Edit tour

Windows Analysis Report
http://003999.cc

Overview

General Information

Sample URL:	http://003999.cc
Analysis ID:	1447248
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://003999.cc/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,12680556817014526229,917292514518733090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E546DFkpMGb6ZxN&MD=2ShNtMHx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbLdwc9G4NXW0wvysepFYUby6HQsx4dbYFK9qnc88LkfBB03Phu70Pm9LO1Z3LPVGbPs/LRsW%2BdmLl6xa1159b7fNE1kArN%2BlWW5tELo1E3nqdVW9vYBVOfApbYKi%2BAklyr1Fx3qo1hOG4EBit4dPFHiBhHGy7DU5bpXylPuySLpDxi%2BSHwwtvJ%2BiA1PTqn5SmbUhFxccliDvNZM1iACtn%2Bf%2BzIaXAfyAFjF5zxZFoT2I8CXCUSy%2Bm8OscreD0mF3yJRqgRA8rYNBK8BpaEvvLHyKQLRGfaW4XXnIDP2RkiFg4gOxWxElyOJjlUOgLF86zVhQRD1GPNx/uxnNwoEGsADZgAACGFFzqqYNspPqAFd4FLp7S1/dir2KX5DfHDzW6rCHipo6phu4fGjn0hwrQs0dqJtfZe/XmFxaVKmH1w72XTqo8w0oHNhXuVFimhZeTjEXhGnyULdn57%2ByzqmClJB%2BPSQ1hcBKUvmgii4Sl9xas%2Bg2mrAQlokNk1R2c8mLAZbuGSv/ZLQCQlryk/Qx4a98QOC34d%2BFp1wQe1Va612QPfFPnIGhSRBaa7qWfAVdCAsSji4pAQe/T3tDaEwKjoVWZU2qIpxY6dweu4/kecKmYkpiu6FVBulBy4KxEt7tQfcJRywQSEkAOGJXrJSMrCmuSRXvNmPe3%2BrP%2B0BtYkA2PRHWmc56N7zWVKydBqihVC8AUCuDb4pnZo3izqISHgkrtQsqH1vZlTyTK3HpKzbIc9w3QZFLk3/c0r1GEYBQFvMmXtkLqikefKWoyoOYSQnndh/kRwGRi/1BE6Cn6P/W5HPPflCHcpNj21EIhN/ndqG/R7oFZv63JxWljPzEXlMcTmAmgUdQ1j%2B2Qjwa1XfM%2BUJ%2Bd9Xt5UuoEjGyOw38XkZxTu1H04tfutFPyi8kLjasUS0Ezbp2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1716563754User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: EDF8E3E5F3044B3DA979FB2EAEAE2035X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E546DFkpMGb6ZxN&MD=2ShNtMHx HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 003999.ccConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 003999.cc
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4788Host: login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49731 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@19/6@10/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://003999.cc/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,12680556817014526229,917292514518733090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,12680556817014526229,917292514518733090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://003999.cc	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
http://003999.cc/	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
003999.cc	208.87.207.3	true	false		unknown
www.google.com	142.250.185.132	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://003999.cc/	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
208.87.207.3	003999.cc	United States	35986	VYVE-BROADBANDUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447248
Start date and time:	2024-05-24 17:14:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://003999.cc
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@19/6@10/5

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 173.194.76.84, 142.250.185.174, 34.104.35.123, 192.229.221.95, 216.58.206.67, 142.250.186.78
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://003999.cc

