Edit tour

Windows Analysis Report
FEDEX234598765.html

Overview

General Information

Sample name:	FEDEX234598765.html
Analysis ID:	1575146
MD5:	faefeb35bb7b0da6a272a0024b86a66a
SHA1:	1fd7b8648c4be0bee2015330e4a510ccad7994e8
SHA256:	1d3ff54b0c9dcdd0ed770831b7570fe44c932648c57d686e68583a8582fca97f
Tags:	CVE-2024-38213htmluser-threatinte1
Infos:

Detection

WinSearchAbuse

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected WinSearchAbuse

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\FEDEX234598765.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2240,i,9691722367303139419,9418863543842077403,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
FEDEX234598765.html	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_WinSearchAbuse	Yara detected WinSearchAbuse	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: FEDEX234598765.html	Virustotal: Detection: 29%			Perma Link
Source: FEDEX234598765.html	ReversingLabs: Detection: 18%

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50009 version: TLS 1.2

Software Vulnerabilities

Yara detected WinSearchAbuse

Source: Yara match	File source: FEDEX234598765.html, type: SAMPLE
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Source: Joe Sandbox View	IP Address: 68.183.112.81 68.183.112.81
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190

Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1Host: winaero.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: winaero.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: FEDEX234598765.html

String found in binary or memory: https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50009 version: TLS 1.2

Source: classification engine

Classification label: mal56.expl.winHTML@26/3@6/4

Source: FEDEX234598765.html	Virustotal: Detection: 29%
Source: FEDEX234598765.html	ReversingLabs: Detection: 18%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\FEDEX234598765.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2240,i,9691722367303139419,9418863543842077403,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2240,i,9691722367303139419,9418863543842077403,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
FEDEX234598765.html	30%	Virustotal		Browse
FEDEX234598765.html	18%	ReversingLabs	Document-HTML.Exploit.Generic

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/FEDEX234598765.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
winaero.com	68.183.112.81	true	false		high
www.google.com	172.217.19.228	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png	false		high
file:///C:/Users/user/Desktop/FEDEX234598765.html	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
68.183.112.81	winaero.com	United States	14061	DIGITALOCEAN-ASNUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575146
Start date and time:	2024-12-14 14:27:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FEDEX234598765.html
Detection:	MAL
Classification:	mal56.expl.winHTML@26/3@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.99, 64.233.163.84, 172.217.19.206, 172.217.17.46, 172.217.19.202, 172.217.19.10, 172.217.19.170, 172.217.19.234, 142.250.181.42, 172.217.21.42, 172.217.17.42, 142.250.181.106, 142.250.181.138, 216.58.208.234, 172.217.17.74, 142.250.181.74, 142.250.181.10, 192.229.221.95, 2.22.50.131, 142.250.181.142, 172.217.17.35, 184.28.90.27, 13.107.246.63, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: file:///C:/Users/user/Desktop/FEDEX234598765.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "C80VBSA7YMESPYTVSA", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_security_alerts": false }

URL: file:///C:/Users/user/Desktop/FEDEX234598765.html Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
68.183.112.81	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse
	RUCkZvoDjG.htm	Get hash	malicious	WinSearchAbuse	Browse
	Belegdetails Nr378-938-027181-PDF.html	Get hash	malicious	WinSearchAbuse	Browse
	SFaLIQYuEV.htm	Get hash	malicious	WinSearchAbuse	Browse
	8xOax9866X.htm	Get hash	malicious	WinSearchAbuse	Browse
	uioLmjrj4F.htm	Get hash	malicious	WinSearchAbuse	Browse
	1ZFDEXA938MKSUBA.html	Get hash	malicious	WinSearchAbuse	Browse
	1ZFDEXA938MKSUBA.html	Get hash	malicious	WinSearchAbuse	Browse
	1ZFDEXA938MKSUBASJKA.svg	Get hash	malicious	WinSearchAbuse	Browse
	11sds_Invoice_9334749.html	Get hash	malicious	WinSearchAbuse	Browse
239.255.255.250	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2F7T2aAE-SUREDANNYWthbnNoYS5rYW5vZGlhQGx0aW1pbmR0cmVlLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://publuu.com/flip-book/749011/1660718	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	https://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3D	Get hash	malicious	Unknown	Browse
	Documents.pdf	Get hash	malicious	Remcos, DBatLoader	Browse
	http://vzgb5l.elnk8.com/83885021a686e36f9150aaf51cbc0afdh	Get hash	malicious	Unknown	Browse
	https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=document	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
winaero.com	https://listafrica.org/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	RUCkZvoDjG.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	Belegdetails Nr378-938-027181-PDF.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	SFaLIQYuEV.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	8xOax9866X.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	uioLmjrj4F.htm	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	1ZFDEXA938MKSUBA.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	1ZFDEXA938MKSUBA.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	1ZFDEXA938MKSUBASJKA.svg	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81
	11sds_Invoice_9334749.html	Get hash	malicious	WinSearchAbuse	Browse	68.183.112.81

