Edit tour

Windows Analysis Report
Hirepool Finance Report.html

Overview

General Information

Sample name:	Hirepool Finance Report.html
Analysis ID:	1467265
MD5:	663ff785ef14615c763d83727d631f94
SHA1:	53eeb51d79d6794b5331b2dcb8a18c58d6aad93d
SHA256:	9dc973e86644ae3a7e12863b02b8b87e026b08818fc1fbe8a337155f834b9be5
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected javascript redirector / loader

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Hirepool Finance Report.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2136,i,10338269528735008511,460773570327190873,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Detected javascript redirector / loader

Source: Hirepool Finance Report.html

HTTP Parser: Low number of body elements: 2

Source: Hirepool Finance Report.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49757 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 124.47.150.19 124.47.150.19

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6YkUmhOdfOzn49g&MD=pYxdHm2T HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6YkUmhOdfOzn49g&MD=pYxdHm2T HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: url.au.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: Hirepool Finance Report.html

String found in binary or memory: https://url.au.m.mimecastprotect.com/s/LlaXCyojE0Cq3vNul1-F0?domain=ayssaless.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49757 version: TLS 1.2

Source: classification engine

Classification label: sus21.phis.winHTML@28/0@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\174fea97-343a-4afb-af37-3531b972c232.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Hirepool Finance Report.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2136,i,10338269528735008511,460773570327190873,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2136,i,10338269528735008511,460773570327190873,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html	0%	Avira URL Cloud	safe
https://url.au.m.mimecastprotect.com/s/LlaXCyojE0Cq3vNul1-F0?domain=ayssaless.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
url.au.m.mimecastprotect.com	124.47.150.19	true	false		unknown
www.google.com	216.58.206.36	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://url.au.m.mimecastprotect.com/s/LlaXCyojE0Cq3vNul1-F0?domain=ayssaless.com	Hirepool Finance Report.html	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
124.47.150.19	url.au.m.mimecastprotect.com	Australia	17477	MCT-SYDNEYMacquarieTelecomAU	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467265
Start date and time:	2024-07-03 23:33:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Hirepool Finance Report.html
Detection:	SUS
Classification:	sus21.phis.winHTML@28/0@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.133.84, 216.58.212.142, 142.250.185.67, 34.104.35.123, 142.250.74.202, 172.217.16.202, 172.217.18.10, 142.250.186.138, 142.250.186.170, 142.250.184.234, 216.58.206.74, 142.250.186.74, 142.250.185.74, 142.250.184.202, 172.217.23.106, 142.250.181.234, 142.250.186.42, 172.217.18.106, 142.250.186.106, 172.217.16.138, 192.229.221.95, 93.184.221.240, 142.250.185.142
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: Hirepool Finance Report.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage do not contain any elements indicating the presence of a login form.","The text of the webpage does not create a sense of urgency or interest.","The webpage does not contain any CAPTCHA or anti-robot detection mechanism."]}
Title: Outlk OCR: CONNECTION FAILED Mir

Input

Output

URL: file:///C:/Users/user/Desktop/Hirepool%20Finance%20Report.html Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage do not contain any elements indicating the presence of a login form.","The text of the webpage does not create a sense of urgency or interest.","The webpage does not contain any CAPTCHA or anti-robot detection mechanism."]}

Title: Outlk OCR: CONNECTION FAILED Mir

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	http://sagility.com	Get hash	malicious	Unknown	Browse
	https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382	Get hash	malicious	HTMLPhisher	Browse
	http://customer-easyparkas.com/	Get hash	malicious	Unknown	Browse
	http://camilacamargonails.com/proposal	Get hash	malicious	Unknown	Browse
	https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//newguy343rwetr3434.pages.dev/#?email=ZGlhbmUucHVydmV5QGtwdS5jYQ==	Get hash	malicious	Unknown	Browse
	https://us-west-2.protection.sophos.com/?d=ccl.org&u=aHR0cHM6Ly93d3cuY2NsLm9yZy9sZWFkZXJzaGlwLXNvbHV0aW9ucy9sZWFkZXJzaGlwLWNvYWNoaW5nL2V4ZWN1dGl2ZS1jb2FjaGluZy8=&i=NjI5NzZmYjdjMjFiNDIxMjEzN2I5MjQ0&t=MEZ3VmI0U1h1SlZJSHQ0MUZXZm5xMUNoZDhEZ0JwdWlUR3IzWnpoUUgyRT0=&h=54867f59a225422a805dc298de38f9c8&s=AVNPUEhUT0NFTkNSWVBUSVaqVc7akbkrLF9qV6KT1t7Wq__wYhcpX8W-U88SzpdSfA	Get hash	malicious	Unknown	Browse
	https://download2332.mediafire.com/	Get hash	malicious	Unknown	Browse
	https://payyit.com/	Get hash	malicious	Unknown	Browse
	https://reliancechemicals.com.au/	Get hash	malicious	Unknown	Browse
	https://vogelgormanplc-my.sharepoint.com/:o:/g/personal/mcook_vgllaw_com/EoWNEiRfVRJGgG47q5PYhKIBkV4CjNWUYZjZU9msILDe-Q?e=5%3akZcnSr&at=9&xsdata=MDV8MDJ8bWljaGFlbC5tY2d1aXJlQHhjZWxlbmVyZ3kuY29tfDMwN2U0MjVlMmE1MTQwYjJkYjg1MDhkYzliOTRmMTNhfDI0YjJhNTgzNWMwNTRiNmFiNGU5NGUxMmRjMDAyNWFkfDB8MHw2Mzg1NTYzMTEyNDIyMTkzODh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=dWtMc0lWaVl3YitOcHQ2VURyZ0hXdUMxNk9mMFJEY3JRc3Rob3U2emVDYz0%3d	Get hash	malicious	HTMLPhisher	Browse
124.47.150.19	David Boampong shared EFT Remittance payment Report # 056 dated 06-17-2... (61.2 KB).msg	Get hash	malicious	HTMLPhisher	Browse
	https://url.au.m.mimecastprotect.com/s/T2-VCXLKZ1TVYENZh6TBsR?domain=phoenixmayflower-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	https://url.au.m.mimecastprotect.com/s/mjsWCGv0k9hBOJLgS7iTae?domain=login.websonnsenndshares-pages.online	Get hash	malicious	Unknown	Browse
	package in transit.eml	Get hash	malicious	Unknown	Browse
	https://protect-au.mimecast.com/s/dNAHC0YZW1ipLk2ntwDG_g?domain=laooug168.mikecrm.com	Get hash	malicious	Unknown	Browse
	https://protect-au.mimecast.com/s/IIo7C5QZ26uV9OkkFziLmR?domain=wernickltd-my.sharepoint.com	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
url.au.m.mimecastprotect.com	David Boampong shared EFT Remittance payment Report # 056 dated 06-17-2... (61.2 KB).msg	Get hash	malicious	HTMLPhisher	Browse	124.47.150.19
	https://url.au.m.mimecastprotect.com/s/T2-VCXLKZ1TVYENZh6TBsR?domain=phoenixmayflower-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	124.47.150.19
	https://url.au.m.mimecastprotect.com/s/uuv2CgZowrsOpyOOc26VTV?domain=in.xero.com	Get hash	malicious	Unknown	Browse	103.13.69.19
	https://url.au.m.mimecastprotect.com/s/mjsWCGv0k9hBOJLgS7iTae?domain=login.websonnsenndshares-pages.online	Get hash	malicious	Unknown	Browse	124.47.150.19