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:15:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9956983574418072
Encrypted:	false
SSDEEP:	48:8U7dFT27ltsHqidAKZdA1JehwiZUklqehly+3:8U7IF+y
MD5:	BA77653BA341B5FA59811C6C2428463D
SHA1:	DF69A04240FD0D84A29E6D2389246CFE9976A4BA
SHA-256:	AFAFDB1F2BFF857A5427636F03A33175F4BA5FDDBE6104A71E85ECF7D3402E2E
SHA-512:	5E91DE1AE5415011A5F1DFC161E6B5C6A47B6BA419FAA439CB60297A4A74700802C97D1FE2BA8A1D9138148F646379060933410BFD713F7658071FF1F6AE1CCE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....d.+.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:15:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.012483369274529
Encrypted:	false
SSDEEP:	48:8A7dFT27ltsHqidAKZdA10eh/iZUkAQkqehuy+2:8A7Iv9Qny
MD5:	0A8521446AC52FF1D6F2D9F29F969C98
SHA1:	76C842E87BC91270F412E03EEB224BA8E160C01D
SHA-256:	4FA564E06200BDEACF569FF427039FEBF5D83E73B3DFE0B64F85C27B7ABF3207
SHA-512:	5271E0D02B4F88DC2AB9FD6538B5EC9B7E512D27BB5749B932EF7940DED2C96E43F5951742CAB29B3DAF5CF297737E8A3001E0B1455E5D90AA07E60E47D62136
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....2..+.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.020413716264222
Encrypted:	false
SSDEEP:	48:8e7dFT27ltjHqidAKZdA14tIeh7sFiZUkmgqeh7s4y+BX:8e7ISnSy
MD5:	BA75D7D29F2B92EDD65CC90A8A6B43DD
SHA1:	6FBC85A2461623F849338B619D21BB361E1A82DB
SHA-256:	2F14A299EE1C4298E9DA1D4423FEF059FA8475052BFE8D6B98D6BE931A4DC036
SHA-512:	902F2E004BED9832704B4C33F7DB8B36B32F7AC69CA830B9784A35DD225EAFE3E41516997A3D97FA870030448920CAAB43E3D4003348534DC88153D4C01C6423
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:15:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.010161362405884
Encrypted:	false
SSDEEP:	48:83X7dFT27ltsHqidAKZdA1behDiZUkwqehqy+R:83X7IcQy
MD5:	D7096DE9579091FDE4A124D333B08D48
SHA1:	6A70493B65AA0B7D51674C09AC07D03826C97D7E
SHA-256:	030C17416145B4CAD893EE378AADA9E977B07B886CD8D52ED257A73DA026A963
SHA-512:	1EAD590F8079E6CF83BDAEDF3A487E67624CD6E2B92A6B56B38BC1A8DC3BB84DD7A58DAED28E02B5D2B3541F8DDBA684B0B9229BCC8DBD53D9400F127334FE29
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....w.+.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:15:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000598845623726
Encrypted:	false
SSDEEP:	48:8hQ7dFT27ltsHqidAKZdA1VehBiZUk1W1qehcy+C:8hQ7IM98y
MD5:	8F7001A16FE2C62642369A310F09E87C
SHA1:	16EF86D0EB2F57339444BED08A1B0337433002E8
SHA-256:	BF2D47F0DB1D030F889E3746B35D6C10AA9DC080A056E5CC692F57F7116CEA75
SHA-512:	60AB675B87EF1558721DFB58B8C794D40C753051481755E25874AF98292B0904C6586F9266F52B220FA22083B06F2339C2C91B183806BBA2EA4AFA7AD36FA511
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....\|..+.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 14:15:11 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.012417720484115
Encrypted:	false
SSDEEP:	48:8A7dFT27ltsHqidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbSy+yT+:8A7ImTTTbxWOvTbSy7T
MD5:	FA84534927511CE039E75FBEB5F72B43
SHA1:	168A8B36B2C6B18E1C105D43F31D9D3BAF097DB9
SHA-256:	E6CF31EC036CDFD0C2034FF81F491FB9B98427DF2A0FCC59DCF55327B6F96C7F
SHA-512:	1E8D9654B96CFDFBF5B6A5A3F583E826C0E88A99281706317025386F5BFB16D3EE2F5CF81D450081630E7D5B6850318003E7F35F6174A96E5890F35CA77A7A2D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....p.+.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.y....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.y....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.y...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 17:15:11.142060995 CEST	49707	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.142091990 CEST	443	49707	208.87.207.3	192.168.2.17
May 24, 2024 17:15:11.142170906 CEST	49707	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.142620087 CEST	49707	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.142630100 CEST	443	49707	208.87.207.3	192.168.2.17
May 24, 2024 17:15:11.829477072 CEST	49708	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.830265045 CEST	49709	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.834537029 CEST	80	49708	208.87.207.3	192.168.2.17
May 24, 2024 17:15:11.834625959 CEST	49708	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:11.839442015 CEST	80	49709	208.87.207.3	192.168.2.17
May 24, 2024 17:15:11.839521885 CEST	49709	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:12.306961060 CEST	49678	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:12.306993008 CEST	49677	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:12.307152987 CEST	49676	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:12.926846027 CEST	49708	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:12.931905031 CEST	80	49708	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.735703945 CEST	80	49708	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.735801935 CEST	49708	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.735915899 CEST	49708	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.736121893 CEST	49709	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.796988964 CEST	80	49708	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.847521067 CEST	80	49709	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.847575903 CEST	80	49709	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.847718000 CEST	49709	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.847794056 CEST	49709	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.848530054 CEST	49711	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.900926113 CEST	80	49709	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.952048063 CEST	80	49711	208.87.207.3	192.168.2.17
May 24, 2024 17:15:13.952228069 CEST	49711	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:13.952411890 CEST	49711	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:14.005645037 CEST	80	49711	208.87.207.3	192.168.2.17
May 24, 2024 17:15:14.758604050 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:14.758646011 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:14.758707047 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:14.758944988 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:14.758959055 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.456722975 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.457225084 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:15.457262039 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.458771944 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.458878040 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:15.459960938 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:15.460047960 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.509984016 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:15.510031939 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:15.535722971 CEST	443	49707	208.87.207.3	192.168.2.17
May 24, 2024 17:15:15.535871983 CEST	49707	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.536103010 CEST	49707	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.536114931 CEST	443	49707	208.87.207.3	192.168.2.17
May 24, 2024 17:15:15.536736965 CEST	49713	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.536782980 CEST	443	49713	208.87.207.3	192.168.2.17