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DIGITALOCEAN-ASNUS	build.msi	Get hash	malicious	Unknown	Browse	104.131.68.180
	svhost.vbs	Get hash	malicious	Unknown	Browse	157.245.101.141
	https://google.co.ve/url?6q=tlqq0rdJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fwdsoft.com.br%2f7yoya/ngr2j14j20ovor/ZGF2aWQucm90aGJ1cm5AcXVpbHRlcmNoZXZpb3QuY29t	Get hash	malicious	HTMLPhisher	Browse	46.101.100.125
	https://shinybnb.ch/wp-includes/ms_doc.html	Get hash	malicious	HTMLPhisher	Browse	134.209.237.210
	https://url.uk.m.mimecastprotect.com/s/M6w3C3217fpmROkSqhLIQi7Bl?domain=google.co.ve	Get hash	malicious	HTMLPhisher	Browse	46.101.100.125
	System.exe	Get hash	malicious	Quasar	Browse	165.227.31.192
	Client-built.exe	Get hash	malicious	Quasar	Browse	67.205.154.243
	j87MOFviv4.lnk	Get hash	malicious	Unknown	Browse	157.245.101.141
	DvGZE4FU02.lnk	Get hash	malicious	Unknown	Browse	157.245.101.141
	j3z5kxxt52.lnk	Get hash	malicious	Unknown	Browse	157.245.101.141

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	3edTbzftGf.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	20.198.118.190
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	20.198.118.190
	PO_0099822111ORDER.js	Get hash	malicious	Remcos	Browse	20.198.118.190
	Shipment 990847575203.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	20.198.118.190
	file.exe	Get hash	malicious	XWorm	Browse	20.198.118.190
	gjvU5KOFhX.exe	Get hash	malicious	Discord Token Stealer, Millenuim RAT	Browse	20.198.118.190
	svhost.vbs	Get hash	malicious	Unknown	Browse	20.198.118.190
	hvqc3lk7ly.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	20.198.118.190
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	20.198.118.190
	adv.ps1	Get hash	malicious	LummaC	Browse	20.198.118.190

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	7584
Entropy (8bit):	7.771402547890117
Encrypted:	false
SSDEEP:	192:kwSfH4IraPynWHFxRJkWLY6LiCD7LG7b2yqQwPOFb:kwSP4IEynWxJk6H2gLWqPQF
MD5:	17956A7275630ED70C693A72B11E67F3
SHA1:	AA600A8D3F3026816674F7DCA1D1FAE6651AEDD6
SHA-256:	96E34D83AD7BBB7ECF150EA8DAC6544F9AB2A6FC7BD40D8300CF6D4CD7679DD2
SHA-512:	CAA7428CA8C5ADAA405FE6E95F64992482A590B6452EE94040E0BF80E1F167000609D9795281EDA3CED0C9CD00D489F620A44E8FCC4E9C4963590D4E245384F2
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png
Preview:	.PNG........IHDR.............\r.f....pHYs...........~....RIDATx..]K.e.U.U]v.u.i..J.d....Et#!.p.....I&.e..H.!..d.#ELq.Hd..0...b......x.1....E.....zos.......>.{.kI.U].[...^....3.....&>....................... ...@............................ ...@............................ ...@............................ ...@........c+..666..M~t.j..S.......>r5.7_.....W...;..#..`..M~...4..R.....lx...vC.w.Q..%.&.i...\|]..)...>....A.Y=.&...../.VJ.m>.[.(.d..+.8^..".6........2.W....=d.@..pl.!....c..Go>..oc.....).>..G&..W.....$....n.c....%....$...... .`.............@.@.[}..?.'..~........U#.j..?...@..L..@. .............-\|.#..ct...n.O?{K. .....r.....w~r<.]..x...........}...%.....\|...z..s....+.ic.R.5....2..e....~......4........@.........H..jV.T.`.}..}..o0Ki.._7$pw...........T......-...P8A../......y......._...=.?.._J.-.O..O...........~..H.........f..{.........Vb..........6S`..7..D$..@;~..2..@..g...o...U...d.......TR...........1.sf..[..../..!x2.....&h$.?[.....^....../..k.....M?.k