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MCT-SYDNEYMacquarieTelecomAU	spc.elf	Get hash	malicious	Mirai	Browse	158.40.11.206
	SG2MZDAaW4.elf	Get hash	malicious	Mirai	Browse	124.47.138.132
	David Boampong shared EFT Remittance payment Report # 056 dated 06-17-2... (61.2 KB).msg	Get hash	malicious	HTMLPhisher	Browse	124.47.150.19
	https://url.au.m.mimecastprotect.com/s/T2-VCXLKZ1TVYENZh6TBsR?domain=phoenixmayflower-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	124.47.150.19
	KKveTTgaAAsecNNaaaa.arm.elf	Get hash	malicious	Unknown	Browse	155.187.254.238
	RsxXCSXOUK.elf	Get hash	malicious	Unknown	Browse	143.190.72.38
	https://url.au.m.mimecastprotect.com/s/mjsWCGv0k9hBOJLgS7iTae?domain=login.websonnsenndshares-pages.online	Get hash	malicious	Unknown	Browse	124.47.150.19
	i7b3uBlM8k.elf	Get hash	malicious	Mirai	Browse	155.187.48.252
	Qymt4zooqx.elf	Get hash	malicious	Mirai	Browse	158.40.11.215
	jslLfC6rf3.elf	Get hash	malicious	Mirai	Browse	158.40.153.230

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://sagility.com	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	http://customer-easyparkas.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	http://camilacamargonails.com/proposal	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	https://us-west-2.protection.sophos.com/?d=ccl.org&u=aHR0cHM6Ly93d3cuY2NsLm9yZy9sZWFkZXJzaGlwLXNvbHV0aW9ucy9sZWFkZXJzaGlwLWNvYWNoaW5nL2V4ZWN1dGl2ZS1jb2FjaGluZy8=&i=NjI5NzZmYjdjMjFiNDIxMjEzN2I5MjQ0&t=MEZ3VmI0U1h1SlZJSHQ0MUZXZm5xMUNoZDhEZ0JwdWlUR3IzWnpoUUgyRT0=&h=54867f59a225422a805dc298de38f9c8&s=AVNPUEhUT0NFTkNSWVBUSVaqVc7akbkrLF9qV6KT1t7Wq__wYhcpX8W-U88SzpdSfA	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	https://download2332.mediafire.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	https://reliancechemicals.com.au/	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	http://adobefallshomes.com	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	(No subject) (28).eml	Get hash	malicious	Unknown	Browse	184.28.90.27 52.165.165.26 173.222.162.64
	Electronic Slip_metroplus.org.html	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 52.165.165.26 173.222.162.64
3b5074b1b5d032e5620f69f9f700ff0e	SecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	SecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	Arrival Notice.exe	Get hash	malicious	AgentTesla	Browse	40.113.110.67
	https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	40.113.110.67
	file.exe	Get hash	malicious	Unknown	Browse	40.113.110.67
	http://yournewstech.com	Get hash	malicious	Unknown	Browse	40.113.110.67
	PFbc2O8eXUJp.zip	Get hash	malicious	Unknown	Browse	40.113.110.67
	https://www.bnaminexg.com/Invoice-yetdr.zip	Get hash	malicious	Unknown	Browse	40.113.110.67
	rnoahcrypter.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	40.113.110.67
	2cFFfHDG7D.msi	Get hash	malicious	AteraAgent	Browse	40.113.110.67