May 24, 2024 17:15:15.536878109 CEST	49713	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.537162066 CEST	49713	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.537175894 CEST	443	49713	208.87.207.3	192.168.2.17
May 24, 2024 17:15:15.557998896 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:15.849704981 CEST	80	49711	208.87.207.3	192.168.2.17
May 24, 2024 17:15:15.852236032 CEST	49711	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.853610992 CEST	49711	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:15.905088902 CEST	80	49711	208.87.207.3	192.168.2.17
May 24, 2024 17:15:16.905247927 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:16.905360937 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.169583082 CEST	49716	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.923198938 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.923199892 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.933111906 CEST	80	49714	208.87.207.3	192.168.2.17
May 24, 2024 17:15:17.933197021 CEST	80	49715	208.87.207.3	192.168.2.17
May 24, 2024 17:15:17.933226109 CEST	80	49716	208.87.207.3	192.168.2.17
May 24, 2024 17:15:17.933253050 CEST	80	49714	208.87.207.3	192.168.2.17
May 24, 2024 17:15:17.933278084 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.933322906 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.933322906 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.933615923 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.933617115 CEST	49716	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.935292959 CEST	80	49715	208.87.207.3	192.168.2.17
May 24, 2024 17:15:17.935354948 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:17.987684011 CEST	80	49714	208.87.207.3	192.168.2.17
May 24, 2024 17:15:19.849731922 CEST	80	49716	208.87.207.3	192.168.2.17
May 24, 2024 17:15:19.849875927 CEST	49716	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:19.885641098 CEST	80	49715	208.87.207.3	192.168.2.17
May 24, 2024 17:15:19.885719061 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:19.916146994 CEST	443	49713	208.87.207.3	192.168.2.17
May 24, 2024 17:15:19.916294098 CEST	49713	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:19.916532993 CEST	49713	443	192.168.2.17	208.87.207.3
May 24, 2024 17:15:19.916554928 CEST	443	49713	208.87.207.3	192.168.2.17
May 24, 2024 17:15:20.186269999 CEST	49716	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:20.186314106 CEST	49715	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:20.191349983 CEST	80	49716	208.87.207.3	192.168.2.17
May 24, 2024 17:15:20.196154118 CEST	80	49715	208.87.207.3	192.168.2.17
May 24, 2024 17:15:20.312195063 CEST	80	49714	208.87.207.3	192.168.2.17
May 24, 2024 17:15:20.312280893 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:20.312541008 CEST	49714	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:20.367050886 CEST	80	49714	208.87.207.3	192.168.2.17
May 24, 2024 17:15:20.540668964 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:20.540738106 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:20.540867090 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:20.542380095 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:20.542407990 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.384694099 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.384815931 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.387988091 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.388041019 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.388303041 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.438944101 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.461011887 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.502506971 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772612095 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772636890 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772643089 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772677898 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772716045 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772789001 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.772840977 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.772861958 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.772910118 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.790371895 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.790510893 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.790591002 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.790671110 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.790822983 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.790848017 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:21.790867090 CEST	49717	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:21.790877104 CEST	443	49717	20.114.59.183	192.168.2.17
May 24, 2024 17:15:23.930658102 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.023366928 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.062036991 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.062108040 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.063519955 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.063546896 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.063707113 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.063976049 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.064094067 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.068700075 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.115418911 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.115437984 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.115448952 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.115462065 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.115469933 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.161717892 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.161806107 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:24.290630102 CEST	443	49691	204.79.197.200	192.168.2.17
May 24, 2024 17:15:24.290726900 CEST	49691	443	192.168.2.17	204.79.197.200
May 24, 2024 17:15:25.324829102 CEST	49719	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:25.324975967 CEST	49720	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:25.329838991 CEST	80	49719	208.87.207.3	192.168.2.17
May 24, 2024 17:15:25.329938889 CEST	49719	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:25.330128908 CEST	49719	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:25.334564924 CEST	80	49720	208.87.207.3	192.168.2.17
May 24, 2024 17:15:25.334660053 CEST	49720	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:25.339427948 CEST	80	49719	208.87.207.3	192.168.2.17
May 24, 2024 17:15:25.359899044 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:25.359970093 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:25.360078096 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:26.182389975 CEST	49712	443	192.168.2.17	142.250.185.132
May 24, 2024 17:15:26.182415962 CEST	443	49712	142.250.185.132	192.168.2.17
May 24, 2024 17:15:27.255500078 CEST	80	49720	208.87.207.3	192.168.2.17
May 24, 2024 17:15:27.255686045 CEST	49720	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:27.692823887 CEST	80	49719	208.87.207.3	192.168.2.17