Static File Info

General

File type:	data
Entropy (8bit):	0.029014353051822386
TrID:
File name:	FEDEX234598765.html
File size:	355'328 bytes
MD5:	faefeb35bb7b0da6a272a0024b86a66a
SHA1:	1fd7b8648c4be0bee2015330e4a510ccad7994e8
SHA256:	1d3ff54b0c9dcdd0ed770831b7570fe44c932648c57d686e68583a8582fca97f
SHA512:	bd1fa9994a9e3a5b7d5338bded165c63944e6095f5224fe103846ad4f733037582ffc51d3b2c912049cd2921ec63f269f2cdd549e533458c2e19e7aa8f3f9fce
SSDEEP:	6:aO+3Q21JOAZBvbLAqtybbTJOAZBvbLPMpnMRJVikI8CFC1fpP8NAL4vFC8unAs8N:FF21pDgqunpDv8MxiknjaSGz7jaSmf
TLSH:	1474D1B711D91824E6718A79C4A9369CF651804BB1893E22718A03DB4FB069F4843299
File Content Preview:	<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png">....<meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> .. <title>C80VBSA7YMF8PYTVSA</title>.... <m

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2024 14:28:00.114320993 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.114386082 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.114423037 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.114459038 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.114772081 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:00.118447065 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:00.238435030 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.665538073 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.666899920 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:00.666990995 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:00.666990995 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:00.787113905 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.787156105 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.787192106 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:00.957825899 CET	49673	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:00.957954884 CET	49674	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:01.213076115 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:01.254626036 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:01.285943031 CET	49672	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:01.404973984 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:01.405832052 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:01.525651932 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:01.951848984 CET	443	49706	20.198.119.84	192.168.2.6
Dec 14, 2024 14:28:02.004698038 CET	49706	443	192.168.2.6	20.198.119.84
Dec 14, 2024 14:28:08.556416035 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:08.556485891 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:08.556602955 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:08.557229042 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:08.557250023 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:08.946234941 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.946280956 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:08.946346045 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.946508884 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.946585894 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:08.946649075 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.946850061 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.946868896 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:08.947185993 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:08.947217941 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.517843962 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.518059969 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.518074036 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.519726038 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.519808054 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.520628929 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.520728111 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.520773888 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.525284052 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.526613951 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.526629925 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.528207064 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.528409004 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.529225111 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.529314041 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.563412905 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.565785885 CET	49673	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:10.627823114 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.627825975 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.627840996 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.627856970 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.627887011 CET	49674	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:10.674669027 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.674700022 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.805156946 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:10.805233002 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:10.808846951 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:10.808861971 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:10.809197903 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:10.810796976 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:10.810859919 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:10.810866117 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:10.810959101 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:10.838557005 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838604927 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838630915 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838670969 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838675976 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.838728905 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838764906 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.838764906 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.838820934 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.838880062 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.839397907 CET	49716	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.839431047 CET	443	49716	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.855344057 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:10.893438101 CET	49672	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:10.985544920 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.985618114 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:10.985701084 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.985955954 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:10.985985994 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:11.476917028 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:11.477042913 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:11.477125883 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:11.477293015 CET	49710	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:11.477312088 CET	443	49710	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:12.201153040 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.201517105 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.201575994 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.205126047 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.205209017 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.205513000 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.205647945 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.205686092 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.252774954 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.252800941 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.315776110 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.473745108 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:12.473795891 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:12.473867893 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:12.474040985 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:12.474057913 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:12.637531996 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637612104 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637634039 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637655973 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637682915 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.637732983 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637764931 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.637839079 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:12.637897015 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.638382912 CET	49718	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:12.638416052 CET	443	49718	68.183.112.81	192.168.2.6
Dec 14, 2024 14:28:13.280695915 CET	443	49702	173.222.162.64	192.168.2.6
Dec 14, 2024 14:28:13.280783892 CET	49702	443	192.168.2.6	173.222.162.64