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 text, with very long lines (7940), with CRLF, LF line terminators
Entropy (8bit):	5.4730143675712615
TrID:
File name:	Hirepool Finance Report.html
File size:	10'456 bytes
MD5:	663ff785ef14615c763d83727d631f94
SHA1:	53eeb51d79d6794b5331b2dcb8a18c58d6aad93d
SHA256:	9dc973e86644ae3a7e12863b02b8b87e026b08818fc1fbe8a337155f834b9be5
SHA512:	aa0b135ab3abf6818260570d8e4d53eaec1b00acb89f0229e7afb7f99c89b469483eb9f5de82840f9ebc065f9980a81f38456e3a7c7d6695e884a2478b613aa7
SSDEEP:	192:nCTGr/Y2nlhkwx4vlqaaZ/xaxi6THLSmq/pXgPiu1ieyv:nC8hDiVaZpaxi6bPiOiH
TLSH:	D122D6794564813D9D03A24DEFDE975C121E8247FA130DA8376E83A14FD2AF8CADB518
File Content Preview:	.<html lang=en>. <title>Outl....k</title>. <p id="degag" style="display:none;">gareth.young@hirepool.co.nz</p>. <body>. <div id=oyt>. </div>. </body>.<script>.const PUBLIC_KEY = `QD2C0RN0TQHP36LP3L51EE6Z0AGYK1AYYHDAAF4AVUFXSPX09OYBZSRA49R27I92