May 24, 2024 17:15:27.692889929 CEST	49719	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:27.693248987 CEST	49719	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:27.705574989 CEST	80	49719	208.87.207.3	192.168.2.17
May 24, 2024 17:15:28.099040985 CEST	49720	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:28.104509115 CEST	80	49720	208.87.207.3	192.168.2.17
May 24, 2024 17:15:32.337511063 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:32.640254021 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:33.245083094 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:34.456046104 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:34.495342016 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:34.495425940 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:34.495532990 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:34.496778011 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:34.496809959 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.206227064 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.206341028 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.209244967 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.209254980 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.209630013 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.249305010 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.294503927 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.502178907 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.502342939 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.502546072 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.502546072 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.502546072 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.545665026 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.545751095 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.545885086 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.546190977 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.546205044 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:35.812011003 CEST	49724	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:35.812040091 CEST	443	49724	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.258084059 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.258263111 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.259640932 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.259669065 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.260456085 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.261642933 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.306507111 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.499402046 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:36.574152946 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.574250937 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.574377060 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.575233936 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.575247049 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.575300932 CEST	49725	443	192.168.2.17	184.28.90.27
May 24, 2024 17:15:36.575308084 CEST	443	49725	184.28.90.27	192.168.2.17
May 24, 2024 17:15:36.801032066 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:36.863131046 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:37.404278040 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:38.608052015 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:41.021090031 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:41.676089048 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:44.961245060 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:45.265101910 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:45.825256109 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:45.873080969 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:47.085073948 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:49.497085094 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:51.284167051 CEST	49675	443	192.168.2.17	204.79.197.203
May 24, 2024 17:15:54.306128979 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:15:55.426134109 CEST	49680	443	192.168.2.17	20.189.173.13
May 24, 2024 17:15:55.699101925 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:55.699197054 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:55.699331045 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:55.699609041 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:55.699645996 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.177407026 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.177495956 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.177607059 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.220880985 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.220958948 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.525402069 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.525542974 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.544835091 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.544877052 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.545825958 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.546375036 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.546452045 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.546597004 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.864116907 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.864346027 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.868583918 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.868637085 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.869076014 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.909136057 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.922976971 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:56.966572046 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:56.992161989 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992217064 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992264986 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992326021 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.992397070 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992434025 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992435932 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.992508888 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.992727041 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.992760897 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:56.992789984 CEST	49726	443	192.168.2.17	40.126.32.134
May 24, 2024 17:15:56.992804050 CEST	443	49726	40.126.32.134	192.168.2.17
May 24, 2024 17:15:57.027556896 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:57.032262087 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:57.032350063 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:57.032418966 CEST	443	49727	13.107.5.88	192.168.2.17
May 24, 2024 17:15:57.032458067 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:57.032499075 CEST	49727	443	192.168.2.17	13.107.5.88
