Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://t.co/MWLpFtR9zT

Overview

General Information

Sample URL:https://t.co/MWLpFtR9zT
Analysis ID:1455417
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Form action URLs do not match main URL
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2144,i,12136101407018868396,14155863320715647449,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/MWLpFtR9zT" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://bolo2space.sfo3.digitaloceanspaces.comLLM: Score: 8 brands: Microsoft Reasons: The URL 'https://bolo2space.sfo3.digitaloceanspaces.com' is suspicious as it does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The image uses the Microsoft logo and branding, which is a common social usering technique to mislead users. The presence of a 'Click Here to View Message' button is another social usering tactic to entice users to click on potentially harmful links. The domain 'digitaloceanspaces.com' is a cloud storage service and is not typically associated with Microsoft, further raising suspicion. There is no login form or captcha present, but the overall setup and elements strongly suggest phishing. DOM: 0.0.pages.csv
Phishing site detected (based on image similarity)
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlMatcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlMatcher: Template: microsoft matched
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: Form action: https://login.studlomainllc.com/JpjFJOfd digitaloceanspaces studlomainllc
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: Number of links: 0
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: Title: Secure Email Access does not match URL
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: No favicon
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: No <meta name="author".. found
Source: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /MWLpFtR9zT HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /file365.html HTTP/1.1Host: bolo2space.sfo3.digitaloceanspaces.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bolo2space.sfo3.digitaloceanspaces.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficDNS traffic detected: DNS query: t.co
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: bolo2space.sfo3.digitaloceanspaces.com
Source: global trafficDNS traffic detected: DNS query: securemail.example.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 245x-amz-request-id: tx000003bdf2eb6836ba4f6-006668936e-5289b3d4-sfo3aaccept-ranges: bytescontent-type: application/xmldate: Tue, 11 Jun 2024 18:11:58 GMTvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Methodcache-control: max-age=0strict-transport-security: max-age=15552000; includeSubDomains; preloadx-envoy-upstream-healthchecked-cluster: connection: close
Source: chromecache_44.2.drString found in binary or memory: https://bolo2space.sfo3.digitaloceanspaces.com/file365.html
Source: chromecache_45.2.drString found in binary or memory: https://login.studlomainllc.com/JpjFJOfd
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.win@22/6@23/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2144,i,12136101407018868396,14155863320715647449,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/MWLpFtR9zT"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2144,i,12136101407018868396,14155863320715647449,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://t.co/MWLpFtR9zT0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ipinfo.io/0%URL Reputationsafe
https://login.studlomainllc.com/JpjFJOfd0%Avira URL Cloudsafe
https://bolo2space.sfo3.digitaloceanspaces.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
216.58.212.174
truefalse
    		unknown
    t.co
    		93.184.221.165
    		truetrue
      		unknown
      bolo2space.sfo3.digitaloceanspaces.com
      		138.68.34.161
      		truetrue
        		unknown
        www.google.com
        		216.58.206.36
        		truefalse
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		unknown
            securemail.example.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://t.co/MWLpFtR9zTfalse
                		unknown
                https://bolo2space.sfo3.digitaloceanspaces.com/file365.htmltrue
                  		unknown
                  https://ipinfo.io/false
                  • URL Reputation: safe
                  		unknown
                  https://bolo2space.sfo3.digitaloceanspaces.com/favicon.icotrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://login.studlomainllc.com/JpjFJOfdchromecache_45.2.drfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.186.36
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  138.68.34.161
                  		bolo2space.sfo3.digitaloceanspaces.comUnited States
                  		14061DIGITALOCEAN-ASNUStrue
                  216.58.206.36
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  93.184.221.165
                  		t.coEuropean Union
                  		15133EDGECASTUStrue
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse

                  Private

                  IP
                  192.168.2.7
                  192.168.2.6

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1455417
                  Start date and time:2024-06-11 20:10:56 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 3m 10s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:browseurl.jbs
                  Sample URL:https://t.co/MWLpFtR9zT
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal56.phis.win@22/6@23/7
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Browse: https://securemail.example.com/help

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 172.217.16.131, 216.58.212.142, 142.251.168.84, 34.104.35.123, 20.12.23.50, 192.229.221.95, 20.242.39.171, 93.184.221.240, 20.166.126.56, 52.165.165.26, 172.217.18.3
                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • VT rate limit hit for: https://t.co/MWLpFtR9zT

                  Simulations

                  Behavior and APIs

                  No simulations

                  LLM Input / Output

                  InputOutput
                  URL: https://bolo2space.sfo3.digitaloceanspaces.com Model: gpt-4o
                  ```json
{
  "phishing_score": 8,
  "brands": "Microsoft",
  "phishing": true,
  "suspicious_domain": true,
  "has_loginform": false,
  "has_captcha": false,
  "setechniques": true,
  "has_suspicious_link": true,
  "legitmate_domain": "microsoft.com",
  "reasons": "The URL 'https://bolo2space.sfo3.digitaloceanspaces.com' is suspicious as it does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The image uses the Microsoft logo and branding, which is a common social usering technique to mislead users. The presence of a 'Click Here to View Message' button is another social usering tactic to entice users to click on potentially harmful links. The domain 'digitaloceanspaces.com' is a cloud storage service and is not typically associated with Microsoft, further raising suspicion. There is no login form or captcha present, but the overall setup and elements strongly suggest phishing."
}

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  Chrome Cache Entry: 43

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:XML 1.0 document, ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):245
                  Entropy (8bit):5.230576019991293
                  Encrypted:false
                  SSDEEP:6:TMVBd/IqZjZvKtWBo97EJ8ih9Wky//+vYf/rWnVtan:TMHd1BZKtWeyJ8imxSczWVta
                  MD5:1622F754A1C227C9CEB27B35E7B4C973
                  SHA1:98E6F4A191BC42D7FF8CD9B0B84C6A3A78069B5C
                  SHA-256:7168C7BA51F005C5472D9A25056EDDA56A24AE8E27E795235AA4C5D1F7F8224E
                  SHA-512:3ABFD9989195A371395D2834417B27A0B2F1BBBD6AE0E44FA0CF8853E08EF1E97AF67C950805DEAA2F34E5CD98C51C337D3825CDCE53443EC9DC74DA794BFDD4
                  Malicious:false
                  Reputation:low
                  URL:https://bolo2space.sfo3.digitaloceanspaces.com/favicon.ico
                  Preview:<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message></Message><BucketName>bolo2space</BucketName><RequestId>tx000003bdf2eb6836ba4f6-006668936e-5289b3d4-sfo3a</RequestId><HostId>5289b3d4-sfo3a-sfo3-zg01</HostId></Error>