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 23:34:32.716222048 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.716312885 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.721133947 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.721146107 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.721400023 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.722531080 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.722603083 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.722608089 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.722702980 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.764503002 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.899303913 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.899486065 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:32.899550915 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.899692059 CEST	49709	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:32.899702072 CEST	443	49709	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:36.194710016 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:36.194753885 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:36.538471937 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:39.601222038 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:39.601248980 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:39.601313114 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:39.601931095 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:39.601946115 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:40.441741943 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:40.441898108 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.176465988 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.176491022 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.176877975 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.179853916 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.179905891 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.179912090 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.180145979 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.220521927 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.352756977 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.352907896 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:41.352971077 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.353115082 CEST	49710	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:41.353126049 CEST	443	49710	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:42.905070066 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:42.905112028 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:42.905175924 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:42.905399084 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:42.905412912 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.099168062 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.099205017 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.099287033 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.099817038 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.099829912 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.913145065 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.913388014 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.913412094 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.914762020 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.914827108 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.915791988 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.915891886 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:43.915987015 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:43.915992975 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.038674116 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.078651905 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.078943014 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.078963995 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.080018044 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.080144882 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.080460072 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.080527067 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.080638885 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.080648899 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.230175972 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:44.230237007 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:44.230308056 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:44.231045008 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:44.231059074 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:44.288506031 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.290077925 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.290102005 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.440660954 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.440721035 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.440850973 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.499784946 CEST	49714	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.499815941 CEST	443	49714	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.622234106 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.623142004 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:44.623236895 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.623749018 CEST	49715	443	192.168.2.6	124.47.150.19
Jul 3, 2024 23:34:44.623769045 CEST	443	49715	124.47.150.19	192.168.2.6
Jul 3, 2024 23:34:45.035995007 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.036093950 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.037822962 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.037834883 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.038077116 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.041564941 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.041615009 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.041620016 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.041728973 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.088502884 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.214519978 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.214601040 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.214660883 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.214997053 CEST	49719	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:45.215013027 CEST	443	49719	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:45.865645885 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:45.928270102 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:46.282068968 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:47.252979994 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:47.253015995 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:47.253114939 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:47.253911018 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:47.253923893 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:47.899673939 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:47.899708033 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:47.899797916 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:47.901545048 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:47.901560068 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:47.922079086 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:47.922364950 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:47.922379971 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:47.923345089 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:47.923401117 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:48.290132999 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:48.290180922 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:48.290244102 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:48.290815115 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:48.290823936 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:48.649542093 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:48.649729013 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:48.702584028 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:48.702609062 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:48.751869917 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:49.520771980 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:49.520831108 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:49.530258894 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:49.530270100 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:49.530541897 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:49.584695101 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:49.696069002 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.696130991 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.700357914 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.700366020 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.700612068 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.702994108 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.703125000 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.703130007 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.703582048 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.748514891 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.822341919 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:49.868496895 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:49.878344059 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.878559113 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:49.878611088 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.879039049 CEST	49726	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:49.879051924 CEST	443	49726	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:50.012119055 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.012181044 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.012275934 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.012357950 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.012375116 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.012387037 CEST	49725	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.012392044 CEST	443	49725	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.050252914 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.050286055 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.050414085 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.050717115 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.050733089 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.712460041 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.712553024 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.831135035 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.831146955 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.831409931 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:50.833386898 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:50.880505085 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:51.024240971 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:51.024342060 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:51.024385929 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:51.025629044 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:51.025646925 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:51.025657892 CEST	49729	443	192.168.2.6	184.28.90.27
Jul 3, 2024 23:34:51.025665045 CEST	443	49729	184.28.90.27	192.168.2.6
Jul 3, 2024 23:34:52.056427002 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.056469917 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.056529999 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.057111025 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.057128906 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.872980118 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.873061895 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.875417948 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.875431061 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.875696898 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.877453089 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.877507925 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.877512932 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:52.877649069 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:52.920501947 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:53.052249908 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:53.052371025 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:53.052431107 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:53.052560091 CEST	49730	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:53.052577019 CEST	443	49730	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:56.555788040 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:56.555808067 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:56.555871010 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:56.558866978 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:56.558881998 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.162064075 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:57.169111013 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:57.264143944 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.264327049 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.265712023 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.265716076 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.266036987 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.318058968 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.331248045 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:57.331363916 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:57.331377029 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:57.331396103 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:57.331393957 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:57.331432104 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:57.331537962 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:57.345031977 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.392498970 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574568033 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574587107 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574594975 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574635029 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574646950 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574656010 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574670076 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.574682951 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.574740887 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.574820042 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.574975014 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.575094938 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.575103045 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.575514078 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.575926065 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.719472885 CEST	49735	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:34:57.719485998 CEST	443	49735	52.165.165.26	192.168.2.6
Jul 3, 2024 23:34:57.820353031 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:57.820427895 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:57.820472956 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:58.257888079 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:58.257920980 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:58.257976055 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:58.259435892 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:58.259450912 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:58.695714951 CEST	49723	443	192.168.2.6	216.58.206.36
Jul 3, 2024 23:34:58.695741892 CEST	443	49723	216.58.206.36	192.168.2.6
Jul 3, 2024 23:34:58.851488113 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:58.856331110 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:59.025315046 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:34:59.025377989 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:34:59.057900906 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.057984114 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.059977055 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.059984922 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.060265064 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.061641932 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.061696053 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.061703920 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.061836958 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.104497910 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.245222092 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.245733976 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:34:59.248193979 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.248339891 CEST	49738	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:34:59.248353958 CEST	443	49738	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:04.043049097 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:04.043082952 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:04.043221951 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:04.044589996 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:04.044605017 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.112313032 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.112404108 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.116548061 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.116560936 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.116822958 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.126868010 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.127070904 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.127078056 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.127494097 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.168512106 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.309607983 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.309694052 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:05.309873104 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.310869932 CEST	49743	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:05.310883045 CEST	443	49743	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:07.498418093 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:07.498445988 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:07.498512030 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:07.499089956 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:07.499102116 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.394618034 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.394689083 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.396358967 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.396365881 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.396599054 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.397784948 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.397860050 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.397866011 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.397943974 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.444510937 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.572556973 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.572638035 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:08.572796106 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.572979927 CEST	49744	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:08.572994947 CEST	443	49744	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:09.025629997 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:35:09.025646925 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 3, 2024 23:35:09.025702953 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 3, 2024 23:35:22.739331007 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:22.739366055 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:22.739450932 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:22.743827105 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:22.743841887 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.546212912 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.546320915 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.554275990 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.554284096 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.554639101 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.559263945 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.559608936 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.559614897 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.560049057 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.600507021 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.741446972 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.741763115 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:23.741811037 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.741991043 CEST	49745	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:23.742007971 CEST	443	49745	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:26.473025084 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:26.473061085 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:26.473131895 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:26.473774910 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:26.473790884 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.291016102 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.291093111 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.292726994 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.292736053 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.293059111 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.294300079 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.294339895 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.294352055 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.294433117 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.336509943 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.472299099 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.472470999 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:27.472532034 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.476725101 CEST	49746	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:27.476739883 CEST	443	49746	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:35.250016928 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:35.250046015 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:35.250127077 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:35.250696898 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:35.250711918 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:35.985440969 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:35.986136913 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:35.987037897 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:35.987045050 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:35.987287045 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:35.997078896 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.044508934 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.268492937 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.268521070 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.268534899 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.268726110 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.268743992 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.268896103 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.269812107 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.269848108 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.269908905 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.269915104 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.269932032 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.269989967 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.286084890 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.286084890 CEST	49747	443	192.168.2.6	52.165.165.26
Jul 3, 2024 23:35:36.286098957 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:36.286103010 CEST	443	49747	52.165.165.26	192.168.2.6
Jul 3, 2024 23:35:45.957636118 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:45.957679033 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:45.957798958 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:45.960607052 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:45.960633039 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.806191921 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.806282043 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.808630943 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.808643103 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.808888912 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.814071894 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.814245939 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.814254045 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.814506054 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.860503912 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.995752096 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.996105909 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:46.996160984 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.996360064 CEST	49749	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:46.996377945 CEST	443	49749	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:47.367104053 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:47.367139101 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:47.367227077 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:47.367465973 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:47.367472887 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:48.023688078 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:48.074167967 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:48.089039087 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:48.089055061 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:48.089442015 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:48.091943979 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:48.092011929 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:48.135423899 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:53.945086002 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:53.945138931 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:53.945214987 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:53.945979118 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:53.945998907 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:54.772819996 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:54.772893906 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.787142038 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.787177086 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:54.787395954 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:54.835253000 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.845082998 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.845122099 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.845139980 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:54.846601963 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:54.888499022 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:55.026534081 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:55.026667118 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:55.026873112 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:55.027115107 CEST	49751	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:35:55.027133942 CEST	443	49751	40.113.110.67	192.168.2.6
Jul 3, 2024 23:35:57.936736107 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:57.936817884 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:35:57.936876059 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:59.055921078 CEST	49750	443	192.168.2.6	142.250.186.164
Jul 3, 2024 23:35:59.056000948 CEST	443	49750	142.250.186.164	192.168.2.6
Jul 3, 2024 23:36:17.390216112 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:17.390266895 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:17.390542984 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:17.392235041 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:17.392241001 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.205631018 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.205791950 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.209036112 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.209048986 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.209256887 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.210897923 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.210992098 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.210997105 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.211250067 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.252505064 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.387367964 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.387548923 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:18.387628078 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.387775898 CEST	49754	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:18.387795925 CEST	443	49754	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:27.596991062 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:27.597034931 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:27.597193956 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:27.598160982 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:27.598175049 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.589591980 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.589665890 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.751585960 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.751620054 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.751909018 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.753273964 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.753336906 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.753343105 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.753458023 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.800515890 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.947889090 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.948127031 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.948173046 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.948990107 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:28.949011087 CEST	443	49755	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:28.949024916 CEST	49755	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.127835989 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.127871990 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.128138065 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.130280972 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.130297899 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.961169004 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.961236954 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.966154099 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.966162920 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.966397047 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.976295948 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.976593018 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:58.976598978 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:58.976807117 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:59.024504900 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:59.156876087 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:59.157324076 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:59.157376051 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:59.158104897 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:36:59.158122063 CEST	443	49756	40.113.110.67	192.168.2.6
Jul 3, 2024 23:36:59.158132076 CEST	49756	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:21.552664042 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:21.552692890 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:21.552768946 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:21.555430889 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:21.555445910 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.354677916 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.354748011 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.356332064 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.356342077 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.356575966 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.357873917 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.357929945 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.357935905 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.358019114 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.400512934 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.539160967 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.539930105 CEST	49757	443	192.168.2.6	40.113.110.67
Jul 3, 2024 23:37:22.539948940 CEST	443	49757	40.113.110.67	192.168.2.6
Jul 3, 2024 23:37:22.540138006 CEST	49757	443	192.168.2.6	40.113.110.67