May 24, 2024 17:15:57.101594925 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.101646900 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:57.101948977 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.104744911 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.104764938 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:57.718710899 CEST	49729	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:57.718902111 CEST	49730	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:57.724178076 CEST	80	49729	208.87.207.3	192.168.2.17
May 24, 2024 17:15:57.724296093 CEST	49729	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:57.724452019 CEST	49729	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:57.728966951 CEST	80	49730	208.87.207.3	192.168.2.17
May 24, 2024 17:15:57.729075909 CEST	49730	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:57.733897924 CEST	80	49729	208.87.207.3	192.168.2.17
May 24, 2024 17:15:57.766635895 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:57.766741037 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.808516979 CEST	49699	80	192.168.2.17	93.184.221.240
May 24, 2024 17:15:57.833404064 CEST	80	49699	93.184.221.240	192.168.2.17
May 24, 2024 17:15:57.833611012 CEST	49699	80	192.168.2.17	93.184.221.240
May 24, 2024 17:15:57.840893984 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.840919971 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:57.841854095 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:57.841913939 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.844532967 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:57.844585896 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.077955961 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:58.078005075 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:58.078125000 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:58.078496933 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:58.078516960 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:58.528774023 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.528867006 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.528887033 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.529099941 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533499002 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.533636093 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533651114 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.533682108 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.533694983 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533703089 CEST	443	49728	2.23.209.133	192.168.2.17
May 24, 2024 17:15:58.533716917 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533727884 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533756018 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:58.533993959 CEST	49728	443	192.168.2.17	2.23.209.133
May 24, 2024 17:15:59.446751118 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.446887016 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.449178934 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.449204922 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.449551105 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.450890064 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.498506069 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.605410099 CEST	80	49730	208.87.207.3	192.168.2.17
May 24, 2024 17:15:59.605649948 CEST	49730	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:59.847063065 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.847137928 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.847193003 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.847394943 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.847445965 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.847497940 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.847518921 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.863989115 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.864063978 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.864159107 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.864192963 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.864217043 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.864262104 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.864291906 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.864347935 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.864365101 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.864394903 CEST	49731	443	192.168.2.17	20.114.59.183
May 24, 2024 17:15:59.864403009 CEST	443	49731	20.114.59.183	192.168.2.17
May 24, 2024 17:15:59.900001049 CEST	80	49729	208.87.207.3	192.168.2.17
May 24, 2024 17:15:59.900140047 CEST	49729	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:59.900500059 CEST	49729	80	192.168.2.17	208.87.207.3
May 24, 2024 17:15:59.971373081 CEST	80	49729	208.87.207.3	192.168.2.17
May 24, 2024 17:16:00.184242964 CEST	49730	80	192.168.2.17	208.87.207.3
May 24, 2024 17:16:00.189311028 CEST	80	49730	208.87.207.3	192.168.2.17
May 24, 2024 17:16:03.919179916 CEST	49682	80	192.168.2.17	192.229.211.108
May 24, 2024 17:16:14.769526958 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:14.769632101 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:14.769855976 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:14.770086050 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:14.770113945 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:15.436517000 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:15.436959982 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:15.437025070 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:15.438137054 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:15.438540936 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:15.438726902 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:15.487289906 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:25.329442024 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:25.329583883 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:25.329788923 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:26.187143087 CEST	49733	443	192.168.2.17	142.250.185.132
May 24, 2024 17:16:26.187213898 CEST	443	49733	142.250.185.132	192.168.2.17
May 24, 2024 17:16:59.916312933 CEST	49735	80	192.168.2.17	208.87.207.3
May 24, 2024 17:16:59.916626930 CEST	49736	80	192.168.2.17	208.87.207.3
May 24, 2024 17:16:59.995423079 CEST	80	49735	208.87.207.3	192.168.2.17
May 24, 2024 17:16:59.995434999 CEST	80	49736	208.87.207.3	192.168.2.17
May 24, 2024 17:16:59.995558977 CEST	49735	80	192.168.2.17	208.87.207.3
May 24, 2024 17:16:59.996032000 CEST	49736	80	192.168.2.17	208.87.207.3
May 24, 2024 17:16:59.996032000 CEST	49736	80	192.168.2.17	208.87.207.3
May 24, 2024 17:17:00.049191952 CEST	80	49736	208.87.207.3	192.168.2.17
May 24, 2024 17:17:01.899276972 CEST	80	49735	208.87.207.3	192.168.2.17
May 24, 2024 17:17:01.899368048 CEST	49735	80	192.168.2.17	208.87.207.3
May 24, 2024 17:17:01.950544119 CEST	80	49736	208.87.207.3	192.168.2.17
May 24, 2024 17:17:01.950761080 CEST	49736	80	192.168.2.17	208.87.207.3
May 24, 2024 17:17:01.950942039 CEST	49736	80	192.168.2.17	208.87.207.3
May 24, 2024 17:17:01.960794926 CEST	80	49736	208.87.207.3	192.168.2.17
May 24, 2024 17:17:02.203824997 CEST	49735	80	192.168.2.17	208.87.207.3
May 24, 2024 17:17:02.208895922 CEST	80	49735	208.87.207.3	192.168.2.17