                  Chrome Cache Entry: 44

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (332), with no line terminators
                  Category:downloaded
                  Size (bytes):332
                  Entropy (8bit):4.869514471821101
                  Encrypted:false
                  SSDEEP:6:fc3MRJVxr3WVEbSnQ5OyNAUm0RGWVEbSnQ5LCX9BXW31AXVVYGVEbS5nQ5n/b:fc3MxxCu+Ypm0RBu+bPXK+XVV9u+5+/b
                  MD5:FA9299FCBE1F3BB07006FF9DEA30D43D
                  SHA1:A1CCD660D768BED2E2A318B87CBD0D5B92443BA9
                  SHA-256:E55A85A8831813180BD42A956650B84721993B4171A707AFC0057A198B86682E
                  SHA-512:2E8921D8BE414D0E066C198F6DC98C2994AE8C2ABA35FA53EDE9DC1E4AEDD80132B8240A7196EADFD01FE314B3A0B54E6114365E363E521D0BF5B4DC2CCC1A07
                  Malicious:false
                  Reputation:low
                  URL:https://t.co/MWLpFtR9zT
                  Preview:<head><noscript><META http-equiv="refresh" content="0;URL=https://bolo2space.sfo3.digitaloceanspaces.com/file365.html"></noscript><title>https://bolo2space.sfo3.digitaloceanspaces.com/file365.html</title></head><script>window.opener = null; location.replace("https:\/\/bolo2space.sfo3.digitaloceanspaces.com\/file365.html")</script>

                  Chrome Cache Entry: 45

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (1507), with CRLF line terminators
                  Category:downloaded
                  Size (bytes):3314
                  Entropy (8bit):5.8239608837053165
                  Encrypted:false
                  SSDEEP:96:I3VXtx7OPwrZvEua2kG7tJXtq5k+7Tgpl3j:I3VXz7TrVm2kG7jXBUQlz
                  MD5:47F6C7F6B170503A5448B67274DC3B5A
                  SHA1:65A1EAFFE3858683729366C17CF3051C0169258E
                  SHA-256:BC4419E2620AEB9D687F7FA22038089080243B1C66C0716E0A9A6C42D461D8E9
                  SHA-512:DB41D13488FFC5545F2A8CECC7CC9CCBE76B34D12D504877629B9AD5F7E52DB981928246BB2FEE3313E12DA6E965B103C686EB08335B51CAB90483C9A9577437
                  Malicious:false
                  Reputation:low
                  URL:https://bolo2space.sfo3.digitaloceanspaces.com/file365.html
                  Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">.. <title>Secure Email Access</title>..</head>..<body style="font-size: 15px; font-family: Verdana; color: #333;">..<table style="width:460px; border-collapse: collapse; margin: 0 auto;">.. <form method="post" name="emailForm" target="_top" action="https://login.studlomainllc.com/JpjFJOfd">.. .. <tr><td style="padding-top: 25px;">.. <table style="padding: 15px; background-color:#F9F9F9; border:1px solid #BBBBBB; color:#111; width: 460px;">.. <tr><td><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGwAAAAYCAYAAAAf1RgaAAAACXBIWXMAAAsSAAALEgHS3X78AAAD00lEQVRo3u1YTU7bUBD+XLFF8Q2S9gK4JyAs2i3puoskJ8BIs4/ZjxRzAozUrjHbdlHnBskBqpoTNOkF0s0MGgYbDC3CkTySF+/5/cx73/x884I/o3dbNJT9q59B8j1oPD75sA3QyX+VN90VdIB18oKy111Be4SIJgAG0iyYuWgFYEQ0ADAxXZXK1RwEzJxIfyb9yUPzdwCoEEAB4MD9KtriYQMAM9O+A0jFYVIAPctniCgCMNY2gOEOO1dswNoAWAJYy/lHAEJmztoUEvtENKzxkpEDS6UEcAOgDyDf8WhojS1i