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 23:34:42.638978004 CEST	53	52141	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:42.681844950 CEST	53	58766	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:42.857940912 CEST	56290	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:34:42.858231068 CEST	52771	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:34:42.881194115 CEST	53	56290	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:42.897867918 CEST	53	52771	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:43.715720892 CEST	53	62801	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:47.041830063 CEST	53	57389	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:47.243392944 CEST	57063	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:34:47.244080067 CEST	52459	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:34:47.251008034 CEST	53	57063	1.1.1.1	192.168.2.6
Jul 3, 2024 23:34:47.251025915 CEST	53	52459	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:01.099519014 CEST	53	49290	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:20.290601015 CEST	53	56254	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:42.569616079 CEST	53	58487	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:42.768804073 CEST	53	51240	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:47.359473944 CEST	59445	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:35:47.359791040 CEST	50912	53	192.168.2.6	1.1.1.1
Jul 3, 2024 23:35:47.366118908 CEST	53	59445	1.1.1.1	192.168.2.6
Jul 3, 2024 23:35:47.366411924 CEST	53	50912	1.1.1.1	192.168.2.6
Jul 3, 2024 23:36:11.344434977 CEST	53	52198	1.1.1.1	192.168.2.6
Jul 3, 2024 23:36:57.911823034 CEST	53	53220	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 23:34:42.857940912 CEST	192.168.2.6	1.1.1.1	0x2dc	Standard query (0)	url.au.m.mimecastprotect.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:34:42.858231068 CEST	192.168.2.6	1.1.1.1	0xfba7	Standard query (0)	url.au.m.mimecastprotect.com	65	IN (0x0001)	false
Jul 3, 2024 23:34:47.243392944 CEST	192.168.2.6	1.1.1.1	0xcc52	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:34:47.244080067 CEST	192.168.2.6	1.1.1.1	0x50c8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 3, 2024 23:35:47.359473944 CEST	192.168.2.6	1.1.1.1	0x251	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:35:47.359791040 CEST	192.168.2.6	1.1.1.1	0x10e4	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 23:34:42.881194115 CEST	1.1.1.1	192.168.2.6	0x2dc	No error (0)	url.au.m.mimecastprotect.com	124.47.150.19	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:34:42.881194115 CEST	1.1.1.1	192.168.2.6	0x2dc	No error (0)	url.au.m.mimecastprotect.com	103.13.69.19	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:34:47.251008034 CEST	1.1.1.1	192.168.2.6	0xcc52	No error (0)	www.google.com	216.58.206.36	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:34:47.251025915 CEST	1.1.1.1	192.168.2.6	0x50c8	No error (0)	www.google.com		65	IN (0x0001)	false
Jul 3, 2024 23:35:47.366118908 CEST	1.1.1.1	192.168.2.6	0x251	No error (0)	www.google.com	142.250.186.164	A (IP address)	IN (0x0001)	false
Jul 3, 2024 23:35:47.366411924 CEST	1.1.1.1	192.168.2.6	0x10e4	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 3, 2024 23:34:57.331377029 CEST	173.222.162.64	443	192.168.2.6	49705	CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=Microsoft Azure ECC TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 24 18:16:15 CEST 2024 Thu Jun 08 02:00:00 CEST 2023	Thu Jun 19 18:16:15 CEST 2025 Wed Aug 26 01:59:59 CEST 2026	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
Jul 3, 2024 23:34:57.331377029 CEST	173.222.162.64	443	192.168.2.6	49705	CN=Microsoft Azure ECC TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026		28a2c9bd18a11de089ef85a160da29e4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 73 64 78 67 72 43 2f 4c 45 61 32 42 4b 6a 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 37 64 61 30 63 34 36 62 33 32 36 65 39 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: CsdxgrC/LEa2BKjI.1Context: 1a7da0c46b326e93
2024-07-03 21:34:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:32 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 43 73 64 78 67 72 43 2f 4c 45 61 32 42 4b 6a 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 37 64 61 30 63 34 36 62 33 32 36 65 39 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: CsdxgrC/LEa2BKjI.2Context: 1a7da0c46b326e93<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:32 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 43 73 64 78 67 72 43 2f 4c 45 61 32 42 4b 6a 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 37 64 61 30 63 34 36 62 33 32 36 65 39 33 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: CsdxgrC/LEa2BKjI.3Context: 1a7da0c46b326e93
2024-07-03 21:34:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 57 4f 79 2f 50 65 6f 4a 6b 4f 63 66 75 44 6c 34 38 4d 42 30 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6WOy/PeoJkOcfuDl48MB0g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49710	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:41 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 4e 41 61 30 70 37 51 4e 55 57 47 56 65 2b 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 61 38 34 30 64 63 32 61 66 34 39 64 66 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: YNAa0p7QNUWGVe+C.1Context: d5a840dc2af49dfa
2024-07-03 21:34:41 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:41 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 59 4e 41 61 30 70 37 51 4e 55 57 47 56 65 2b 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 61 38 34 30 64 63 32 61 66 34 39 64 66 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: YNAa0p7QNUWGVe+C.2Context: d5a840dc2af49dfa<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:41 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 59 4e 41 61 30 70 37 51 4e 55 57 47 56 65 2b 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 61 38 34 30 64 63 32 61 66 34 39 64 66 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: YNAa0p7QNUWGVe+C.3Context: d5a840dc2af49dfa
2024-07-03 21:34:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6c 44 7a 79 47 74 74 44 32 30 57 7a 4f 49 53 37 46 51 62 77 43 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: lDzyGttD20WzOIS7FQbwCg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49714	124.47.150.19	443	6112	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:43 UTC	530	OUT	OPTIONS /s/LlaXCyojE0Cq3vNul1-F0?domain=ayssaless.com&qrc=gareth.young@hirepool.co.nz HTTP/1.1 Host: url.au.m.mimecastprotect.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: qrc-auth Origin: null User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 21:34:44 UTC	111	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 21:34:44 GMT Content-Length: 0 Connection: close Allow: GET,POST