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 17:15:09.906711102 CEST	53	57038	1.1.1.1	192.168.2.17
May 24, 2024 17:15:09.922792912 CEST	61191	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:09.923002005 CEST	49976	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:09.935329914 CEST	63312	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:09.935432911 CEST	54106	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:10.027417898 CEST	53	51479	1.1.1.1	192.168.2.17
May 24, 2024 17:15:10.934705019 CEST	64280	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:10.934919119 CEST	61248	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:10.946005106 CEST	52519	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:10.946249962 CEST	52119	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:11.073591948 CEST	53	65324	1.1.1.1	192.168.2.17
May 24, 2024 17:15:11.086703062 CEST	53	63312	1.1.1.1	192.168.2.17
May 24, 2024 17:15:11.755438089 CEST	53	52519	1.1.1.1	192.168.2.17
May 24, 2024 17:15:11.774220943 CEST	53	64280	1.1.1.1	192.168.2.17
May 24, 2024 17:15:11.823348045 CEST	53	61191	1.1.1.1	192.168.2.17
May 24, 2024 17:15:14.682626009 CEST	53	49976	1.1.1.1	192.168.2.17
May 24, 2024 17:15:14.718341112 CEST	63947	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:14.718564987 CEST	63107	53	192.168.2.17	1.1.1.1
May 24, 2024 17:15:14.740149021 CEST	53	63947	1.1.1.1	192.168.2.17
May 24, 2024 17:15:14.764375925 CEST	53	63107	1.1.1.1	192.168.2.17
May 24, 2024 17:15:15.252300978 CEST	53	54106	1.1.1.1	192.168.2.17
May 24, 2024 17:15:15.377660036 CEST	53	61248	1.1.1.1	192.168.2.17
May 24, 2024 17:15:15.959043980 CEST	53	52119	1.1.1.1	192.168.2.17
May 24, 2024 17:15:28.163510084 CEST	53	60274	1.1.1.1	192.168.2.17
May 24, 2024 17:15:47.162631989 CEST	53	62886	1.1.1.1	192.168.2.17
May 24, 2024 17:16:09.819340944 CEST	53	57482	1.1.1.1	192.168.2.17
May 24, 2024 17:16:09.910640955 CEST	53	62091	1.1.1.1	192.168.2.17
May 24, 2024 17:16:33.728416920 CEST	138	138	192.168.2.17	192.168.2.255
May 24, 2024 17:16:38.828963041 CEST	53	58825	1.1.1.1	192.168.2.17

