Edit tour

Windows Analysis Report
http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com

Overview

General Information

Sample URL:	http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com
Analysis ID:	1350575
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5844 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,528328019221792240,10248025354712389153,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5044 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.46.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.46.90:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.10.31.115:443 -> 192.168.2.6:49728 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5844_2131885330

Jump to behavior

Source: classification engine

Classification label: clean1.win@18/0@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,528328019221792240,10248025354712389153,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,528328019221792240,10248025354712389153,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://ny.solacescapehaven.com/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
ny.solacescapehaven.com	20.13.162.148	true	false	unknown
click-zy-atx.postup.com	74.214.203.11	true	false	high
accounts.google.com	142.250.31.84	true	false	high
www.google.com	172.253.62.147	true	false	high
clients.l.google.com	172.253.122.102	true	false	high
clients2.google.com	unknown	unknown	false	high
click1.rs.myidcare.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://ny.solacescapehaven.com/	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
20.13.162.148	ny.solacescapehaven.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.122.102	clients.l.google.com	United States	15169	GOOGLEUS	false
74.214.203.11	click-zy-atx.postup.com	United States	30145	PCUC-ASUS	false
172.253.62.147	www.google.com	United States	15169	GOOGLEUS	false
142.250.31.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1350575
Start date and time:	2023-11-30 15:46:55 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@18/0@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.253.62.94, 34.104.35.123, 192.229.211.108, 67.26.237.254, 142.251.111.94
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, click.postup.akadns.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com

Total Packets: 170
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2023 15:47:40.481942892 CET	49673	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:40.482034922 CET	49674	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:40.810209036 CET	49672	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:42.536040068 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.536082983 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.536166906 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.537066936 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.537080050 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.893511057 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.893614054 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.947341919 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.947361946 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.947691917 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.964154005 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.964198112 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:42.964209080 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:42.964430094 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:43.009259939 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:43.067775011 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:43.067873955 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:43.067929029 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:43.071809053 CET	49706	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:43.071825981 CET	443	49706	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:45.595169067 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.595243931 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.595330954 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.595695972 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.595771074 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.595844030 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.596029043 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.596061945 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.596510887 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.596544027 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.848048925 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.848094940 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.848469019 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.848491907 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.848573923 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.848601103 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.849055052 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.849132061 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.850507021 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.850517988 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.850574017 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.851643085 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.851643085 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.851761103 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.851895094 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:45.851905107 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:45.852159023 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.852251053 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.852340937 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:45.852348089 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:45.902486086 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:46.047785997 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:46.048130035 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:46.048213005 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:46.048576117 CET	49708	443	192.168.2.6	172.253.122.102
Nov 30, 2023 15:47:46.048590899 CET	443	49708	172.253.122.102	192.168.2.6
Nov 30, 2023 15:47:46.061261892 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:46.061456919 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:46.062247992 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:46.062311888 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:46.062340021 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:46.062413931 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:46.062465906 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:46.063137054 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:46.063170910 CET	443	49709	142.250.31.84	192.168.2.6
Nov 30, 2023 15:47:46.063195944 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:46.063237906 CET	49709	443	192.168.2.6	142.250.31.84
Nov 30, 2023 15:47:47.068424940 CET	49712	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.068943977 CET	49713	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.168818951 CET	80	49712	74.214.203.11	192.168.2.6
Nov 30, 2023 15:47:47.168977976 CET	49712	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.169231892 CET	49712	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.169698954 CET	80	49713	74.214.203.11	192.168.2.6
Nov 30, 2023 15:47:47.169774055 CET	49713	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.270315886 CET	80	49712	74.214.203.11	192.168.2.6
Nov 30, 2023 15:47:47.310672045 CET	49712	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:47:47.578558922 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.578600883 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.578670025 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.578949928 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.578963041 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.932450056 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.932959080 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.932997942 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.938930035 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.939066887 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.940301895 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.940454960 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.940465927 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.945445061 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:47.998269081 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:47.998306036 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:48.045298100 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:48.876203060 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:48.876303911 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:48.876485109 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:48.880744934 CET	49714	443	192.168.2.6	20.13.162.148
Nov 30, 2023 15:47:48.880769968 CET	443	49714	20.13.162.148	192.168.2.6
Nov 30, 2023 15:47:50.041923046 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.041965961 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.042052984 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.042588949 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.042603016 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.089257002 CET	49674	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:50.089270115 CET	49673	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:50.216837883 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.216897964 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.216974020 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.221162081 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.221187115 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.254276037 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.254920959 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.254951954 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.256439924 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.256587029 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.258972883 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.259154081 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.307992935 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.308053017 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:47:50.354955912 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:47:50.417516947 CET	49672	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:47:50.441402912 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.441698074 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.448298931 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.448318958 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.448662996 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.495498896 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.540400028 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.581259966 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.602636099 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.602720022 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.602821112 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.604607105 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.604628086 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.640054941 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.640130997 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.640204906 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.640367985 CET	49718	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.640388966 CET	443	49718	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.693603992 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.693644047 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.693727016 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.694704056 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.694714069 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.897206068 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.897447109 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.899770975 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.899781942 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.899991035 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.902427912 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:50.925360918 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.925618887 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.928580999 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.928595066 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.928853035 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.930875063 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.930933952 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.930939913 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:50.931076050 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:50.945259094 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:50.977257013 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:51.044969082 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:51.045094967 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:51.045159101 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:51.045567989 CET	49719	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:47:51.045587063 CET	443	49719	20.10.31.115	192.168.2.6
Nov 30, 2023 15:47:51.092973948 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:51.093045950 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:51.093101025 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:51.094604969 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:51.094604969 CET	49720	443	192.168.2.6	23.54.46.90
Nov 30, 2023 15:47:51.094619989 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:51.094629049 CET	443	49720	23.54.46.90	192.168.2.6
Nov 30, 2023 15:47:51.798820019 CET	443	49704	173.222.162.64	192.168.2.6
Nov 30, 2023 15:47:51.799004078 CET	49704	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:00.248274088 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:00.248415947 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:00.248501062 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:00.794411898 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:00.794462919 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:00.794595957 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:00.797665119 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:00.797682047 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.136293888 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.136619091 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.140002966 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.140031099 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.140463114 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.184115887 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.288259983 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.329261065 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496768951 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496825933 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496864080 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496901989 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496934891 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.496938944 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.496994019 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.497070074 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.497114897 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.497114897 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.497114897 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.497152090 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.497176886 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.497208118 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.497220993 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.497291088 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.497349024 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.520328999 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.520328999 CET	49721	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:01.520359039 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.520380974 CET	443	49721	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:01.642646074 CET	49717	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:01.642714977 CET	443	49717	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:02.900955915 CET	49704	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:02.901046991 CET	49704	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:02.901551962 CET	49725	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:02.901634932 CET	443	49725	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:02.901727915 CET	49725	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:02.901997089 CET	49725	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:02.902031898 CET	443	49725	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:03.062803030 CET	443	49704	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:03.062828064 CET	443	49704	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:03.253084898 CET	443	49725	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:03.253278017 CET	49725	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:15.992511988 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:15.992574930 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:15.992710114 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:15.993731976 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:15.993752956 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.327261925 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.327441931 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.331819057 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.331831932 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.332063913 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.334170103 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.334259987 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.334264040 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.334480047 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.381254911 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.438337088 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.438438892 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:16.438653946 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.438796997 CET	49726	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:16.438838005 CET	443	49726	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:22.401710987 CET	443	49725	173.222.162.64	192.168.2.6
Nov 30, 2023 15:48:22.402046919 CET	49725	443	192.168.2.6	173.222.162.64
Nov 30, 2023 15:48:32.183931112 CET	49713	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:48:32.277674913 CET	49712	80	192.168.2.6	74.214.203.11
Nov 30, 2023 15:48:32.283530951 CET	80	49713	74.214.203.11	192.168.2.6
Nov 30, 2023 15:48:32.376981020 CET	80	49712	74.214.203.11	192.168.2.6
Nov 30, 2023 15:48:38.334834099 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.334849119 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.334929943 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.335686922 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.335702896 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.663877010 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.664185047 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.666459084 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.666471958 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.666831017 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.679280996 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.721272945 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976669073 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976686954 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976701975 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976798058 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.976840973 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976908922 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.976929903 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.976949930 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.984939098 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.984966040 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:38.984997988 CET	49727	443	192.168.2.6	20.12.23.50
Nov 30, 2023 15:48:38.985012054 CET	443	49727	20.12.23.50	192.168.2.6
Nov 30, 2023 15:48:42.564919949 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.564965963 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.565057039 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.565973043 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.565988064 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.885137081 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.885442972 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.887269974 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.887294054 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.887536049 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.889569044 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.889636993 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.889650106 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.889791012 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.933259964 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.993233919 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.993350983 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:42.993705988 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.993941069 CET	49728	443	192.168.2.6	20.10.31.115
Nov 30, 2023 15:48:42.993957996 CET	443	49728	20.10.31.115	192.168.2.6
Nov 30, 2023 15:48:49.584882975 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:49.584923029 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.585012913 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:49.585493088 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:49.585510015 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.789113998 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.789627075 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:49.789676905 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.789947033 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.790313959 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:49.790370941 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:49.833019018 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:48:59.795125008 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:59.795212030 CET	443	49730	172.253.62.147	192.168.2.6
Nov 30, 2023 15:48:59.795255899 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:49:01.650360107 CET	49730	443	192.168.2.6	172.253.62.147
Nov 30, 2023 15:49:01.650367975 CET	443	49730	172.253.62.147	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 30, 2023 15:47:45.464845896 CET	58624	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:45.465199947 CET	50001	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:45.465769053 CET	56790	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:45.466049910 CET	51618	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:45.579916954 CET	53	51817	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:45.593692064 CET	53	58624	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:45.594589949 CET	53	50001	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:45.594722986 CET	53	51618	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:45.594907045 CET	53	56790	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:46.226866961 CET	53	64875	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:46.781646967 CET	59346	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:46.782062054 CET	55465	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:47.273833990 CET	54800	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:47.274019003 CET	60953	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:47.569587946 CET	53	54800	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:47.578078985 CET	53	60953	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:49.521428108 CET	58214	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:49.522027016 CET	50257	53	192.168.2.6	1.1.1.1
Nov 30, 2023 15:47:49.652086020 CET	53	58214	1.1.1.1	192.168.2.6
Nov 30, 2023 15:47:49.652509928 CET	53	50257	1.1.1.1	192.168.2.6
Nov 30, 2023 15:48:03.816633940 CET	53	55085	1.1.1.1	192.168.2.6
Nov 30, 2023 15:48:22.750211954 CET	53	53370	1.1.1.1	192.168.2.6
Nov 30, 2023 15:48:45.066751957 CET	53	63970	1.1.1.1	192.168.2.6
Nov 30, 2023 15:48:45.503829002 CET	53	59779	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 30, 2023 15:47:45.464845896 CET	192.168.2.6	1.1.1.1	0x6d71	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.465199947 CET	192.168.2.6	1.1.1.1	0x72e7	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 30, 2023 15:47:45.465769053 CET	192.168.2.6	1.1.1.1	0xbba9	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.466049910 CET	192.168.2.6	1.1.1.1	0x3c3b	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 30, 2023 15:47:46.781646967 CET	192.168.2.6	1.1.1.1	0x8633	Standard query (0)	click1.rs.myidcare.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:46.782062054 CET	192.168.2.6	1.1.1.1	0x29	Standard query (0)	click1.rs.myidcare.com	65	IN (0x0001)	false
Nov 30, 2023 15:47:47.273833990 CET	192.168.2.6	1.1.1.1	0xb2d5	Standard query (0)	ny.solacescapehaven.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:47.274019003 CET	192.168.2.6	1.1.1.1	0xd30a	Standard query (0)	ny.solacescapehaven.com	65	IN (0x0001)	false
Nov 30, 2023 15:47:49.521428108 CET	192.168.2.6	1.1.1.1	0x5dd6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.522027016 CET	192.168.2.6	1.1.1.1	0x6917	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.102	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.100	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.139	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.113	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.101	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.593692064 CET	1.1.1.1	192.168.2.6	0x6d71	No error (0)	clients.l.google.com		172.253.122.138	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:45.594589949 CET	1.1.1.1	192.168.2.6	0x72e7	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:45.594907045 CET	1.1.1.1	192.168.2.6	0xbba9	No error (0)	accounts.google.com		142.250.31.84	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:46.995079994 CET	1.1.1.1	192.168.2.6	0x29	No error (0)	click1.rs.myidcare.com	click.postup.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:46.995079994 CET	1.1.1.1	192.168.2.6	0x29	No error (0)	click.postup.com	click.postup.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:46.995079994 CET	1.1.1.1	192.168.2.6	0x29	No error (0)	target-l3-atx.postup.com	click-l3-atx.postup.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:47.067348003 CET	1.1.1.1	192.168.2.6	0x8633	No error (0)	click1.rs.myidcare.com	click.postup.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:47.067348003 CET	1.1.1.1	192.168.2.6	0x8633	No error (0)	click.postup.com	click.postup.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:47.067348003 CET	1.1.1.1	192.168.2.6	0x8633	No error (0)	target-zy-atx.postup.com	click-zy-atx.postup.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 15:47:47.067348003 CET	1.1.1.1	192.168.2.6	0x8633	No error (0)	click-zy-atx.postup.com		74.214.203.11	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:47.569587946 CET	1.1.1.1	192.168.2.6	0xb2d5	No error (0)	ny.solacescapehaven.com		20.13.162.148	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.103	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.105	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.104	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.106	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652086020 CET	1.1.1.1	192.168.2.6	0x5dd6	No error (0)	www.google.com		172.253.62.99	A (IP address)	IN (0x0001)	false
Nov 30, 2023 15:47:49.652509928 CET	1.1.1.1	192.168.2.6	0x6917	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

ny.solacescapehaven.com

fs.microsoft.com

slscr.update.microsoft.com

click1.rs.myidcare.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49712	74.214.203.11	80	6492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 15:47:47.169231892 CET	591	OUT	GET /mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com HTTP/1.1 Host: click1.rs.myidcare.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 30, 2023 15:47:47.270315886 CET	364	IN	HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Connection: Keep-Alive Keep-Alive: timeout=60 Set-Cookie: JSESSIONID=96F372E623C8C18F7FE574729AC4CF9C; Path=/; HttpOnly Location: https://ny.solacescapehaven.com Content-Type: text/html;charset=utf-8 Content-Length: 0 Date: Thu, 30 Nov 2023 14:47:46 GMT
Nov 30, 2023 15:48:32.277674913 CET	60	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49713	74.214.203.11	80	6492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 15:48:32.183931112 CET	60	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49706	20.10.31.115	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 6f 73 6a 6c 55 38 7a 72 6b 6d 35 70 2b 2b 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 64 33 64 65 38 33 62 36 65 66 61 31 61 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: LosjlU8zrkm5p++r.1Context: 3fd3de83b6efa1a4
2023-11-30 14:47:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-30 14:47:42 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4c 6f 73 6a 6c 55 38 7a 72 6b 6d 35 70 2b 2b 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 64 33 64 65 38 33 62 36 65 66 61 31 61 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: LosjlU8zrkm5p++r.2Context: 3fd3de83b6efa1a4<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2023-11-30 14:47:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4c 6f 73 6a 6c 55 38 7a 72 6b 6d 35 70 2b 2b 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 64 33 64 65 38 33 62 36 65 66 61 31 61 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: LosjlU8zrkm5p++r.3Context: 3fd3de83b6efa1a4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-30 14:47:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-30 14:47:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 61 67 59 45 43 62 66 54 55 69 4e 62 30 58 42 30 6c 41 59 46 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: pagYECbfTUiNb0XB0lAYFg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49709	142.250.31.84	443	6492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:45 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-11-30 14:47:45 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-11-30 14:47:46 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-11-30 14:47:46 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-30 14:47:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49708	172.253.122.102	443	6492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:45 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-30 14:47:46 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 48 6c 61 46 4e 68 34 6b 37 4d 32 74 61 35 77 33 50 41 70 38 65 51 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-HlaFNh4k7M2ta5w3PAp8eQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-11-30 14:47:46 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 37 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 34 34 36 35 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6177" elapsed_seconds="24465"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-30 14:47:46 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-30 14:47:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49714	20.13.162.148	443	6492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:47 UTC	666	OUT	GET / HTTP/1.1 Host: ny.solacescapehaven.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-11-30 14:47:48 UTC	188	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 34 3a 34 37 3a 34 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 30 Nov 2023 14:47:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encoding
2023-11-30 14:47:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	23.54.46.90	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-30 14:47:50 UTC	435	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49720	23.54.46.90	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-30 14:47:51 UTC	804	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 53 65 72 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modified: Tue, 16 May 2017 22:58:00 GMTSer
2023-11-30 14:47:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49719	20.10.31.115	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:47:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 35 63 56 41 6b 66 51 35 45 71 41 35 2b 47 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 62 66 31 36 33 64 32 30 39 64 39 34 39 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: T5cVAkfQ5EqA5+GA.1Context: 62bf163d209d9499
2023-11-30 14:47:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-30 14:47:50 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 54 35 63 56 41 6b 66 51 35 45 71 41 35 2b 47 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 62 66 31 36 33 64 32 30 39 64 39 34 39 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 78 6f 76 37 72 7a 6f 58 55 36 4a 4b 78 77 32 67 6d 54 73 43 5a 76 57 30 47 62 67 39 43 64 75 57 6b 46 6a 76 63 47 4f 75 4b 67 77 70 4c 41 65 2f 4d 57 75 55 69 77 4a 51 7a 43 5a 43 50 30 74 72 56 50 2f 57 61 68 6e 32 65 69 6d 59 6b 53 67 35 62 78 30 34 39 6d 59 37 71 66 50 38 67 70 4a 7a 77 74 67 50 6b 34 72 64 75 58 5a 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: T5cVAkfQ5EqA5+GA.2Context: 62bf163d209d9499<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQxov7rzoXU6JKxw2gmTsCZvW0Gbg9CduWkFjvcGOuKgwpLAe/MWuUiwJQzCZCP0trVP/Wahn2eimYkSg5bx049mY7qfP8gpJzwtgPk4rduXZp
2023-11-30 14:47:50 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 35 63 56 41 6b 66 51 35 45 71 41 35 2b 47 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 62 66 31 36 33 64 32 30 39 64 39 34 39 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: T5cVAkfQ5EqA5+GA.3Context: 62bf163d209d9499<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-30 14:47:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-30 14:47:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 31 4b 63 4a 69 58 61 63 30 61 36 75 7a 39 58 36 67 66 4c 57 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: w1KcJiXac0a6uz9X6gfLWg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49721	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:48:01 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sA1f4PELgFwphlr&MD=UmVYc9V8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-30 14:48:01 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 38 32 30 61 30 34 63 66 2d 66 35 30 61 2d 34 33 31 36 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 820a04cf-f50a-4316-
2023-11-30 14:48:01 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-30 14:48:01 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49726	20.10.31.115	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:48:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 64 4c 65 62 77 4b 6d 68 45 57 49 31 6e 41 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 32 32 37 34 30 31 37 35 34 36 38 63 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: EdLebwKmhEWI1nAs.1Context: c3c22740175468c4
2023-11-30 14:48:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-30 14:48:16 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 45 64 4c 65 62 77 4b 6d 68 45 57 49 31 6e 41 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 32 32 37 34 30 31 37 35 34 36 38 63 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 78 6f 76 37 72 7a 6f 58 55 36 4a 4b 78 77 32 67 6d 54 73 43 5a 76 57 30 47 62 67 39 43 64 75 57 6b 46 6a 76 63 47 4f 75 4b 67 77 70 4c 41 65 2f 4d 57 75 55 69 77 4a 51 7a 43 5a 43 50 30 74 72 56 50 2f 57 61 68 6e 32 65 69 6d 59 6b 53 67 35 62 78 30 34 39 6d 59 37 71 66 50 38 67 70 4a 7a 77 74 67 50 6b 34 72 64 75 58 5a 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: EdLebwKmhEWI1nAs.2Context: c3c22740175468c4<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQxov7rzoXU6JKxw2gmTsCZvW0Gbg9CduWkFjvcGOuKgwpLAe/MWuUiwJQzCZCP0trVP/Wahn2eimYkSg5bx049mY7qfP8gpJzwtgPk4rduXZp
2023-11-30 14:48:16 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 64 4c 65 62 77 4b 6d 68 45 57 49 31 6e 41 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 32 32 37 34 30 31 37 35 34 36 38 63 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: EdLebwKmhEWI1nAs.3Context: c3c22740175468c4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-30 14:48:16 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-30 14:48:16 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 46 6c 61 32 61 2f 71 4f 30 65 57 58 4f 44 6c 57 65 34 68 44 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hFla2a/qO0eWXODlWe4hDA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49727	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:48:38 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sA1f4PELgFwphlr&MD=UmVYc9V8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-30 14:48:38 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 36 39 33 31 61 36 66 30 2d 37 63 31 31 2d 34 36 30 30 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 6931a6f0-7c11-4600-
2023-11-30 14:48:38 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-30 14:48:38 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49728	20.10.31.115	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 14:48:42 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 61 4b 34 36 59 68 58 41 6a 45 79 30 42 4f 4d 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 39 35 65 38 65 37 33 63 33 30 39 63 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: aK46YhXAjEy0BOM2.1Context: 6f95e8e73c309c5
2023-11-30 14:48:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-30 14:48:42 UTC	1063	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 30 0d 0a 4d 53 2d 43 56 3a 20 61 4b 34 36 59 68 58 41 6a 45 79 30 42 4f 4d 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 39 35 65 38 65 37 33 63 33 30 39 63 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 51 78 6f 76 37 72 7a 6f 58 55 36 4a 4b 78 77 32 67 6d 54 73 43 5a 76 57 30 47 62 67 39 43 64 75 57 6b 46 6a 76 63 47 4f 75 4b 67 77 70 4c 41 65 2f 4d 57 75 55 69 77 4a 51 7a 43 5a 43 50 30 74 72 56 50 2f 57 61 68 6e 32 65 69 6d 59 6b 53 67 35 62 78 30 34 39 6d 59 37 71 66 50 38 67 70 4a 7a 77 74 67 50 6b 34 72 64 75 58 5a 70 6e Data Ascii: ATH 2 CON\DEVICE 1040MS-CV: aK46YhXAjEy0BOM2.2Context: 6f95e8e73c309c5<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAQxov7rzoXU6JKxw2gmTsCZvW0Gbg9CduWkFjvcGOuKgwpLAe/MWuUiwJQzCZCP0trVP/Wahn2eimYkSg5bx049mY7qfP8gpJzwtgPk4rduXZpn
2023-11-30 14:48:42 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 61 4b 34 36 59 68 58 41 6a 45 79 30 42 4f 4d 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 66 39 35 65 38 65 37 33 63 33 30 39 63 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: aK46YhXAjEy0BOM2.3Context: 6f95e8e73c309c5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-30 14:48:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-30 14:48:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 50 76 2f 68 55 45 72 4e 6b 4b 6c 68 62 4c 4f 38 64 39 4d 70 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: zPv/hUErNkKlhbLO8d9Mpg.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	15:47:41
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:47:43
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,528328019221792240,10248025354712389153,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	15:47:45
Start date:	30/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ny.solacescapehaven.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sA1f4PELgFwphlr&MD=UmVYc9V8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=sA1f4PELgFwphlr&MD=UmVYc9V8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com HTTP/1.1Host: click1.rs.myidcare.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5844, Parent PID: 5772

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Thread Activities

Thread Terminated

Windows Analysis Report
http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com