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49715	124.47.150.19	443	6112	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:44 UTC	530	OUT	OPTIONS /s/LlaXCyojE0Cq3vNul1-F0?domain=ayssaless.com&qrc=gareth.young@hirepool.co.nz HTTP/1.1 Host: url.au.m.mimecastprotect.com Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: qrc-auth Origin: null User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 21:34:44 UTC	111	IN	HTTP/1.1 200 OK Date: Wed, 03 Jul 2024 21:34:44 GMT Content-Length: 0 Connection: close Allow: GET,POST

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49719	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 78 2f 39 6b 46 50 4d 6b 6b 4b 64 61 4c 4b 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 61 38 65 63 39 35 31 30 63 38 39 38 32 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cx/9kFPMkkKdaLKE.1Context: 5aa8ec9510c89822
2024-07-03 21:34:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:45 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 63 78 2f 39 6b 46 50 4d 6b 6b 4b 64 61 4c 4b 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 61 38 65 63 39 35 31 30 63 38 39 38 32 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: cx/9kFPMkkKdaLKE.2Context: 5aa8ec9510c89822<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 78 2f 39 6b 46 50 4d 6b 6b 4b 64 61 4c 4b 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 61 61 38 65 63 39 35 31 30 63 38 39 38 32 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cx/9kFPMkkKdaLKE.3Context: 5aa8ec9510c89822<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:34:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 66 4e 6d 77 33 58 57 33 4b 6b 6d 45 2b 63 76 67 32 48 58 77 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: fNmw3XW3KkmE+cvg2HXwoA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49726	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:49 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 39 45 6f 46 30 63 62 30 55 36 35 70 46 65 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 33 32 34 62 37 30 38 62 62 62 64 37 32 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: K9EoF0cb0U65pFer.1Context: 63324b708bbbd72a
2024-07-03 21:34:49 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:49 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4b 39 45 6f 46 30 63 62 30 55 36 35 70 46 65 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 33 32 34 62 37 30 38 62 62 62 64 37 32 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: K9EoF0cb0U65pFer.2Context: 63324b708bbbd72a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:49 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4b 39 45 6f 46 30 63 62 30 55 36 35 70 46 65 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 33 32 34 62 37 30 38 62 62 62 64 37 32 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: K9EoF0cb0U65pFer.3Context: 63324b708bbbd72a
2024-07-03 21:34:49 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:49 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 75 64 61 6e 58 41 4c 6a 55 32 41 61 67 6e 6a 44 37 4b 79 6d 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6udanXALjU2AagnjD7Kymw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49725	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 21:34:50 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=66855 Date: Wed, 03 Jul 2024 21:34:49 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 21:34:51 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66864 Date: Wed, 03 Jul 2024 21:34:50 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-03 21:34:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49730	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 6c 62 6a 70 69 74 4b 66 6b 61 66 53 4a 76 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 35 39 30 38 38 65 37 38 66 32 35 64 33 38 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ElbjpitKfkafSJvb.1Context: f59088e78f25d38c
2024-07-03 21:34:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:52 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 45 6c 62 6a 70 69 74 4b 66 6b 61 66 53 4a 76 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 35 39 30 38 38 65 37 38 66 32 35 64 33 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: ElbjpitKfkafSJvb.2Context: f59088e78f25d38c<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 6c 62 6a 70 69 74 4b 66 6b 61 66 53 4a 76 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 35 39 30 38 38 65 37 38 66 32 35 64 33 38 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ElbjpitKfkafSJvb.3Context: f59088e78f25d38c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:34:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 44 6d 5a 66 52 4a 67 33 45 53 71 45 30 31 4d 36 59 65 6d 4a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: iDmZfRJg3ESqE01M6YemJQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49735	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:57 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6YkUmhOdfOzn49g&MD=pYxdHm2T HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-03 21:34:57 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6676124b-e0ff-4e7a-bf99-6dd28af7019f MS-RequestId: ed3ea9e3-a70e-4f07-bde2-ddee83c076dc MS-CV: moIfN889ZE6Lz54a.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 03 Jul 2024 21:34:57 GMT Connection: close Content-Length: 24490
2024-07-03 21:34:57 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-03 21:34:57 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49738	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:34:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 6f 55 6f 53 62 4d 38 30 45 47 30 53 66 33 37 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 65 33 66 63 39 35 63 38 61 34 34 31 37 61 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: moUoSbM80EG0Sf37.1Context: 8e3fc95c8a4417a6
2024-07-03 21:34:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:34:59 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6d 6f 55 6f 53 62 4d 38 30 45 47 30 53 66 33 37 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 65 33 66 63 39 35 63 38 61 34 34 31 37 61 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: moUoSbM80EG0Sf37.2Context: 8e3fc95c8a4417a6<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:34:59 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6d 6f 55 6f 53 62 4d 38 30 45 47 30 53 66 33 37 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 65 33 66 63 39 35 63 38 61 34 34 31 37 61 36 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: moUoSbM80EG0Sf37.3Context: 8e3fc95c8a4417a6
2024-07-03 21:34:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:34:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 77 70 50 4c 46 5a 65 37 30 79 43 43 47 65 53 58 44 41 75 57 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UwpPLFZe70yCCGeSXDAuWg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49743	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:05 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 48 33 2b 52 72 45 79 66 6b 32 36 6e 47 78 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 39 34 31 66 63 62 62 62 64 36 33 32 38 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vH3+RrEyfk26nGxj.1Context: 90941fcbbbd63282