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 24, 2024 17:15:11.755558968 CEST	192.168.2.17	1.1.1.1	c1fc	(Port unreachable)	Destination Unreachable
May 24, 2024 17:15:14.682702065 CEST	192.168.2.17	1.1.1.1	c1ec	(Port unreachable)	Destination Unreachable
May 24, 2024 17:15:15.960206032 CEST	192.168.2.17	1.1.1.1	c1ec	(Port unreachable)	Destination Unreachable
May 24, 2024 17:16:09.910866976 CEST	192.168.2.17	1.1.1.1	c231	(Port unreachable)	Destination Unreachable
May 24, 2024 17:16:39.786993980 CEST	192.168.2.17	1.1.1.1	c240	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 24, 2024 17:15:09.922792912 CEST	192.168.2.17	1.1.1.1	0xe4d7	Standard query (0)	003999.cc	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:09.923002005 CEST	192.168.2.17	1.1.1.1	0x9d2c	Standard query (0)	003999.cc	65	IN (0x0001)	false
May 24, 2024 17:15:09.935329914 CEST	192.168.2.17	1.1.1.1	0x1336	Standard query (0)	003999.cc	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:09.935432911 CEST	192.168.2.17	1.1.1.1	0xd673	Standard query (0)	003999.cc	65	IN (0x0001)	false
May 24, 2024 17:15:10.934705019 CEST	192.168.2.17	1.1.1.1	0xa0b3	Standard query (0)	003999.cc	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:10.934919119 CEST	192.168.2.17	1.1.1.1	0xebd7	Standard query (0)	003999.cc	65	IN (0x0001)	false
May 24, 2024 17:15:10.946005106 CEST	192.168.2.17	1.1.1.1	0xbba	Standard query (0)	003999.cc	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:10.946249962 CEST	192.168.2.17	1.1.1.1	0x6a7	Standard query (0)	003999.cc	65	IN (0x0001)	false
May 24, 2024 17:15:14.718341112 CEST	192.168.2.17	1.1.1.1	0x5c1f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:14.718564987 CEST	192.168.2.17	1.1.1.1	0x3a24	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 24, 2024 17:15:11.086703062 CEST	1.1.1.1	192.168.2.17	0x1336	No error (0)	003999.cc		208.87.207.3	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:11.755438089 CEST	1.1.1.1	192.168.2.17	0xbba	No error (0)	003999.cc		208.87.207.3	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:11.774220943 CEST	1.1.1.1	192.168.2.17	0xa0b3	No error (0)	003999.cc		208.87.207.3	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:11.823348045 CEST	1.1.1.1	192.168.2.17	0xe4d7	No error (0)	003999.cc		208.87.207.3	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:14.682626009 CEST	1.1.1.1	192.168.2.17	0x9d2c	Server failure (2)	003999.cc	none	none	65	IN (0x0001)	false
May 24, 2024 17:15:14.740149021 CEST	1.1.1.1	192.168.2.17	0x5c1f	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
May 24, 2024 17:15:14.764375925 CEST	1.1.1.1	192.168.2.17	0x3a24	No error (0)	www.google.com			65	IN (0x0001)	false
May 24, 2024 17:15:15.252300978 CEST	1.1.1.1	192.168.2.17	0xd673	Server failure (2)	003999.cc	none	none	65	IN (0x0001)	false
May 24, 2024 17:15:15.377660036 CEST	1.1.1.1	192.168.2.17	0xebd7	Server failure (2)	003999.cc	none	none	65	IN (0x0001)	false
May 24, 2024 17:15:15.959043980 CEST	1.1.1.1	192.168.2.17	0x6a7	Server failure (2)	003999.cc	none	none	65	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fs.microsoft.com

