wc
              2024-04-16 14:21:57 UTC1509INData Raw: ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 31 00 00 00 81 00 00 00 af 00 00 00 c5 00 00 00 cb 00 00 00 6d ff ff ff 01 ff
              Data Ascii: 1m
              2024-04-16 14:21:57 UTC16384INData Raw: ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 87 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 87 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 f7 00 00 00 0b ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 4d 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00
              Data Ascii: M
              2024-04-16 14:21:57 UTC16384INData Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff
              Data Ascii:
              2024-04-16 14:21:57 UTC16384INData Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 5b 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 d5 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 99 9f 5d 8d 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 7e a4 6b ff 3e ae 8c ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3d af 8c 6f ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff
              Data Ascii: []]]]]]]]]]]]]]]~k>>>>>>>>>>>>=o
              2024-04-16 14:21:57 UTC16384INData Raw: ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 bf 00 00 00 05 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 21 c1 f9 5d 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 ba f8 f7 22 92 f3 fd 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92
              Data Ascii: !]!!!!!!!!!!!"""""""
              2024-04-16 14:21:57 UTC16384INData Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 3d 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fb 00 00 00 05 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 4d 77 ea 45 4d 77 e9 ff 4d 77
              Data Ascii: =MwEMwMw
              2024-04-16 14:21:57 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              2024-04-16 14:21:57 UTC16384INData Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff
              Data Ascii:
              2024-04-16 14:21:57 UTC16384INData Raw: 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff
              Data Ascii:


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.549718184.31.62.93443
              TimestampBytes transferredDirectionData
              2024-04-16 14:21:59 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-04-16 14:21:59 UTC468INHTTP/1.1 200 OK
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (chd/079C)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-eus2-z1
              Cache-Control: public, max-age=146540
              Date: Tue, 16 Apr 2024 14:21:59 GMT
              Connection: close
              X-CID: 2


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.549720184.31.62.93443
              TimestampBytes transferredDirectionData
              2024-04-16 14:21:59 UTC239OUTGET /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
              Range: bytes=0-2147483646
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-04-16 14:21:59 UTC805INHTTP/1.1 200 OK
              ApiVersion: Distribute 1.1
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (chd/0778)
              X-CID: 11
              X-CCC: US
              X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
              X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
              Content-Type: application/octet-stream
              X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
              Cache-Control: public, max-age=146477
              Date: Tue, 16 Apr 2024 14:21:59 GMT
              Content-Length: 55
              Connection: close
              X-CID: 2
              2024-04-16 14:21:59 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.54971952.12.161.874435532C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-04-16 14:21:59 UTC348OUTGET /favicon.ico HTTP/1.1
              Host: t.apemail.net
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: */*
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-04-16 14:22:00 UTC636INHTTP/1.1 200 OK
              Date: Tue, 16 Apr 2024 14:22:00 GMT
              Content-Type: image/vnd.microsoft.icon
              Content-Length: 370070
              Connection: close
              Server: nginx
              Last-Modified: Tue, 16 Apr 2024 06:32:49 GMT
              Access-Control-Expose-Headers: X-Total,X-Per-Page,X-Page,X-Metadata,X-One-Time-Password-Sent-To
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
              Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,Pragma,Cache,X-ActivePipe-Auth,X-Client-Version,X-One-Time-Password
              2024-04-16 14:22:00 UTC15748INData Raw: 00 00 01 00 06 00 10 10 00 00 00 00 20 00 68 04 00 00 66 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ce 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 76 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 1e 3b 00 00 80 80 00 00 00 00 20 00 28 08 01 00 46 7d 00 00 00 00 00 00 00 00 20 00 28 20 04 00 6e 85 01 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 00 00 00 23 00 00 00 15 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 0d 00 00 00 13 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 77 00 00 00 ff 00 00 00 63 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00
              Data Ascii: hf 00 %v@@ (B; (F} ( n( @#wc
              2024-04-16 14:22:00 UTC16379INData Raw: ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 31 00 00 00 81 00 00 00 af 00 00 00 c5 00 00 00 cb 00 00 00 6d ff ff ff 01 ff
              Data Ascii: 1m
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01
              Data Ascii:
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 55 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 e5 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 9a 9f 5c 21 99 a0 5d f5 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 9a a0 5d ff 99 a0 5d ff 51 ab 82 ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3e af 8d ff 3d af 8d e3 3d af 8c 0b ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01
              Data Ascii: U\!]]]]]]]]]]]]]]]]]]Q>>>>>>>>==
              2024-04-16 14:22:00 UTC16384INData Raw: 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 fb 00 00 00 59 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 20 c1 f7 07 21 c2 f9 d7 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 21 c2 f9 ff 20 c1 f8 ff 21 a2 f5 f5 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff 22 92 f3 ff
              Data Ascii: Y !!!!!!!!!!!!! !""""""""""
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 4d 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 f3 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 4c 76 ea 03 4d 76 e9 c3 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff 4d 77 ea ff
              Data Ascii: MLvMvMwMwMwMwMwMwMwMw
              2024-04-16 14:22:00 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 11 00 00 00 57 00 00 00 a7 00 00 00 e3 00 00 00 f7 00 00 00 fd 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 f5 00 00 00 29 ff ff ff 01 ff ff ff 01 ff ff ff 01
              Data Ascii: W)
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 51 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 f5 00 00 00 29 ff ff ff 01 ff ff ff 01 ff ff ff 01
              Data Ascii: Q)
              2024-04-16 14:22:00 UTC16384INData Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 00 00 00 1d 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 00 00 00 bf 00 00 00 0b ff ff ff 01 ff ff ff 01 99 9f 5b 03 99 9f 5c 95 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd 9a a0 5d fd
              Data Ascii: [\]]]]]]]]]]]]]