2024-07-03 21:35:05 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:05 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 76 48 33 2b 52 72 45 79 66 6b 32 36 6e 47 78 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 39 34 31 66 63 62 62 62 64 36 33 32 38 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: vH3+RrEyfk26nGxj.2Context: 90941fcbbbd63282<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:05 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 48 33 2b 52 72 45 79 66 6b 32 36 6e 47 78 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 39 34 31 66 63 62 62 62 64 36 33 32 38 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vH3+RrEyfk26nGxj.3Context: 90941fcbbbd63282<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:35:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 42 6a 74 62 61 63 33 51 6b 6b 4b 4e 38 53 49 58 50 68 56 38 75 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Bjtbac3QkkKN8SIXPhV8uw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49744	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 58 43 35 78 33 55 35 63 30 79 6b 6e 68 54 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 30 33 35 65 38 33 64 30 61 32 34 31 33 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hXC5x3U5c0yknhTh.1Context: b1035e83d0a24139
2024-07-03 21:35:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:08 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 68 58 43 35 78 33 55 35 63 30 79 6b 6e 68 54 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 30 33 35 65 38 33 64 30 61 32 34 31 33 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: hXC5x3U5c0yknhTh.2Context: b1035e83d0a24139<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:08 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 68 58 43 35 78 33 55 35 63 30 79 6b 6e 68 54 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 30 33 35 65 38 33 64 30 61 32 34 31 33 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: hXC5x3U5c0yknhTh.3Context: b1035e83d0a24139
2024-07-03 21:35:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 73 56 73 74 72 45 64 36 44 30 57 64 39 54 77 30 57 47 61 47 59 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: sVstrEd6D0Wd9Tw0WGaGYg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49745	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 74 2f 6d 43 70 48 38 57 6b 47 41 70 34 48 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 37 36 33 38 61 37 65 34 33 32 64 65 66 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Tt/mCpH8WkGAp4HL.1Context: ec7638a7e432deff
2024-07-03 21:35:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:23 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 54 74 2f 6d 43 70 48 38 57 6b 47 41 70 34 48 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 37 36 33 38 61 37 65 34 33 32 64 65 66 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Tt/mCpH8WkGAp4HL.2Context: ec7638a7e432deff<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:23 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 74 2f 6d 43 70 48 38 57 6b 47 41 70 34 48 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 37 36 33 38 61 37 65 34 33 32 64 65 66 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Tt/mCpH8WkGAp4HL.3Context: ec7638a7e432deff<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:35:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 62 72 63 6e 52 75 64 74 45 53 59 66 49 47 39 69 4f 33 63 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gbrcnRudtESYfIG9iO3c3g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49746	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 37 50 45 71 65 33 31 6d 45 36 67 46 6e 42 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 62 32 64 33 34 36 38 61 31 62 30 30 39 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 17PEqe31mE6gFnBm.1Context: 8fb2d3468a1b0099
2024-07-03 21:35:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:27 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 31 37 50 45 71 65 33 31 6d 45 36 67 46 6e 42 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 62 32 64 33 34 36 38 61 31 62 30 30 39 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 17PEqe31mE6gFnBm.2Context: 8fb2d3468a1b0099<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:27 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 31 37 50 45 71 65 33 31 6d 45 36 67 46 6e 42 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 66 62 32 64 33 34 36 38 61 31 62 30 30 39 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 17PEqe31mE6gFnBm.3Context: 8fb2d3468a1b0099
2024-07-03 21:35:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 56 65 77 53 56 77 4f 38 45 65 2b 43 48 51 4d 56 63 6a 6e 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UVewSVwO8Ee+CHQMVcjniw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49747	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:35 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6YkUmhOdfOzn49g&MD=pYxdHm2T HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-03 21:35:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 83896e07-183a-482f-9c13-a23240febaa0 MS-RequestId: d80c7b33-739d-469c-b1cb-4c4391445318 MS-CV: GhfDwPBYuU695imZ.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 03 Jul 2024 21:35:35 GMT Connection: close Content-Length: 30005
2024-07-03 21:35:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-03 21:35:36 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49749	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:46 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 6b 55 47 51 64 45 41 49 55 75 74 2b 6c 37 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 34 32 39 65 65 65 31 35 32 66 64 39 62 36 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WkUGQdEAIUut+l7M.1Context: 3429eee152fd9b63
2024-07-03 21:35:46 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:46 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 57 6b 55 47 51 64 45 41 49 55 75 74 2b 6c 37 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 34 32 39 65 65 65 31 35 32 66 64 39 62 36 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: WkUGQdEAIUut+l7M.2Context: 3429eee152fd9b63<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:46 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 6b 55 47 51 64 45 41 49 55 75 74 2b 6c 37 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 34 32 39 65 65 65 31 35 32 66 64 39 62 36 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WkUGQdEAIUut+l7M.3Context: 3429eee152fd9b63<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:35:46 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:46 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 47 2f 2b 46 6e 67 63 52 45 6d 77 4d 66 68 6d 36 2f 6a 68 36 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hG/+FngcREmwMfhm6/jh6Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49751	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:35:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 6e 52 68 74 55 31 6e 51 55 75 71 6c 78 69 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 65 39 65 61 37 34 36 34 37 39 32 62 30 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2nRhtU1nQUuqlxiR.1Context: b9e9ea7464792b02
2024-07-03 21:35:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:35:54 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 32 6e 52 68 74 55 31 6e 51 55 75 71 6c 78 69 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 65 39 65 61 37 34 36 34 37 39 32 62 30 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 2nRhtU1nQUuqlxiR.2Context: b9e9ea7464792b02<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:35:54 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 32 6e 52 68 74 55 31 6e 51 55 75 71 6c 78 69 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 39 65 39 65 61 37 34 36 34 37 39 32 62 30 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 2nRhtU1nQUuqlxiR.3Context: b9e9ea7464792b02