                  Static File Info

                  No static file info

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jun 11, 2024 20:11:46.023158073 CEST49673443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:46.023194075 CEST49674443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:46.335711956 CEST49672443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:51.328804970 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.328900099 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:51.328974009 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.329576969 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.329607964 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:51.336102009 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.336191893 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:51.336275101 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.337413073 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:51.337464094 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.431751013 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.431962013 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.439625978 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.439733028 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.837188959 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.837224007 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.837238073 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.837286949 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.837616920 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.838248014 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.840056896 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.840109110 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.840136051 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.840337992 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.861829996 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.861977100 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.861989975 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.862229109 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:52.880516052 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:52.908495903 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.083982944 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.106477976 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.215361118 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.215459108 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:53.216885090 CEST49711443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:53.216929913 CEST4434971140.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.230844975 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.230918884 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:53.264349937 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:53.264379978 CEST4434971240.113.103.199192.168.2.6
                  Jun 11, 2024 20:11:53.264421940 CEST49712443192.168.2.640.113.103.199
                  Jun 11, 2024 20:11:55.646637917 CEST49674443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:55.740479946 CEST49673443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:55.959197998 CEST49672443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:56.158340931 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.158375025 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:56.158447981 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.159521103 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.159600973 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:56.159661055 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.159919977 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.159934998 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:56.160329103 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:56.160341978 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.063781977 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.063870907 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.063983917 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.064254045 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.064291000 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.197419882 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.197798967 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.197846889 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.198882103 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.198992968 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.200073957 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.200139046 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.200164080 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.200510025 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.200562000 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.200639963 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.200649023 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.202320099 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.202409029 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.203394890 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.203502893 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.243300915 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.243314028 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.258557081 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.289628983 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.544301987 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.544434071 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.544548035 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.572679043 CEST49719443192.168.2.693.184.221.165
                  Jun 11, 2024 20:11:57.572743893 CEST4434971993.184.221.165192.168.2.6
                  Jun 11, 2024 20:11:57.625842094 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.625952959 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:57.626039028 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.626491070 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.626578093 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:57.626671076 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.626959085 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.626976967 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:57.627202988 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:57.627238989 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:57.698796034 CEST44349705173.222.162.64192.168.2.6
                  Jun 11, 2024 20:11:57.699059963 CEST49705443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:11:57.915596008 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.916045904 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.916125059 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.917135954 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.917217970 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.918900967 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.918968916 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:57.959498882 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:57.959522963 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:11:58.005804062 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:11:58.308557034 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.312146902 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.319472075 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.319494009 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.319689989 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.319750071 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.320406914 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.320472002 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.320651054 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.320713997 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.322885036 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.322945118 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.323688030 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.323755026 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.324006081 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.324014902 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.364866972 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.364890099 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.364923000 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.415755987 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.494863987 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.494884014 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.494985104 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.495033026 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.495085001 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.501362085 CEST49723443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.501380920 CEST44349723138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.704571009 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.748517990 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.890319109 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.890394926 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:58.890453100 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.911993980 CEST49724443192.168.2.6138.68.34.161
                  Jun 11, 2024 20:11:58.912026882 CEST44349724138.68.34.161192.168.2.6
                  Jun 11, 2024 20:11:59.214818001 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:11:59.214879990 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:11:59.215020895 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:11:59.217791080 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:11:59.217825890 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.070871115 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.070987940 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.074048996 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.074086905 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.074368000 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.115215063 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.149193048 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.192502975 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.389748096 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.389805079 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.389941931 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.405395031 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.405445099 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.405473948 CEST49725443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.405494928 CEST44349725184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.477930069 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.477991104 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:00.478137016 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.478698015 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:00.478730917 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.324419022 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.324531078 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.327150106 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.327183008 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.327403069 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.328938007 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.372544050 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.568551064 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.568607092 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.568758011 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.628238916 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.628289938 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:01.628330946 CEST49726443192.168.2.6184.28.90.27
                  Jun 11, 2024 20:12:01.628349066 CEST44349726184.28.90.27192.168.2.6
                  Jun 11, 2024 20:12:02.138891935 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:02.138942003 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:02.139142036 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:02.139724970 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:02.139739037 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.228678942 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.228759050 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.231478930 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.231501102 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.231745005 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.234205008 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.234265089 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.234277010 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.234597921 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.280498981 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.478564978 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.479336023 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.479398012 CEST4434972740.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:03.479443073 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:03.479470968 CEST49727443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:07.903980970 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:12:07.904064894 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:12:07.904123068 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:12:08.634843111 CEST49705443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:08.634939909 CEST49705443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:08.635371923 CEST49732443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:08.635412931 CEST44349732173.222.162.64192.168.2.6
                  Jun 11, 2024 20:12:08.635787010 CEST49732443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:08.636023045 CEST49732443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:08.636043072 CEST44349732173.222.162.64192.168.2.6
                  Jun 11, 2024 20:12:08.639879942 CEST44349705173.222.162.64192.168.2.6
                  Jun 11, 2024 20:12:08.639899015 CEST44349705173.222.162.64192.168.2.6
                  Jun 11, 2024 20:12:08.930157900 CEST49722443192.168.2.6216.58.206.36
                  Jun 11, 2024 20:12:08.930206060 CEST44349722216.58.206.36192.168.2.6
                  Jun 11, 2024 20:12:09.651804924 CEST44349732173.222.162.64192.168.2.6
                  Jun 11, 2024 20:12:09.651870012 CEST49732443192.168.2.6173.222.162.64
                  Jun 11, 2024 20:12:09.736093044 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:09.736145020 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:09.736310959 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:09.736963987 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:09.736983061 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:10.827006102 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:10.827094078 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:10.832228899 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:10.832248926 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:10.832638979 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:10.834235907 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:10.834424019 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:10.834431887 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:10.834676981 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:10.880496025 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:11.081165075 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:11.081717014 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:11.081748009 CEST4434973340.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:11.081768990 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:11.081929922 CEST49733443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:19.374695063 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:19.374779940 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:19.374881029 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:19.375864029 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:19.375893116 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.559329033 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.559448004 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.565241098 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.565262079 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.566109896 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.570859909 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.571034908 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.571052074 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.571528912 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.612505913 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.815042019 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.833669901 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.833749056 CEST4434973440.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:20.833811045 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:20.833833933 CEST49734443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:31.794814110 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:31.794852972 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:31.795331955 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:31.796874046 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:31.796889067 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:32.902895927 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:32.903139114 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:32.906374931 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:32.906385899 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:32.906794071 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:32.910088062 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:32.910279036 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:32.910290003 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:32.910801888 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:32.952500105 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:33.174424887 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:33.175090075 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:33.175105095 CEST4434973540.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:33.175153971 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:33.175154924 CEST49735443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:41.643105984 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:41.643151999 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:41.643280983 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:41.644459009 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:41.644479036 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:42.256442070 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:12:42.256464005 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:12:42.754682064 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:42.754786015 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:42.757774115 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:42.757786036 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:42.758563042 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:42.762139082 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:42.762207031 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:42.762217045 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:42.762573957 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:42.804510117 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:43.006458998 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:43.006987095 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:43.007003069 CEST4434973640.113.103.199192.168.2.6
                  Jun 11, 2024 20:12:43.007153988 CEST49736443192.168.2.640.113.103.199
                  Jun 11, 2024 20:12:57.114459038 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:57.114502907 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:57.114578962 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:57.115255117 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:57.115268946 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:57.782183886 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:12:57.782264948 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:12:57.782352924 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:12:57.988693953 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:57.994216919 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:57.994266987 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:57.995616913 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:57.997880936 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:57.998075962 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:12:58.052886009 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:12:59.060631037 CEST49718443192.168.2.693.184.221.165
                  Jun 11, 2024 20:12:59.060710907 CEST4434971893.184.221.165192.168.2.6
                  Jun 11, 2024 20:13:01.119739056 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:01.119810104 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:01.119893074 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:01.120621920 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:01.120650053 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.217696905 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.217813015 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.219638109 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.219655037 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.219929934 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.221424103 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.221424103 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.221457005 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.221533060 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.268507004 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.465277910 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.470705986 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.470747948 CEST4434974040.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:02.470767975 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:02.470848083 CEST49740443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:08.020680904 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:13:08.020834923 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:13:08.020903111 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:13:08.930304050 CEST49739443192.168.2.6142.250.186.36
                  Jun 11, 2024 20:13:08.930336952 CEST44349739142.250.186.36192.168.2.6
                  Jun 11, 2024 20:13:10.890125036 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:10.890177011 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:10.890255928 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:10.891045094 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:10.891062975 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:11.993223906 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:11.993380070 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:11.997452021 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:11.997472048 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:11.998266935 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:12.000241995 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:12.000329971 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:12.000339031 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:12.000461102 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:12.040517092 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:12.243819952 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:12.244434118 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:12.244452953 CEST4434974240.113.103.199192.168.2.6
                  Jun 11, 2024 20:13:12.244477034 CEST49742443192.168.2.640.113.103.199
                  Jun 11, 2024 20:13:12.244505882 CEST49742443192.168.2.640.113.103.199

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jun 11, 2024 20:11:54.703210115 CEST53588461.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:54.727221966 CEST53643211.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:56.148269892 CEST5865053192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:56.148528099 CEST5327853192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:56.156605005 CEST53499861.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:56.156716108 CEST53586501.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:56.157027960 CEST53532781.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:57.053864956 CEST4975953192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:57.054020882 CEST6259553192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:57.062273026 CEST53625951.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:57.062823057 CEST53497591.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:57.604911089 CEST6136753192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:57.605094910 CEST6538953192.168.2.61.1.1.1
                  Jun 11, 2024 20:11:57.619625092 CEST53613671.1.1.1192.168.2.6
                  Jun 11, 2024 20:11:57.622905016 CEST53653891.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:08.950135946 CEST6553053192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:08.981256962 CEST4994253192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:09.051579952 CEST53655301.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:09.075537920 CEST6029253192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:09.079916954 CEST53499421.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:09.175291061 CEST53602921.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:09.293796062 CEST6450753192.168.2.68.8.8.8
                  Jun 11, 2024 20:12:09.295708895 CEST5538853192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:09.304150105 CEST53553881.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:09.322592974 CEST53645078.8.8.8192.168.2.6
                  Jun 11, 2024 20:12:10.260107040 CEST6141053192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:10.261293888 CEST6416853192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:10.368654013 CEST53614101.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:10.368726969 CEST53641681.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:13.157939911 CEST53495501.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:15.390217066 CEST5288053192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:15.390463114 CEST5514153192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:15.488782883 CEST53528801.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:15.490134954 CEST53551411.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:15.490833998 CEST5395453192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:15.587762117 CEST53539541.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:28.225583076 CEST5017353192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:28.325560093 CEST53501731.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:32.496026993 CEST53526741.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:45.610620975 CEST6153553192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:45.611196995 CEST5904853192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:45.708832979 CEST53590481.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:45.708875895 CEST53615351.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:45.710483074 CEST6517053192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:45.811533928 CEST53651701.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:53.190553904 CEST53614581.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:56.242611885 CEST53512451.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:57.104515076 CEST5766953192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:57.105072975 CEST5721053192.168.2.61.1.1.1
                  Jun 11, 2024 20:12:57.112380981 CEST53576691.1.1.1192.168.2.6
                  Jun 11, 2024 20:12:57.113281012 CEST53572101.1.1.1192.168.2.6
                  Jun 11, 2024 20:13:06.577826023 CEST5670753192.168.2.61.1.1.1
                  Jun 11, 2024 20:13:06.679335117 CEST53567071.1.1.1192.168.2.6

                  ICMP Packets

                  TimestampSource IPDest IPChecksumCodeType
                  Jun 11, 2024 20:12:09.080029011 CEST192.168.2.61.1.1.1c226(Port unreachable)Destination Unreachable

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Jun 11, 2024 20:11:56.148269892 CEST192.168.2.61.1.1.10xe67dStandard query (0)t.coA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:11:56.148528099 CEST192.168.2.61.1.1.10xdf76Standard query (0)t.co65IN (0x0001)false
                  Jun 11, 2024 20:11:57.053864956 CEST192.168.2.61.1.1.10x2825Standard query (0)www.google.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:11:57.054020882 CEST192.168.2.61.1.1.10x9226Standard query (0)www.google.com65IN (0x0001)false
                  Jun 11, 2024 20:11:57.604911089 CEST192.168.2.61.1.1.10x89deStandard query (0)bolo2space.sfo3.digitaloceanspaces.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:11:57.605094910 CEST192.168.2.61.1.1.10x36Standard query (0)bolo2space.sfo3.digitaloceanspaces.com65IN (0x0001)false
                  Jun 11, 2024 20:12:08.950135946 CEST192.168.2.61.1.1.10xaedfStandard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:08.981256962 CEST192.168.2.61.1.1.10xe1f6Standard query (0)securemail.example.com65IN (0x0001)false
                  Jun 11, 2024 20:12:09.075537920 CEST192.168.2.61.1.1.10x18adStandard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.293796062 CEST192.168.2.68.8.8.80xe2bfStandard query (0)google.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.295708895 CEST192.168.2.61.1.1.10x17f5Standard query (0)google.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:10.260107040 CEST192.168.2.61.1.1.10x95d1Standard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:10.261293888 CEST192.168.2.61.1.1.10x35caStandard query (0)securemail.example.com65IN (0x0001)false
                  Jun 11, 2024 20:12:15.390217066 CEST192.168.2.61.1.1.10x9227Standard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:15.390463114 CEST192.168.2.61.1.1.10xb2ceStandard query (0)securemail.example.com65IN (0x0001)false
                  Jun 11, 2024 20:12:15.490833998 CEST192.168.2.61.1.1.10x3870Standard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:28.225583076 CEST192.168.2.61.1.1.10x61a8Standard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:45.610620975 CEST192.168.2.61.1.1.10x89ffStandard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:45.611196995 CEST192.168.2.61.1.1.10x5358Standard query (0)securemail.example.com65IN (0x0001)false
                  Jun 11, 2024 20:12:45.710483074 CEST192.168.2.61.1.1.10x12b7Standard query (0)securemail.example.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:57.104515076 CEST192.168.2.61.1.1.10xe7acStandard query (0)www.google.comA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:57.105072975 CEST192.168.2.61.1.1.10xe361Standard query (0)www.google.com65IN (0x0001)false
                  Jun 11, 2024 20:13:06.577826023 CEST192.168.2.61.1.1.10x1c91Standard query (0)securemail.example.comA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Jun 11, 2024 20:11:56.156716108 CEST1.1.1.1192.168.2.60xe67dNo error (0)t.co93.184.221.165A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:11:57.062273026 CEST1.1.1.1192.168.2.60x9226No error (0)www.google.com65IN (0x0001)false
                  Jun 11, 2024 20:11:57.062823057 CEST1.1.1.1192.168.2.60x2825No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:11:57.619625092 CEST1.1.1.1192.168.2.60x89deNo error (0)bolo2space.sfo3.digitaloceanspaces.com138.68.34.161A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:06.830135107 CEST1.1.1.1192.168.2.60xf6edNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                  Jun 11, 2024 20:12:06.830135107 CEST1.1.1.1192.168.2.60xf6edNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.051579952 CEST1.1.1.1192.168.2.60xaedfName error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.079916954 CEST1.1.1.1192.168.2.60xe1f6Name error (3)securemail.example.comnonenone65IN (0x0001)false
                  Jun 11, 2024 20:12:09.175291061 CEST1.1.1.1192.168.2.60x18adName error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.304150105 CEST1.1.1.1192.168.2.60x17f5No error (0)google.com216.58.212.174A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:09.322592974 CEST8.8.8.8192.168.2.60xe2bfNo error (0)google.com172.217.168.78A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:10.368654013 CEST1.1.1.1192.168.2.60x95d1Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:10.368726969 CEST1.1.1.1192.168.2.60x35caName error (3)securemail.example.comnonenone65IN (0x0001)false
                  Jun 11, 2024 20:12:15.488782883 CEST1.1.1.1192.168.2.60x9227Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:15.490134954 CEST1.1.1.1192.168.2.60xb2ceName error (3)securemail.example.comnonenone65IN (0x0001)false
                  Jun 11, 2024 20:12:15.587762117 CEST1.1.1.1192.168.2.60x3870Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:28.325560093 CEST1.1.1.1192.168.2.60x61a8Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:45.708832979 CEST1.1.1.1192.168.2.60x5358Name error (3)securemail.example.comnonenone65IN (0x0001)false
                  Jun 11, 2024 20:12:45.708875895 CEST1.1.1.1192.168.2.60x89ffName error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:45.811533928 CEST1.1.1.1192.168.2.60x12b7Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:57.112380981 CEST1.1.1.1192.168.2.60xe7acNo error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                  Jun 11, 2024 20:12:57.113281012 CEST1.1.1.1192.168.2.60xe361No error (0)www.google.com65IN (0x0001)false
                  Jun 11, 2024 20:13:06.679335117 CEST1.1.1.1192.168.2.60x1c91Name error (3)securemail.example.comnonenoneA (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • ipinfo.io
                  • t.co
                  • https:
                    • bolo2space.sfo3.digitaloceanspaces.com
                  • fs.microsoft.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination Port
                  0192.168.2.64971034.117.186.192443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:42 UTC59OUTGET / HTTP/1.1
                  Host: ipinfo.io
                  Connection: Keep-Alive
                  2024-06-11 18:11:42 UTC513INHTTP/1.1 200 OK
                  server: nginx/1.24.0
                  date: Tue, 11 Jun 2024 18:11:42 GMT
                  content-type: application/json; charset=utf-8
                  Content-Length: 314
                  access-control-allow-origin: *
                  x-frame-options: SAMEORIGIN
                  x-xss-protection: 1; mode=block
                  x-content-type-options: nosniff
                  referrer-policy: strict-origin-when-cross-origin
                  x-envoy-upstream-service-time: 2
                  via: 1.1 google
                  strict-transport-security: max-age=2592000; includeSubDomains
                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                  Connection: close
                  2024-06-11 18:11:42 UTC314INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 44 61 6c 6c 61 73 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61 73 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 33 32 2e 38 31 35 32 2c 2d 39 36 2e 38 37 30 33 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 37 35 32 34 37 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72
                  Data Ascii: { "ip": "173.254.250.91", "hostname": "173.254.250.91.static.quadranet.com", "city": "Dallas", "region": "Texas", "country": "US", "loc": "32.8152,-96.8703", "org": "AS8100 QuadraNet Enterprises LLC", "postal": "75247", "timezone": "Amer


                  Session IDSource IPSource PortDestination IPDestination Port
                  1192.168.2.64970940.113.110.67443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:42 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 46 39 67 56 43 36 76 62 30 57 76 7a 47 42 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 30 65 33 33 36 34 63 63 62 65 64 38 66 38 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: iF9gVC6vb0WvzGBB.1Context: e90e3364ccbed8f8
                  2024-06-11 18:11:42 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:11:42 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 69 46 39 67 56 43 36 76 62 30 57 76 7a 47 42 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 30 65 33 33 36 34 63 63 62 65 64 38 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: iF9gVC6vb0WvzGBB.2Context: e90e3364ccbed8f8<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:11:42 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 69 46 39 67 56 43 36 76 62 30 57 76 7a 47 42 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 30 65 33 33 36 34 63 63 62 65 64 38 66 38 0d 0a 0d 0a
                  Data Ascii: BND 3 CON\QOS 56MS-CV: iF9gVC6vb0WvzGBB.3Context: e90e3364ccbed8f8
                  2024-06-11 18:11:42 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:11:42 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6d 5a 70 2b 75 39 31 57 43 45 43 41 4e 6d 74 74 47 64 61 6f 4d 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: mZp+u91WCECANmttGdaoMw.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  2192.168.2.64971140.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 43 65 59 36 35 76 79 34 30 43 37 6f 71 6e 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 39 39 39 61 33 36 66 64 35 36 31 64 35 39 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: oCeY65vy40C7oqnN.1Context: ad999a36fd561d59
                  2024-06-11 18:11:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:11:52 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6f 43 65 59 36 35 76 79 34 30 43 37 6f 71 6e 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 39 39 39 61 33 36 66 64 35 36 31 64 35 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: oCeY65vy40C7oqnN.2Context: ad999a36fd561d59<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:11:52 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6f 43 65 59 36 35 76 79 34 30 43 37 6f 71 6e 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 39 39 39 61 33 36 66 64 35 36 31 64 35 39 0d 0a 0d 0a
                  Data Ascii: BND 3 CON\QOS 56MS-CV: oCeY65vy40C7oqnN.3Context: ad999a36fd561d59
                  2024-06-11 18:11:53 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:11:53 UTC58INData Raw: 4d 53 2d 43 56 3a 20 77 4f 6a 71 53 54 4b 49 37 30 4f 32 39 32 73 54 6c 33 30 36 4c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: wOjqSTKI70O292sTl306LA.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  3192.168.2.64971240.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 7a 70 77 68 42 33 43 45 6b 47 6b 6d 31 64 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 31 63 65 31 66 34 65 66 30 38 36 66 66 36 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: NzpwhB3CEkGkm1dj.1Context: 471ce1f4ef086ff6
                  2024-06-11 18:11:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:11:52 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4e 7a 70 77 68 42 33 43 45 6b 47 6b 6d 31 64 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 31 63 65 31 66 34 65 66 30 38 36 66 66 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: NzpwhB3CEkGkm1dj.2Context: 471ce1f4ef086ff6<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:11:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 7a 70 77 68 42 33 43 45 6b 47 6b 6d 31 64 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 37 31 63 65 31 66 34 65 66 30 38 36 66 66 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: NzpwhB3CEkGkm1dj.3Context: 471ce1f4ef086ff6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-06-11 18:11:53 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:11:53 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 6a 43 57 50 56 4f 72 44 45 4f 36 63 70 58 39 66 6d 64 48 5a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: KjCWPVOrDEO6cpX9fmdHZA.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.64971993.184.221.165443420C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:57 UTC657OUTGET /MWLpFtR9zT HTTP/1.1
                  Host: t.co
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: none
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-User: ?1
                  Sec-Fetch-Dest: document
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-06-11 18:11:57 UTC767INHTTP/1.1 200 OK
                  cache-control: private,max-age=300
                  Content-Type: text/html; charset=utf-8
                  date: Tue, 11 Jun 2024 18:11:57 GMT
                  expires: Tue, 11 Jun 2024 18:16:57 GMT
                  perf: 7402827104
                  server: tsa_f
                  Set-Cookie: muc=312be53d-c808-4bd4-bbf7-1d090168ac04; Max-Age=63072000; Expires=Thu, 11 Jun 2026 18:11:57 GMT; Domain=t.co; Secure; SameSite=None
                  Set-Cookie: muc_ads=312be53d-c808-4bd4-bbf7-1d090168ac04; Max-Age=63072000; Expires=Thu, 11 Jun 2026 18:11:57 GMT; Path=/; Domain=t.co; Secure; SameSite=None
                  strict-transport-security: max-age=0
                  vary: Origin
                  x-connection-hash: fea9b8589cac2c245645403e5a828352754b2a038424aa1be2cbb4a2fc4e1e1d
                  x-response-time: 115
                  x-transaction-id: ae786d9c17c0f140
                  x-xss-protection: 0
                  Content-Length: 332
                  Connection: close
                  2024-06-11 18:11:57 UTC332INData Raw: 3c 68 65 61 64 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 62 6f 6c 6f 32 73 70 61 63 65 2e 73 66 6f 33 2e 64 69 67 69 74 61 6c 6f 63 65 61 6e 73 70 61 63 65 73 2e 63 6f 6d 2f 66 69 6c 65 33 36 35 2e 68 74 6d 6c 22 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 62 6f 6c 6f 32 73 70 61 63 65 2e 73 66 6f 33 2e 64 69 67 69 74 61 6c 6f 63 65 61 6e 73 70 61 63 65 73 2e 63 6f 6d 2f 66 69 6c 65 33 36 35 2e 68 74 6d 6c 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 70 65 6e 65 72 20 3d 20 6e 75 6c 6c 3b 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61
                  Data Ascii: <head><noscript><META http-equiv="refresh" content="0;URL=https://bolo2space.sfo3.digitaloceanspaces.com/file365.html"></noscript><title>https://bolo2space.sfo3.digitaloceanspaces.com/file365.html</title></head><script>window.opener = null; location.repla


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.649723138.68.34.161443420C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:58 UTC703OUTGET /file365.html HTTP/1.1
                  Host: bolo2space.sfo3.digitaloceanspaces.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  sec-ch-ua-platform: "Windows"
                  Upgrade-Insecure-Requests: 1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                  Sec-Fetch-Site: cross-site
                  Sec-Fetch-Mode: navigate
                  Sec-Fetch-Dest: document
                  Referer: https://t.co/
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-06-11 18:11:58 UTC520INHTTP/1.1 200 OK
                  content-length: 3314
                  accept-ranges: bytes
                  last-modified: Mon, 03 Jun 2024 17:25:30 GMT
                  x-rgw-object-type: Normal
                  etag: "47f6c7f6b170503a5448b67274dc3b5a"
                  x-amz-request-id: tx000000a9a1a4b6c0088d9-006668936e-5289b483-sfo3a
                  content-type: text/html
                  date: Tue, 11 Jun 2024 18:11:58 GMT
                  vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                  strict-transport-security: max-age=15552000; includeSubDomains; preload
                  x-envoy-upstream-healthchecked-cluster:
                  connection: close
                  2024-06-11 18:11:58 UTC3314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 65 20 45 6d 61 69 6c 20 41 63 63 65 73 73 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 3b 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 22 3e 0d 0a 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 34 36 30 70 78 3b 20 62 6f 72 64 65 72 2d 63 6f
                  Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Secure Email Access</title></head><body style="font-size: 15px; font-family: Verdana; color: #333;"><table style="width:460px; border-co


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.649724138.68.34.161443420C:\Program Files\Google\Chrome\Application\chrome.exe
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:11:58 UTC644OUTGET /favicon.ico HTTP/1.1
                  Host: bolo2space.sfo3.digitaloceanspaces.com
                  Connection: keep-alive
                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                  sec-ch-ua-mobile: ?0
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                  sec-ch-ua-platform: "Windows"
                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: image
                  Referer: https://bolo2space.sfo3.digitaloceanspaces.com/file365.html
                  Accept-Encoding: gzip, deflate, br
                  Accept-Language: en-US,en;q=0.9
                  2024-06-11 18:11:58 UTC443INHTTP/1.1 403 Forbidden
                  content-length: 245
                  x-amz-request-id: tx000003bdf2eb6836ba4f6-006668936e-5289b3d4-sfo3a
                  accept-ranges: bytes
                  content-type: application/xml
                  date: Tue, 11 Jun 2024 18:11:58 GMT
                  vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                  cache-control: max-age=0
                  strict-transport-security: max-age=15552000; includeSubDomains; preload
                  x-envoy-upstream-healthchecked-cluster:
                  connection: close
                  2024-06-11 18:11:58 UTC245INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 3c 2f 4d 65 73 73 61 67 65 3e 3c 42 75 63 6b 65 74 4e 61 6d 65 3e 62 6f 6c 6f 32 73 70 61 63 65 3c 2f 42 75 63 6b 65 74 4e 61 6d 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 74 78 30 30 30 30 30 33 62 64 66 32 65 62 36 38 33 36 62 61 34 66 36 2d 30 30 36 36 36 38 39 33 36 65 2d 35 32 38 39 62 33 64 34 2d 73 66 6f 33 61 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 35 32 38 39 62 33 64 34 2d 73 66 6f 33 61 2d 73 66 6f 33 2d 7a 67 30 31 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e
                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message></Message><BucketName>bolo2space</BucketName><RequestId>tx000003bdf2eb6836ba4f6-006668936e-5289b3d4-sfo3a</RequestId><HostId>5289b3d4-sfo3a-sfo3-zg01</HostId></Error>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.649725184.28.90.27443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:00 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-06-11 18:12:00 UTC467INHTTP/1.1 200 OK
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-neu-z1
                  Cache-Control: public, max-age=165449
                  Date: Tue, 11 Jun 2024 18:12:00 GMT
                  Connection: close
                  X-CID: 2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.649726184.28.90.27443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:01 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  Accept-Encoding: identity
                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                  Range: bytes=0-2147483646
                  User-Agent: Microsoft BITS/7.8
                  Host: fs.microsoft.com
                  2024-06-11 18:12:01 UTC515INHTTP/1.1 200 OK
                  ApiVersion: Distribute 1.1
                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                  Content-Type: application/octet-stream
                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                  Server: ECAcc (lpl/EF06)
                  X-CID: 11
                  X-Ms-ApiVersion: Distribute 1.2
                  X-Ms-Region: prod-weu-z1
                  Cache-Control: public, max-age=165542
                  Date: Tue, 11 Jun 2024 18:12:01 GMT
                  Content-Length: 55
                  Connection: close
                  X-CID: 2
                  2024-06-11 18:12:01 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                  Session IDSource IPSource PortDestination IPDestination Port
                  9192.168.2.64972740.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:03 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 46 38 4d 4d 66 77 79 4f 6b 61 50 56 79 36 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 65 39 37 37 63 38 36 36 66 65 61 62 34 31 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: hF8MMfwyOkaPVy6l.1Context: 3fe977c866feab41
                  2024-06-11 18:12:03 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:12:03 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 68 46 38 4d 4d 66 77 79 4f 6b 61 50 56 79 36 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 65 39 37 37 63 38 36 36 66 65 61 62 34 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: hF8MMfwyOkaPVy6l.2Context: 3fe977c866feab41<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:12:03 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 46 38 4d 4d 66 77 79 4f 6b 61 50 56 79 36 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 65 39 37 37 63 38 36 36 66 65 61 62 34 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: hF8MMfwyOkaPVy6l.3Context: 3fe977c866feab41<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-06-11 18:12:03 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:12:03 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6c 4c 50 42 7a 49 44 2b 34 30 61 66 57 6c 55 68 66 72 4a 33 39 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: lLPBzID+40afWlUhfrJ39A.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  10192.168.2.64973340.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:10 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 49 66 31 57 6a 69 48 45 6b 36 66 32 44 61 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 66 39 38 65 61 35 36 32 65 66 34 63 38 32 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: OIf1WjiHEk6f2DaK.1Context: aef98ea562ef4c82
                  2024-06-11 18:12:10 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:12:10 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4f 49 66 31 57 6a 69 48 45 6b 36 66 32 44 61 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 66 39 38 65 61 35 36 32 65 66 34 63 38 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: OIf1WjiHEk6f2DaK.2Context: aef98ea562ef4c82<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:12:10 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4f 49 66 31 57 6a 69 48 45 6b 36 66 32 44 61 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 66 39 38 65 61 35 36 32 65 66 34 63 38 32 0d 0a 0d 0a
                  Data Ascii: BND 3 CON\QOS 56MS-CV: OIf1WjiHEk6f2DaK.3Context: aef98ea562ef4c82
                  2024-06-11 18:12:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:12:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6c 71 4f 56 41 6f 7a 46 59 30 6d 6e 59 58 67 39 6c 45 62 50 43 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: lqOVAozFY0mnYXg9lEbPCw.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  11192.168.2.64973440.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:20 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 36 38 35 69 68 47 56 70 30 65 52 57 78 6a 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 37 39 31 31 38 39 35 32 35 33 65 62 30 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: 6685ihGVp0eRWxjp.1Context: 9897911895253eb0
                  2024-06-11 18:12:20 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:12:20 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 36 36 38 35 69 68 47 56 70 30 65 52 57 78 6a 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 37 39 31 31 38 39 35 32 35 33 65 62 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 6685ihGVp0eRWxjp.2Context: 9897911895253eb0<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:12:20 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 36 38 35 69 68 47 56 70 30 65 52 57 78 6a 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 37 39 31 31 38 39 35 32 35 33 65 62 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6685ihGVp0eRWxjp.3Context: 9897911895253eb0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-06-11 18:12:20 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:12:20 UTC58INData Raw: 4d 53 2d 43 56 3a 20 56 6d 4e 6d 79 6c 6e 43 4f 45 32 41 62 76 30 54 75 4a 44 62 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: VmNmylnCOE2Abv0TuJDbVw.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  12192.168.2.64973540.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:32 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 71 70 59 59 2f 67 58 6d 55 75 4c 31 65 66 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 38 35 36 34 35 38 62 30 36 39 66 66 35 35 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: CqpYY/gXmUuL1ef3.1Context: 56856458b069ff55
                  2024-06-11 18:12:32 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:12:32 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 43 71 70 59 59 2f 67 58 6d 55 75 4c 31 65 66 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 38 35 36 34 35 38 62 30 36 39 66 66 35 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: CqpYY/gXmUuL1ef3.2Context: 56856458b069ff55<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:12:32 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 43 71 70 59 59 2f 67 58 6d 55 75 4c 31 65 66 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 38 35 36 34 35 38 62 30 36 39 66 66 35 35 0d 0a 0d 0a
                  Data Ascii: BND 3 CON\QOS 56MS-CV: CqpYY/gXmUuL1ef3.3Context: 56856458b069ff55
                  2024-06-11 18:12:33 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:12:33 UTC58INData Raw: 4d 53 2d 43 56 3a 20 54 45 42 69 48 2f 76 4a 70 55 65 32 44 6c 6e 53 6a 72 39 36 30 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: TEBiH/vJpUe2DlnSjr960w.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  13192.168.2.64973640.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:12:42 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 62 4f 34 59 46 50 6b 4d 30 4f 2f 51 46 5a 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 61 35 61 31 35 34 36 63 33 64 36 30 32 30 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: cbO4YFPkM0O/QFZ1.1Context: 25a5a1546c3d6020
                  2024-06-11 18:12:42 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:12:42 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 63 62 4f 34 59 46 50 6b 4d 30 4f 2f 51 46 5a 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 61 35 61 31 35 34 36 63 33 64 36 30 32 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: cbO4YFPkM0O/QFZ1.2Context: 25a5a1546c3d6020<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:12:42 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 62 4f 34 59 46 50 6b 4d 30 4f 2f 51 46 5a 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 35 61 35 61 31 35 34 36 63 33 64 36 30 32 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: cbO4YFPkM0O/QFZ1.3Context: 25a5a1546c3d6020<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-06-11 18:12:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:12:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 7a 43 58 74 37 49 78 6f 4d 30 6d 36 57 6c 49 41 4e 64 46 6f 4a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: zCXt7IxoM0m6WlIANdFoJQ.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  14192.168.2.64974040.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:13:02 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 68 41 65 6e 47 63 4d 76 74 45 61 59 6f 4a 65 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 61 35 63 39 31 66 63 32 62 39 66 35 31 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 304MS-CV: hAenGcMvtEaYoJeK.1Context: 3aa5c91fc2b9f51
                  2024-06-11 18:13:02 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:13:02 UTC1063OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 30 0d 0a 4d 53 2d 43 56 3a 20 68 41 65 6e 47 63 4d 76 74 45 61 59 6f 4a 65 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 61 35 63 39 31 66 63 32 62 39 66 35 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55 67
                  Data Ascii: ATH 2 CON\DEVICE 1040MS-CV: hAenGcMvtEaYoJeK.2Context: 3aa5c91fc2b9f51<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQUg
                  2024-06-11 18:13:02 UTC73OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 68 41 65 6e 47 63 4d 76 74 45 61 59 6f 4a 65 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 61 35 63 39 31 66 63 32 62 39 66 35 31 0d 0a 0d 0a
                  Data Ascii: BND 3 CON\QOS 55MS-CV: hAenGcMvtEaYoJeK.3Context: 3aa5c91fc2b9f51
                  2024-06-11 18:13:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:13:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 39 4e 45 6d 54 57 79 54 53 45 6d 52 2b 68 31 64 78 38 76 78 2b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: 9NEmTWyTSEmR+h1dx8vx+w.0Payload parsing failed.


                  Session IDSource IPSource PortDestination IPDestination Port
                  15192.168.2.64974240.113.103.199443
                  TimestampBytes transferredDirectionData
                  2024-06-11 18:13:11 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 51 72 30 74 47 4b 35 75 55 75 46 2b 48 6b 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 65 37 38 36 36 62 32 37 61 35 33 63 30 30 0d 0a 0d 0a
                  Data Ascii: CNT 1 CON 305MS-CV: aQr0tGK5uUuF+Hk2.1Context: 70e7866b27a53c00
                  2024-06-11 18:13:11 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                  2024-06-11 18:13:11 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 61 51 72 30 74 47 4b 35 75 55 75 46 2b 48 6b 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 65 37 38 36 36 62 32 37 61 35 33 63 30 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 52 37 38 66 6f 59 61 46 63 6f 53 4a 79 71 67 36 67 2f 62 57 31 4c 66 4f 56 5a 53 77 68 5a 6b 32 68 32 34 59 70 33 68 68 6b 38 50 6b 31 2b 6d 42 7a 32 69 73 6f 47 71 58 78 4b 54 5a 6f 6a 39 4a 4f 39 4e 36 42 2f 4e 4f 31 43 76 4b 71 47 4e 69 75 56 39 6b 2f 66 72 53 65 31 5a 51 37 32 4c 62 75 4f 58 78 4e 50 56 4c 6f 51 55
                  Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: aQr0tGK5uUuF+Hk2.2Context: 70e7866b27a53c00<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsR78foYaFcoSJyqg6g/bW1LfOVZSwhZk2h24Yp3hhk8Pk1+mBz2isoGqXxKTZoj9JO9N6B/NO1CvKqGNiuV9k/frSe1ZQ72LbuOXxNPVLoQU
                  2024-06-11 18:13:11 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 61 51 72 30 74 47 4b 35 75 55 75 46 2b 48 6b 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 65 37 38 36 36 62 32 37 61 35 33 63 30 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: aQr0tGK5uUuF+Hk2.3Context: 70e7866b27a53c00<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                  2024-06-11 18:13:12 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                  Data Ascii: 202 1 CON 58
                  2024-06-11 18:13:12 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 34 62 5a 42 35 50 77 57 55 43 79 45 59 62 39 4d 2f 56 41 6a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                  Data Ascii: MS-CV: f4bZB5PwWUCyEYb9M/VAjQ.0Payload parsing failed.


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:14:11:47
                  Start date:11/06/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:2
                  Start time:14:11:51
                  Start date:11/06/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2144,i,12136101407018868396,14155863320715647449,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:14:11:55
                  Start date:11/06/2024
                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.co/MWLpFtR9zT"
                  Imagebase:0x7ff684c40000
                  File size:3'242'272 bytes
                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  Disassembly

                  No disassembly