evoke-windowsservices-tas.msedge.net

www.bing.com

003999.cc

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49708	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:12.926846027 CEST	424	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49709	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:13.736121893 CEST	424	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49711	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:13.952411890 CEST	424	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49714	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:17.933615923 CEST	450	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49719	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:25.330128908 CEST	450	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49729	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:15:57.724452019 CEST	450	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.17	49736	208.87.207.3	80	2792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 17:16:59.996032000 CEST	450	OUT	GET / HTTP/1.1 Host: 003999.cc Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49717	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:21 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E546DFkpMGb6ZxN&MD=2ShNtMHx HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-24 15:15:21 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 1e7753d1-05c1-4df3-879d-7912d785dd69 MS-RequestId: 8ff45d36-74b6-421f-ad57-21c0fee0a0f6 MS-CV: pNwImKp/IEql6Jk7.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:15:20 GMT Connection: close Content-Length: 24490
2024-05-24 15:15:21 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-24 15:15:21 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:35 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-24 15:15:35 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=176079 Date: Fri, 24 May 2024 15:15:35 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-24 15:15:36 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=176014 Date: Fri, 24 May 2024 15:15:36 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-24 15:15:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.17	49726	40.126.32.134	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:56 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4788 Host: login.live.com
2024-05-24 15:15:56 UTC	4788	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-05-24 15:15:56 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 24 May 2024 15:14:56 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: fc92e1b8-cffe-40d0-b5eb-5b4381140159 PPServer: PPV: 30 H: PH1PEPF00011E5B V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 24 May 2024 15:15:56 GMT Connection: close Content-Length: 11153
2024-05-24 15:15:56 UTC	11153	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.17	49727	13.107.5.88	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:56 UTC	537	OUT	GET /ab HTTP/1.1 Host: evoke-windowsservices-tas.msedge.net Cache-Control: no-store, no-cache X-PHOTOS-CALLERID: 9NMPJ99VJBWV X-EVOKE-RING: X-WINNEXT-RING: Public X-WINNEXT-TELEMETRYLEVEL: Basic X-WINNEXT-OSVERSION: 10.0.19045.0 X-WINNEXT-APPVERSION: 1.23082.131.0 X-WINNEXT-PLATFORM: Desktop X-WINNEXT-CANTAILOR: False X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd} X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI= If-None-Match: 2056388360_-1434155563 Accept-Encoding: gzip, deflate, br
2024-05-24 15:15:57 UTC	209	IN	HTTP/1.1 400 Bad Request X-MSEdge-Ref: Ref A: C50287D082244565BA50ABF30D05BAAC Ref B: EWR311000101053 Ref C: 2024-05-24T15:15:56Z Date: Fri, 24 May 2024 15:15:56 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49728	2.23.209.133	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:57 UTC	2573	OUT	GET /client/config?cc=CH&setlang=en-CH HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: -240 X-DeviceID: 01000A41090080B6 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbLdwc9G4NXW0wvysepFYUby6HQsx4dbYFK9qnc88LkfBB03Phu70Pm9LO1Z3LPVGbPs/LRsW%2BdmLl6xa1159b7fNE1kArN%2BlWW5tELo1E3nqdVW9vYBVOfApbYKi%2BAklyr1Fx3qo1hOG4EBit4dPFHiBhHGy7DU5bpXylPuySLpDxi%2BSHwwtvJ%2BiA1PTqn5SmbUhFxccliDvNZM1iACtn%2Bf%2BzIaXAfyAFjF5zxZFoT2I8CXCUSy%2Bm8OscreD0mF3yJRqgRA8rYNBK8BpaEvvLHyKQLRGfaW4XXnIDP2RkiFg4gOxWxElyOJjlUOgLF86zVhQRD1GPNx/uxnNwoEGsADZgAACGFFzqqYNspPqAFd4FLp7S1/dir2KX5DfHDzW6rCHipo6phu4fGjn0hwrQs0dqJtfZe/XmFxaVKmH1w72XTqo8w0oHNhXuVFimhZeTjEXhGnyULdn57%2ByzqmClJB%2BPSQ1hcBKUvmgii4Sl9xas%2Bg2mrAQlokNk1R2c8mLAZbuGSv/ZLQCQlryk/Qx4a98QOC34d%2BFp1wQe1Va612QPfFPnIGhSRBaa7qWfAVdCAsSji4pAQe/T3tDaEwKjoVWZU2qIpxY6dweu4/kecKmYkpiu6FVBulBy4KxEt7tQfcJRywQSEkAOGJXrJSMrCmuSRXvNmPe3%2BrP%2B0BtYkA2PRHWmc56N7zWVKydBqihVC8AUCuDb4pnZo3izqISHgkrtQsqH1vZlTyTK3HpKzbIc9w3QZFLk3/c0r1GEYBQFvMmXtkLqikefKWoyoOYSQnndh/kRwGRi/1BE6Cn6P/W5HPPflCHcpNj21EIhN/ndqG/R7oFZv63JxWljPzEXlMcTmAmgUdQ1j%2B2Qjwa1XfM%2BUJ%2Bd9Xt5UuoEjGyOw38XkZxTu1H04tfutFPyi8kLjasUS0Ezb [TRUNCATED] X-Agent-DeviceId: 01000A41090080B6 X-BM-CBT: 1716563754 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-GB, en, en-US X-Device-Touch: false X-Device-ClientSession: EDF8E3E5F3044B3DA979FB2EAEAE2035 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
2024-05-24 15:15:58 UTC	1148	IN	HTTP/1.1 200 OK Content-Length: 2215 Content-Type: application/json; charset=utf-8 Cache-Control: private X-EventID: 6650af2e3aa147928f0d10599c03c270 X-AS-SetSessionMarket: de-ch UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Date: Fri, 24 May 2024 15:15:58 GMT Connection: close Set-Cookie: _EDGE_S=SID=0F771E0928616A631BFF0A80296C6B28&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Wed, 18-Jun-2025 15:15:58 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=0F771E0928616A631BFF0A80296C6B28; domain=.bing.com; path=/; secure; SameSite=None Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.05d01702.1716563758.15202bc9
2024-05-24 15:15:58 UTC	2215	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.17	49731	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-05-24 15:15:59 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=E546DFkpMGb6ZxN&MD=2ShNtMHx HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-24 15:15:59 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440" MS-CorrelationId: 574ae126-d96e-4407-b2da-047a43b54b21 MS-RequestId: 023753fe-6c8e-4c5a-95af-c89b81d2d479 MS-CV: TEU12Yut70eXic5Z.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 24 May 2024 15:15:58 GMT Connection: close Content-Length: 25457
2024-05-24 15:15:59 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-24 15:15:59 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	11:15:08
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://003999.cc/
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	11:15:08
Start date:	24/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,12680556817014526229,917292514518733090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://003999.cc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3736, Parent PID: 5756

General

Chronological Activities

Analysis Process: chrome.exePID: 2792, Parent PID: 3736

General

Chronological Activities

Disassembly

Windows Analysis Report
http://003999.cc