2024-07-03 21:35:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:35:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6b 72 57 53 58 6b 31 59 44 45 43 4e 65 41 73 67 76 50 44 59 6b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: krWSXk1YDECNeAsgvPDYkw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49754	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:36:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 64 46 62 39 4f 45 41 69 30 53 47 6f 76 32 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 32 36 39 66 30 31 38 38 65 31 38 61 64 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: udFb9OEAi0SGov2g.1Context: 63269f0188e18ad3
2024-07-03 21:36:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:36:18 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 75 64 46 62 39 4f 45 41 69 30 53 47 6f 76 32 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 32 36 39 66 30 31 38 38 65 31 38 61 64 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: udFb9OEAi0SGov2g.2Context: 63269f0188e18ad3<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:36:18 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 64 46 62 39 4f 45 41 69 30 53 47 6f 76 32 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 33 32 36 39 66 30 31 38 38 65 31 38 61 64 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: udFb9OEAi0SGov2g.3Context: 63269f0188e18ad3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:36:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:36:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 6b 43 66 58 46 5a 39 30 6b 4f 42 38 5a 76 70 46 32 33 73 66 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +kCfXFZ90kOB8ZvpF23sfg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49755	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:36:28 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 61 72 58 58 44 32 75 52 45 71 55 58 35 73 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 33 62 39 66 39 31 34 63 32 62 65 31 31 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: sarXXD2uREqUX5sK.1Context: 873b9f914c2be119
2024-07-03 21:36:28 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:36:28 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 73 61 72 58 58 44 32 75 52 45 71 55 58 35 73 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 33 62 39 66 39 31 34 63 32 62 65 31 31 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: sarXXD2uREqUX5sK.2Context: 873b9f914c2be119<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:36:28 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 73 61 72 58 58 44 32 75 52 45 71 55 58 35 73 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 37 33 62 39 66 39 31 34 63 32 62 65 31 31 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: sarXXD2uREqUX5sK.3Context: 873b9f914c2be119
2024-07-03 21:36:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:36:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2f 4d 31 77 51 6d 52 2f 69 55 53 6d 4f 56 30 31 57 69 74 37 78 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: /M1wQmR/iUSmOV01Wit7xg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49756	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:36:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 66 56 71 37 55 38 70 2b 45 71 69 56 74 53 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 65 64 64 38 30 34 38 36 34 65 61 39 39 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: OfVq7U8p+EqiVtSn.1Context: 23edd804864ea993
2024-07-03 21:36:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:36:58 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4f 66 56 71 37 55 38 70 2b 45 71 69 56 74 53 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 65 64 64 38 30 34 38 36 34 65 61 39 39 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: OfVq7U8p+EqiVtSn.2Context: 23edd804864ea993<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:36:58 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 66 56 71 37 55 38 70 2b 45 71 69 56 74 53 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 65 64 64 38 30 34 38 36 34 65 61 39 39 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: OfVq7U8p+EqiVtSn.3Context: 23edd804864ea993<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-03 21:36:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:36:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 56 66 45 4e 39 6c 69 53 46 45 65 37 58 4c 39 5a 6f 43 69 4b 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: VfEN9liSFEe7XL9ZoCiKlA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49757	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-03 21:37:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 4b 54 67 70 37 48 61 68 30 65 48 72 63 33 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 66 39 32 34 30 36 35 38 33 39 36 35 62 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 8KTgp7Hah0eHrc3W.1Context: d0f92406583965b2
2024-07-03 21:37:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-03 21:37:22 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 38 4b 54 67 70 37 48 61 68 30 65 48 72 63 33 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 66 39 32 34 30 36 35 38 33 39 36 35 62 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 72 62 76 48 58 4d 74 43 7a 71 4e 49 54 4c 77 43 7a 77 6f 4f 33 54 57 64 77 70 66 76 56 4a 37 59 4a 75 6c 6b 38 37 44 30 38 37 55 55 6e 65 72 74 53 79 31 62 33 70 6b 41 49 4c 70 75 32 61 48 59 6c 62 75 4e 36 6a 64 4e 68 59 42 65 79 4f 61 73 61 63 50 6b 47 79 79 6d 62 77 47 44 6e 2b 47 36 7a 2f 35 45 79 35 6b 79 42 73 76 59 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 8KTgp7Hah0eHrc3W.2Context: d0f92406583965b2<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAerbvHXMtCzqNITLwCzwoO3TWdwpfvVJ7YJulk87D087UUnertSy1b3pkAILpu2aHYlbuN6jdNhYBeyOasacPkGyymbwGDn+G6z/5Ey5kyBsvY
2024-07-03 21:37:22 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 38 4b 54 67 70 37 48 61 68 30 65 48 72 63 33 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 66 39 32 34 30 36 35 38 33 39 36 35 62 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 8KTgp7Hah0eHrc3W.3Context: d0f92406583965b2
2024-07-03 21:37:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-03 21:37:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 76 4a 75 41 71 42 46 55 30 32 6c 77 59 58 77 4d 6e 44 33 79 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XvJuAqBFU02lwYXwMnD3yg.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6484, Parent PID: 5908

General

Target ID:	0
Start time:	17:34:36
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Hirepool Finance Report.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6112, Parent PID: 6484

General

Target ID:	2
Start time:	17:34:41
Start date:	03/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2136,i,10338269528735008511,460773570327190873,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Hirepool Finance Report.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6484, Parent PID: 5908

General

Chronological Activities

Analysis Process: chrome.exePID: 6112, Parent PID: 6484

General

Chronological Activities

Disassembly

Windows Analysis Report
Hirepool Finance Report.html