              Session IDSource IPSource PortDestination IPDestination Port
              5192.168.2.54972623.1.237.91443
              TimestampBytes transferredDirectionData
              2024-04-16 14:22:11 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
              Origin: https://www.bing.com
              Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
              Accept: */*
              Accept-Language: en-CH
              Content-type: text/xml
              X-Agent-DeviceId: 01000A410900D492
              X-BM-CBT: 1696428841
              X-BM-DateFormat: dd/MM/yyyy
              X-BM-DeviceDimensions: 784x984
              X-BM-DeviceDimensionsLogical: 784x984
              X-BM-DeviceScale: 100
              X-BM-DTZ: 120
              X-BM-Market: CH
              X-BM-Theme: 000000;0078d7
              X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
              X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
              X-Device-isOptin: false
              X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
              X-Device-OSSKU: 48
              X-Device-Touch: false
              X-DeviceID: 01000A410900D492
              X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
              X-MSEdge-ExternalExpType: JointCoord
              X-PositionerType: Desktop
              X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
              X-Search-CortanaAvailableCapabilities: None
              X-Search-SafeSearch: Moderate
              X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
              X-UserAgeClass: Unknown
              Accept-Encoding: gzip, deflate, br
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
              Host: www.bing.com
              Content-Length: 2484
              Connection: Keep-Alive
              Cache-Control: no-cache
              Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713277299050&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
              2024-04-16 14:22:11 UTC1OUTData Raw: 3c
              Data Ascii: <
              2024-04-16 14:22:11 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
              Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
              2024-04-16 14:22:11 UTC478INHTTP/1.1 204 No Content
              Access-Control-Allow-Origin: *
              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
              X-MSEdge-Ref: Ref A: 774CA5BBE7F248C1B74AF778F1DFB45A Ref B: LAX311000108045 Ref C: 2024-04-16T14:22:11Z
              Date: Tue, 16 Apr 2024 14:22:11 GMT
              Connection: close
              Alt-Svc: h3=":443"; ma=93600
              X-CDN-TraceID: 0.57ed0117.1713277331.725c73


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:16:21:49
              Start date:16/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:16:21:52
              Start date:16/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2028,i,3607310084960368842,4410557135685336208,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:16:21:53
              Start date:16/04/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.apemail.net"
              Imagebase:0x7ff715980000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly