Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://tele-gram-gs.rent/

Overview

General Information

Sample URL:https://tele-gram-gs.rent/
Analysis ID:1598182
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2488,i,2308581532159020147,4756925217575398187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 4420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tele-gram-gs.rent/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://tele-gram-gs.rent/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
AI detected suspicious URL
Source: https://tele-gram-gs.rentJoe Sandbox AI: The URL 'https://tele-gram-gs.rent' appears to be a typosquatting attempt targeting the well-known messaging service Telegram. The use of 'tele-gram' with a hyphen is a common tactic to mimic the legitimate brand name 'Telegram'. The addition of '-gs' and the use of the '.rent' domain extension are unusual and do not suggest a legitimate purpose related to the brand. The structural similarity is high due to the visual resemblance and the use of a hyphen to separate 'tele' and 'gram', which could confuse users. The domain extension '.rent' is not typically associated with Telegram, increasing the likelihood of this being a deceptive URL.
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:60393 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:60448 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.6:60307 -> 162.159.36.2:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: tele-gram-gs.rent to https://tele-gram-ty.org
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: tele-gram-gs.rentConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: tele-gram-gs.rent
Source: global trafficDNS traffic detected: DNS query: tele-gram-ty.org
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: 50.23.12.20.in-addr.arpa
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60448 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60447 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60393 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60393
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60448
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60447
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:60393 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:60448 version: TLS 1.2
Source: classification engineClassification label: mal52.win@23/0@25/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2488,i,2308581532159020147,4756925217575398187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tele-gram-gs.rent/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2488,i,2308581532159020147,4756925217575398187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://tele-gram-gs.rent/100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
tele-gram-gs.rent
103.65.181.2
truetrue
    		unknown
    google.com
    		142.250.184.206
    		truefalse
      		high
      www.google.com
      		142.250.185.68
      		truefalse
        		high
        15.164.165.52.in-addr.arpa
        		unknown
        		unknownfalse
          		high
          tele-gram-ty.org
          		unknown
          		unknownfalse
            		high
            50.23.12.20.in-addr.arpa
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://tele-gram-gs.rent/true
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.185.68
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.185.164
                		unknownUnited States
                		15169GOOGLEUSfalse
                103.65.181.2
                		tele-gram-gs.rentHong Kong
                		38197SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKongtrue

                Private

                IP
                192.168.2.4
                192.168.2.6

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1598182
                Start date and time:2025-01-24 00:59:38 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 2m 53s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:https://tele-gram-gs.rent/
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:7
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal52.win@23/0@25/6
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0

                Warnings

                • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.186.110, 74.125.206.84, 142.250.185.174, 142.250.186.142, 142.250.185.110, 2.23.77.188, 217.20.57.20, 172.217.16.206, 142.250.186.78, 216.58.212.174, 172.217.16.195, 142.250.185.142, 13.107.246.45, 184.28.90.27, 172.202.163.200, 52.165.164.15, 20.12.23.50, 52.149.20.212
                • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: https://tele-gram-gs.rent/

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                No created / dropped files found

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2025 01:00:23.948728085 CET49673443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:23.948754072 CET49674443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:24.261224985 CET49672443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:32.875286102 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:32.875343084 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:32.875403881 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:32.876055956 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:32.876074076 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.556363106 CET49673443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:33.572098970 CET49674443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:33.707879066 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.707961082 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.713102102 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.713113070 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.713373899 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.715329885 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.715385914 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.715393066 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.715517044 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.759335041 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.889838934 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.889935017 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.889996052 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.890124083 CET49716443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:33.890136957 CET4434971640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:33.962606907 CET49672443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:35.522866011 CET44349705173.222.162.64192.168.2.6
                Jan 24, 2025 01:00:35.522981882 CET49705443192.168.2.6173.222.162.64
                Jan 24, 2025 01:00:36.441034079 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:36.441067934 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:36.441140890 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:36.441365957 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:36.441373110 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.138914108 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.139266968 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:37.139273882 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.140363932 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.140423059 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:37.145184040 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:37.145247936 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.196945906 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:37.196963072 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:37.243828058 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:37.355546951 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.355601072 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:37.355885029 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.356067896 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.356097937 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:37.356297970 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.356312037 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:37.356328964 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.356489897 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:37.356520891 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.329164028 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.329459906 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.329466105 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.329952002 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.330014944 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.330553055 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.330590010 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.331506014 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.331561089 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.331743002 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.331749916 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.371860027 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.382716894 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.382940054 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.382960081 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.384037018 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.384088993 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.384706020 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.384748936 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.384919882 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.384975910 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.434360027 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.434376001 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.481785059 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.923722982 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.923803091 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:38.923856974 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.925924063 CET49722443192.168.2.6103.65.181.2
                Jan 24, 2025 01:00:38.925939083 CET44349722103.65.181.2192.168.2.6
                Jan 24, 2025 01:00:40.784295082 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:40.784337997 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:40.784537077 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:40.785161018 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:40.785181046 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.733664989 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.733743906 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.735706091 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.735717058 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.736521959 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.738605022 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.738662004 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.738670111 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.738822937 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.779329062 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.917326927 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.917598963 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:41.917659044 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.917789936 CET49747443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:41.917805910 CET4434974740.115.3.253192.168.2.6
                Jan 24, 2025 01:00:47.025615931 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:47.025768995 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:47.025873899 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:48.542597055 CET49719443192.168.2.6142.250.185.68
                Jan 24, 2025 01:00:48.542624950 CET44349719142.250.185.68192.168.2.6
                Jan 24, 2025 01:00:53.268271923 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:53.268309116 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:53.268407106 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:53.269020081 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:53.269038916 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.092618942 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.092820883 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.097501993 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.097516060 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.097732067 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.099837065 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.099901915 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.099909067 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.100043058 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.147329092 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.273983955 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.275032043 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.275043011 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.275063038 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:54.275099993 CET4434982640.115.3.253192.168.2.6
                Jan 24, 2025 01:00:54.275099993 CET49826443192.168.2.640.115.3.253
                Jan 24, 2025 01:00:58.692473888 CET6030753192.168.2.6162.159.36.2
                Jan 24, 2025 01:00:58.698754072 CET5360307162.159.36.2192.168.2.6
                Jan 24, 2025 01:00:58.698829889 CET6030753192.168.2.6162.159.36.2
                Jan 24, 2025 01:00:58.705369949 CET5360307162.159.36.2192.168.2.6
                Jan 24, 2025 01:00:59.161525965 CET6030753192.168.2.6162.159.36.2
                Jan 24, 2025 01:00:59.167030096 CET5360307162.159.36.2192.168.2.6
                Jan 24, 2025 01:00:59.167084932 CET6030753192.168.2.6162.159.36.2
                Jan 24, 2025 01:01:12.387792110 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:12.387866020 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:12.387967110 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:12.388808966 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:12.388833046 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.185756922 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.185853958 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.187509060 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.187531948 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.187757969 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.189548016 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.189609051 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.189621925 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.189723015 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.231349945 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.363668919 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.363750935 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:13.364253998 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.364253998 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.364253998 CET60393443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:13.364319086 CET4436039340.115.3.253192.168.2.6
                Jan 24, 2025 01:01:23.447285891 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:01:23.447349072 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:01:36.493361950 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:36.493446112 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:36.493544102 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:36.493849039 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:36.493877888 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:37.131536007 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:37.131968975 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:37.132018089 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:37.132695913 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:37.133136034 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:37.133232117 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:37.186151981 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:37.320755005 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:37.320802927 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:37.320914030 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:37.321675062 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:37.321690083 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.135595083 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.135867119 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.138513088 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.138521910 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.138724089 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.140973091 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.141052008 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.141057968 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.141196012 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.183330059 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.197690010 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:01:38.197885036 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:01:38.197941065 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:01:38.316132069 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.316348076 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.316421986 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.316597939 CET60448443192.168.2.640.115.3.253
                Jan 24, 2025 01:01:38.316616058 CET4436044840.115.3.253192.168.2.6
                Jan 24, 2025 01:01:38.547684908 CET49721443192.168.2.6103.65.181.2
                Jan 24, 2025 01:01:38.547713995 CET44349721103.65.181.2192.168.2.6
                Jan 24, 2025 01:01:47.122092009 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:47.122198105 CET44360447142.250.185.164192.168.2.6
                Jan 24, 2025 01:01:47.122294903 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:48.060857058 CET60447443192.168.2.6142.250.185.164
                Jan 24, 2025 01:01:48.060925961 CET44360447142.250.185.164192.168.2.6

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jan 24, 2025 01:00:32.376378059 CET53577831.1.1.1192.168.2.6
                Jan 24, 2025 01:00:33.626759052 CET53499071.1.1.1192.168.2.6
                Jan 24, 2025 01:00:36.432599068 CET6278853192.168.2.61.1.1.1
                Jan 24, 2025 01:00:36.432725906 CET5894053192.168.2.61.1.1.1
                Jan 24, 2025 01:00:36.440021038 CET53627881.1.1.1192.168.2.6
                Jan 24, 2025 01:00:36.440063953 CET53589401.1.1.1192.168.2.6
                Jan 24, 2025 01:00:37.332608938 CET5507153192.168.2.61.1.1.1
                Jan 24, 2025 01:00:37.340604067 CET6120253192.168.2.61.1.1.1
                Jan 24, 2025 01:00:37.353590965 CET53612021.1.1.1192.168.2.6
                Jan 24, 2025 01:00:37.354978085 CET53550711.1.1.1192.168.2.6
                Jan 24, 2025 01:00:38.926668882 CET4918953192.168.2.61.1.1.1
                Jan 24, 2025 01:00:38.926827908 CET5589853192.168.2.61.1.1.1
                Jan 24, 2025 01:00:38.944901943 CET53558981.1.1.1192.168.2.6
                Jan 24, 2025 01:00:38.944915056 CET53491891.1.1.1192.168.2.6
                Jan 24, 2025 01:00:38.945797920 CET6454253192.168.2.61.1.1.1
                Jan 24, 2025 01:00:38.963033915 CET53645421.1.1.1192.168.2.6
                Jan 24, 2025 01:00:38.989576101 CET5304453192.168.2.68.8.8.8
                Jan 24, 2025 01:00:38.989895105 CET5492753192.168.2.61.1.1.1
                Jan 24, 2025 01:00:38.996428013 CET53549271.1.1.1192.168.2.6
                Jan 24, 2025 01:00:38.996758938 CET53530448.8.8.8192.168.2.6
                Jan 24, 2025 01:00:40.001293898 CET5192353192.168.2.61.1.1.1
                Jan 24, 2025 01:00:40.001565933 CET5983353192.168.2.61.1.1.1
                Jan 24, 2025 01:00:40.016707897 CET53598331.1.1.1192.168.2.6
                Jan 24, 2025 01:00:40.018475056 CET53519231.1.1.1192.168.2.6
                Jan 24, 2025 01:00:45.034465075 CET6393953192.168.2.61.1.1.1
                Jan 24, 2025 01:00:45.034604073 CET5385053192.168.2.61.1.1.1
                Jan 24, 2025 01:00:45.049073935 CET53639391.1.1.1192.168.2.6
                Jan 24, 2025 01:00:45.049427032 CET53538501.1.1.1192.168.2.6
                Jan 24, 2025 01:00:45.050072908 CET5718953192.168.2.61.1.1.1
                Jan 24, 2025 01:00:45.064943075 CET53571891.1.1.1192.168.2.6
                Jan 24, 2025 01:00:50.535545111 CET53547851.1.1.1192.168.2.6
                Jan 24, 2025 01:00:54.131053925 CET6481853192.168.2.61.1.1.1
                Jan 24, 2025 01:00:54.131172895 CET5094453192.168.2.61.1.1.1
                Jan 24, 2025 01:00:54.146034002 CET53509441.1.1.1192.168.2.6
                Jan 24, 2025 01:00:54.146653891 CET53648181.1.1.1192.168.2.6
                Jan 24, 2025 01:00:54.147357941 CET6204053192.168.2.61.1.1.1
                Jan 24, 2025 01:00:54.161942959 CET53620401.1.1.1192.168.2.6
                Jan 24, 2025 01:00:54.172936916 CET5638253192.168.2.61.1.1.1
                Jan 24, 2025 01:00:54.173419952 CET5826653192.168.2.68.8.8.8
                Jan 24, 2025 01:00:54.180191994 CET53563821.1.1.1192.168.2.6
                Jan 24, 2025 01:00:54.180352926 CET53582668.8.8.8192.168.2.6
                Jan 24, 2025 01:00:58.691816092 CET5361481162.159.36.2192.168.2.6
                Jan 24, 2025 01:00:59.169701099 CET5862653192.168.2.61.1.1.1
                Jan 24, 2025 01:00:59.177670002 CET53586261.1.1.1192.168.2.6
                Jan 24, 2025 01:01:00.320194960 CET5395753192.168.2.61.1.1.1
                Jan 24, 2025 01:01:00.329075098 CET53539571.1.1.1192.168.2.6
                Jan 24, 2025 01:01:06.074703932 CET6210753192.168.2.61.1.1.1
                Jan 24, 2025 01:01:06.091861963 CET53621071.1.1.1192.168.2.6
                Jan 24, 2025 01:01:17.993957043 CET6525553192.168.2.61.1.1.1
                Jan 24, 2025 01:01:18.009372950 CET53652551.1.1.1192.168.2.6
                Jan 24, 2025 01:01:36.484908104 CET5360953192.168.2.61.1.1.1
                Jan 24, 2025 01:01:36.492140055 CET53536091.1.1.1192.168.2.6
                Jan 24, 2025 01:01:48.052982092 CET6537353192.168.2.61.1.1.1
                Jan 24, 2025 01:01:48.067338943 CET53653731.1.1.1192.168.2.6

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jan 24, 2025 01:00:36.432599068 CET192.168.2.61.1.1.10x8cf3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:36.432725906 CET192.168.2.61.1.1.10x29bbStandard query (0)www.google.com65IN (0x0001)false
                Jan 24, 2025 01:00:37.332608938 CET192.168.2.61.1.1.10x55b6Standard query (0)tele-gram-gs.rentA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:37.340604067 CET192.168.2.61.1.1.10xda6dStandard query (0)tele-gram-gs.rent65IN (0x0001)false
                Jan 24, 2025 01:00:38.926668882 CET192.168.2.61.1.1.10x6991Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.926827908 CET192.168.2.61.1.1.10xb698Standard query (0)tele-gram-ty.org65IN (0x0001)false
                Jan 24, 2025 01:00:38.945797920 CET192.168.2.61.1.1.10x6420Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.989576101 CET192.168.2.68.8.8.80x6965Standard query (0)google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.989895105 CET192.168.2.61.1.1.10x2bf2Standard query (0)google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:40.001293898 CET192.168.2.61.1.1.10x7ca0Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:40.001565933 CET192.168.2.61.1.1.10x40c0Standard query (0)tele-gram-ty.org65IN (0x0001)false
                Jan 24, 2025 01:00:45.034465075 CET192.168.2.61.1.1.10x434bStandard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:45.034604073 CET192.168.2.61.1.1.10xcdccStandard query (0)tele-gram-ty.org65IN (0x0001)false
                Jan 24, 2025 01:00:45.050072908 CET192.168.2.61.1.1.10x7d26Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.131053925 CET192.168.2.61.1.1.10x16f8Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.131172895 CET192.168.2.61.1.1.10x2156Standard query (0)tele-gram-ty.org65IN (0x0001)false
                Jan 24, 2025 01:00:54.147357941 CET192.168.2.61.1.1.10xdc3cStandard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.172936916 CET192.168.2.61.1.1.10x4a9cStandard query (0)google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.173419952 CET192.168.2.68.8.8.80x3c19Standard query (0)google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:59.169701099 CET192.168.2.61.1.1.10x98c8Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                Jan 24, 2025 01:01:00.320194960 CET192.168.2.61.1.1.10x54bcStandard query (0)50.23.12.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                Jan 24, 2025 01:01:06.074703932 CET192.168.2.61.1.1.10xe8cdStandard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:17.993957043 CET192.168.2.61.1.1.10x7de9Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:36.484908104 CET192.168.2.61.1.1.10xfb4cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:48.052982092 CET192.168.2.61.1.1.10x5095Standard query (0)tele-gram-ty.orgA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jan 24, 2025 01:00:36.440021038 CET1.1.1.1192.168.2.60x8cf3No error (0)www.google.com142.250.185.68A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:36.440063953 CET1.1.1.1192.168.2.60x29bbNo error (0)www.google.com65IN (0x0001)false
                Jan 24, 2025 01:00:37.354978085 CET1.1.1.1192.168.2.60x55b6No error (0)tele-gram-gs.rent103.65.181.2A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.944901943 CET1.1.1.1192.168.2.60xb698Name error (3)tele-gram-ty.orgnonenone65IN (0x0001)false
                Jan 24, 2025 01:00:38.944915056 CET1.1.1.1192.168.2.60x6991Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.963033915 CET1.1.1.1192.168.2.60x6420Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.996428013 CET1.1.1.1192.168.2.60x2bf2No error (0)google.com142.250.184.206A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:38.996758938 CET8.8.8.8192.168.2.60x6965No error (0)google.com142.251.37.14A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:40.016707897 CET1.1.1.1192.168.2.60x40c0Name error (3)tele-gram-ty.orgnonenone65IN (0x0001)false
                Jan 24, 2025 01:00:40.018475056 CET1.1.1.1192.168.2.60x7ca0Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:45.049073935 CET1.1.1.1192.168.2.60x434bName error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:45.049427032 CET1.1.1.1192.168.2.60xcdccName error (3)tele-gram-ty.orgnonenone65IN (0x0001)false
                Jan 24, 2025 01:00:45.064943075 CET1.1.1.1192.168.2.60x7d26Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.146034002 CET1.1.1.1192.168.2.60x2156Name error (3)tele-gram-ty.orgnonenone65IN (0x0001)false
                Jan 24, 2025 01:00:54.146653891 CET1.1.1.1192.168.2.60x16f8Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.161942959 CET1.1.1.1192.168.2.60xdc3cName error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.180191994 CET1.1.1.1192.168.2.60x4a9cNo error (0)google.com142.250.186.46A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:54.180352926 CET8.8.8.8192.168.2.60x3c19No error (0)google.com142.251.37.14A (IP address)IN (0x0001)false
                Jan 24, 2025 01:00:59.177670002 CET1.1.1.1192.168.2.60x98c8Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                Jan 24, 2025 01:01:00.329075098 CET1.1.1.1192.168.2.60x54bcName error (3)50.23.12.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                Jan 24, 2025 01:01:06.091861963 CET1.1.1.1192.168.2.60xe8cdName error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:18.009372950 CET1.1.1.1192.168.2.60x7de9Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:36.492140055 CET1.1.1.1192.168.2.60xfb4cNo error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
                Jan 24, 2025 01:01:48.067338943 CET1.1.1.1192.168.2.60x5095Name error (3)tele-gram-ty.orgnonenoneA (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • tele-gram-gs.rent

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination Port
                0192.168.2.64971640.115.3.253443
                TimestampBytes transferredDirectionData
                2025-01-24 00:00:33 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 49 53 43 46 74 77 6c 52 37 45 61 42 76 6c 54 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 61 37 65 61 35 63 63 62 64 62 35 38 63 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 304MS-CV: ISCFtwlR7EaBvlT1.1Context: 81a7ea5ccbdb58c
                2025-01-24 00:00:33 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2025-01-24 00:00:33 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 49 53 43 46 74 77 6c 52 37 45 61 42 76 6c 54 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 61 37 65 61 35 63 63 62 64 62 35 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 71 73 39 75 30 46 74 66 2f 70 37 68 48 36 36 41 61 34 6d 39 4d 4a 56 77 52 48 61 48 78 77 69 56 76 4c 4b 59 70 5a 69 67 43 49 2f 47 66 55 6c 61 6e 4a 5a 50 6a 65 2f 6e 48 51 6b 47 39 44 43 2b 4b 41 63 6f 49 32 45 78 68 6b 73 6c 2b 78 77 4c 32 6e 72 52 68 79 79 4a 4a 72 50 4d 55 57 4e 44 51 73 59 39 75 61 45 34 42 4f 70 58
                Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: ISCFtwlR7EaBvlT1.2Context: 81a7ea5ccbdb58c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsqs9u0Ftf/p7hH66Aa4m9MJVwRHaHxwiVvLKYpZigCI/GfUlanJZPje/nHQkG9DC+KAcoI2Exhksl+xwL2nrRhyyJJrPMUWNDQsY9uaE4BOpX
                2025-01-24 00:00:33 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 49 53 43 46 74 77 6c 52 37 45 61 42 76 6c 54 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 61 37 65 61 35 63 63 62 64 62 35 38 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 196MS-CV: ISCFtwlR7EaBvlT1.3Context: 81a7ea5ccbdb58c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2025-01-24 00:00:33 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2025-01-24 00:00:33 UTC58INData Raw: 4d 53 2d 43 56 3a 20 42 57 31 72 42 58 52 6a 66 45 43 63 6f 52 4c 57 34 4c 43 31 56 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: BW1rBXRjfECcoRLW4LC1VA.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.649722103.65.181.24435144C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-01-24 00:00:38 UTC660OUTGET / HTTP/1.1
                Host: tele-gram-gs.rent
                Connection: keep-alive
                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                Accept-Encoding: gzip, deflate, br
                Accept-Language: en-US,en;q=0.9
                2025-01-24 00:00:38 UTC410INHTTP/1.1 302 Found
                Server: nginx
                Date: Fri, 24 Jan 2025 00:00:38 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                Set-Cookie: PHPSESSID=bta2kgrr71pno7hldl2olm8m30; path=/
                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Pragma: no-cache
                Location: https://tele-gram-ty.org
                Strict-Transport-Security: max-age=31536000
                2025-01-24 00:00:38 UTC5INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination Port
                2192.168.2.64974740.115.3.253443
                TimestampBytes transferredDirectionData
                2025-01-24 00:00:41 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 50 33 4a 37 55 35 45 72 55 32 79 39 44 43 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 35 32 33 64 63 31 35 32 37 64 32 35 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: WP3J7U5ErU2y9DCQ.1Context: b288523dc1527d25
                2025-01-24 00:00:41 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2025-01-24 00:00:41 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 50 33 4a 37 55 35 45 72 55 32 79 39 44 43 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 35 32 33 64 63 31 35 32 37 64 32 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 71 73 39 75 30 46 74 66 2f 70 37 68 48 36 36 41 61 34 6d 39 4d 4a 56 77 52 48 61 48 78 77 69 56 76 4c 4b 59 70 5a 69 67 43 49 2f 47 66 55 6c 61 6e 4a 5a 50 6a 65 2f 6e 48 51 6b 47 39 44 43 2b 4b 41 63 6f 49 32 45 78 68 6b 73 6c 2b 78 77 4c 32 6e 72 52 68 79 79 4a 4a 72 50 4d 55 57 4e 44 51 73 59 39 75 61 45 34 42 4f 70
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WP3J7U5ErU2y9DCQ.2Context: b288523dc1527d25<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsqs9u0Ftf/p7hH66Aa4m9MJVwRHaHxwiVvLKYpZigCI/GfUlanJZPje/nHQkG9DC+KAcoI2Exhksl+xwL2nrRhyyJJrPMUWNDQsY9uaE4BOp
                2025-01-24 00:00:41 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 50 33 4a 37 55 35 45 72 55 32 79 39 44 43 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 35 32 33 64 63 31 35 32 37 64 32 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: WP3J7U5ErU2y9DCQ.3Context: b288523dc1527d25<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2025-01-24 00:00:41 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2025-01-24 00:00:41 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 64 7a 68 31 4f 4b 43 4a 55 75 42 6f 47 35 32 2f 33 65 63 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: /dzh1OKCJUuBoG52/3ecIw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                3192.168.2.64982640.115.3.253443
                TimestampBytes transferredDirectionData
                2025-01-24 00:00:54 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 53 57 34 45 67 34 54 4d 45 75 39 53 75 33 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 34 64 35 38 38 36 33 35 65 64 65 62 35 62 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: MSW4Eg4TMEu9Su3W.1Context: cb4d588635edeb5b
                2025-01-24 00:00:54 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2025-01-24 00:00:54 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 53 57 34 45 67 34 54 4d 45 75 39 53 75 33 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 34 64 35 38 38 36 33 35 65 64 65 62 35 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 71 73 39 75 30 46 74 66 2f 70 37 68 48 36 36 41 61 34 6d 39 4d 4a 56 77 52 48 61 48 78 77 69 56 76 4c 4b 59 70 5a 69 67 43 49 2f 47 66 55 6c 61 6e 4a 5a 50 6a 65 2f 6e 48 51 6b 47 39 44 43 2b 4b 41 63 6f 49 32 45 78 68 6b 73 6c 2b 78 77 4c 32 6e 72 52 68 79 79 4a 4a 72 50 4d 55 57 4e 44 51 73 59 39 75 61 45 34 42 4f 70
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MSW4Eg4TMEu9Su3W.2Context: cb4d588635edeb5b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsqs9u0Ftf/p7hH66Aa4m9MJVwRHaHxwiVvLKYpZigCI/GfUlanJZPje/nHQkG9DC+KAcoI2Exhksl+xwL2nrRhyyJJrPMUWNDQsY9uaE4BOp
                2025-01-24 00:00:54 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 53 57 34 45 67 34 54 4d 45 75 39 53 75 33 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 62 34 64 35 38 38 36 33 35 65 64 65 62 35 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: MSW4Eg4TMEu9Su3W.3Context: cb4d588635edeb5b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2025-01-24 00:00:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2025-01-24 00:00:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 66 31 69 5a 70 47 59 77 35 45 57 78 2f 65 41 4c 41 56 54 55 6b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: f1iZpGYw5EWx/eALAVTUkg.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                4192.168.2.66039340.115.3.253443
                TimestampBytes transferredDirectionData
                2025-01-24 00:01:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 57 32 54 35 55 33 6d 61 55 4f 78 42 77 58 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 36 31 30 33 31 66 38 64 39 31 37 62 64 63 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: BW2T5U3maUOxBwXQ.1Context: f261031f8d917bdc
                2025-01-24 00:01:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2025-01-24 00:01:13 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 57 32 54 35 55 33 6d 61 55 4f 78 42 77 58 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 36 31 30 33 31 66 38 64 39 31 37 62 64 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 71 73 39 75 30 46 74 66 2f 70 37 68 48 36 36 41 61 34 6d 39 4d 4a 56 77 52 48 61 48 78 77 69 56 76 4c 4b 59 70 5a 69 67 43 49 2f 47 66 55 6c 61 6e 4a 5a 50 6a 65 2f 6e 48 51 6b 47 39 44 43 2b 4b 41 63 6f 49 32 45 78 68 6b 73 6c 2b 78 77 4c 32 6e 72 52 68 79 79 4a 4a 72 50 4d 55 57 4e 44 51 73 59 39 75 61 45 34 42 4f 70
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BW2T5U3maUOxBwXQ.2Context: f261031f8d917bdc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsqs9u0Ftf/p7hH66Aa4m9MJVwRHaHxwiVvLKYpZigCI/GfUlanJZPje/nHQkG9DC+KAcoI2Exhksl+xwL2nrRhyyJJrPMUWNDQsY9uaE4BOp
                2025-01-24 00:01:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 57 32 54 35 55 33 6d 61 55 4f 78 42 77 58 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 36 31 30 33 31 66 38 64 39 31 37 62 64 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: BW2T5U3maUOxBwXQ.3Context: f261031f8d917bdc<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2025-01-24 00:01:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2025-01-24 00:01:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 54 5a 66 42 64 34 64 36 30 6b 4b 36 69 77 76 30 38 46 35 4a 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: TZfBd4d60kK6iwv08F5Jaw.0Payload parsing failed.


                Session IDSource IPSource PortDestination IPDestination Port
                5192.168.2.66044840.115.3.253443
                TimestampBytes transferredDirectionData
                2025-01-24 00:01:38 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 71 4e 45 33 68 42 61 32 55 75 63 62 45 52 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 31 31 63 36 62 63 63 33 36 65 32 36 36 35 0d 0a 0d 0a
                Data Ascii: CNT 1 CON 305MS-CV: OqNE3hBa2UucbERA.1Context: 4c11c6bcc36e2665
                2025-01-24 00:01:38 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                2025-01-24 00:01:38 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 71 4e 45 33 68 42 61 32 55 75 63 62 45 52 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 31 31 63 36 62 63 63 33 36 65 32 36 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 73 71 73 39 75 30 46 74 66 2f 70 37 68 48 36 36 41 61 34 6d 39 4d 4a 56 77 52 48 61 48 78 77 69 56 76 4c 4b 59 70 5a 69 67 43 49 2f 47 66 55 6c 61 6e 4a 5a 50 6a 65 2f 6e 48 51 6b 47 39 44 43 2b 4b 41 63 6f 49 32 45 78 68 6b 73 6c 2b 78 77 4c 32 6e 72 52 68 79 79 4a 4a 72 50 4d 55 57 4e 44 51 73 59 39 75 61 45 34 42 4f 70
                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OqNE3hBa2UucbERA.2Context: 4c11c6bcc36e2665<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUsqs9u0Ftf/p7hH66Aa4m9MJVwRHaHxwiVvLKYpZigCI/GfUlanJZPje/nHQkG9DC+KAcoI2Exhksl+xwL2nrRhyyJJrPMUWNDQsY9uaE4BOp
                2025-01-24 00:01:38 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 71 4e 45 33 68 42 61 32 55 75 63 62 45 52 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 63 31 31 63 36 62 63 63 33 36 65 32 36 36 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                Data Ascii: BND 3 CON\WNS 0 197MS-CV: OqNE3hBa2UucbERA.3Context: 4c11c6bcc36e2665<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                2025-01-24 00:01:38 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                Data Ascii: 202 1 CON 58
                2025-01-24 00:01:38 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4f 42 79 71 65 71 43 74 4e 30 47 35 6e 49 59 48 74 66 59 57 58 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                Data Ascii: MS-CV: OByqeqCtN0G5nIYHtfYWXg.0Payload parsing failed.


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:1
                Start time:19:00:25
                Start date:23/01/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:3
                Start time:19:00:30
                Start date:23/01/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2488,i,2308581532159020147,4756925217575398187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false

                General

                Target ID:4
                Start time:19:00:36
                Start date:23/01/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tele-gram-gs.rent/"
                Imagebase:0x7ff684c40000
                File size:3'242'272 bytes
                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                Disassembly

                No disassembly