Dec 14, 2024 14:28:14.176986933 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:14.177197933 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:14.177225113 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:14.178867102 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:14.178949118 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:14.179837942 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:14.179929972 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:14.222028017 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:14.222037077 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:14.268896103 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:20.574121952 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:20.574177980 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:20.574300051 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:20.574873924 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:20.574906111 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:22.808476925 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:22.808610916 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:22.812125921 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:22.812139034 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:22.812532902 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:22.815239906 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:22.815498114 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:22.815507889 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:22.815778971 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:22.859333038 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:23.362133026 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:23.362318039 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:23.362397909 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:23.362560034 CET	49738	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:23.362577915 CET	443	49738	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:23.867489100 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:23.867546082 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:23.867631912 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:24.423121929 CET	49721	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:28:24.423187017 CET	443	49721	172.217.19.228	192.168.2.6
Dec 14, 2024 14:28:32.950454950 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:32.950480938 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:32.950551033 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:32.951132059 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:32.951143980 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.172848940 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.172988892 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.178131104 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.178158998 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.178606987 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.181912899 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.181977987 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.181989908 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.182136059 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.223341942 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.735091925 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.735306978 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:35.735383034 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.735539913 CET	49776	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:35.735558033 CET	443	49776	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:48.168431997 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:48.168461084 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:48.168559074 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:48.169187069 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:48.169199944 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:50.429644108 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:50.429943085 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:50.432065010 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:50.432074070 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:50.433114052 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:50.434953928 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:50.435019970 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:50.435024977 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:50.435151100 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:50.475373030 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:51.100356102 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:51.100550890 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:51.100677013 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:51.101190090 CET	49809	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:28:51.101232052 CET	443	49809	20.198.118.190	192.168.2.6
Dec 14, 2024 14:28:55.628609896 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:28:55.628626108 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:29:10.630294085 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:29:10.630378008 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:29:10.630490065 CET	443	49715	68.183.112.81	192.168.2.6
Dec 14, 2024 14:29:10.630543947 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:29:10.630543947 CET	49715	443	192.168.2.6	68.183.112.81
Dec 14, 2024 14:29:11.746356964 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:11.746386051 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:11.746479988 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:11.747102022 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:11.747114897 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:12.395946980 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:12.395971060 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:12.396039009 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:12.396338940 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:12.396351099 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:13.979485035 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:13.979574919 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:13.981386900 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:13.981398106 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:13.981825113 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:13.983597040 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:13.984338045 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:13.984344959 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:13.984510899 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:14.027364016 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:14.094247103 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:14.094579935 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:14.094610929 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:14.095283031 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:14.095583916 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:14.095674038 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:14.144278049 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:14.755779982 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:14.757903099 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:14.757982969 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:14.758138895 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:14.758164883 CET	443	49865	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:14.758179903 CET	49865	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:23.788680077 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:23.788820982 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:23.789022923 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:24.630819082 CET	49867	443	192.168.2.6	172.217.19.228
Dec 14, 2024 14:29:24.630867004 CET	443	49867	172.217.19.228	192.168.2.6
Dec 14, 2024 14:29:37.279078007 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:37.279165030 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:37.279335976 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:37.280009031 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:37.280091047 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:39.512420893 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:39.512576103 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:39.514513016 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:39.514529943 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:39.515310049 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:39.517076969 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:39.517138004 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:39.517148972 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:39.517266035 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:39.559329033 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:40.195797920 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:40.196033955 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:40.196187019 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:40.196228981 CET	49924	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:29:40.196247101 CET	443	49924	20.198.118.190	192.168.2.6
Dec 14, 2024 14:29:41.019495964 CET	49701	443	192.168.2.6	40.126.53.18
Dec 14, 2024 14:29:41.019691944 CET	49703	80	192.168.2.6	199.232.210.172
Dec 14, 2024 14:29:41.140464067 CET	443	49701	40.126.53.18	192.168.2.6
Dec 14, 2024 14:29:41.140496016 CET	80	49703	199.232.210.172	192.168.2.6
Dec 14, 2024 14:29:41.140536070 CET	49701	443	192.168.2.6	40.126.53.18
Dec 14, 2024 14:29:41.140588045 CET	49703	80	192.168.2.6	199.232.210.172
Dec 14, 2024 14:29:46.754044056 CET	49705	443	192.168.2.6	40.126.53.18
Dec 14, 2024 14:29:46.874197006 CET	443	49705	40.126.53.18	192.168.2.6
Dec 14, 2024 14:29:46.874285936 CET	49705	443	192.168.2.6	40.126.53.18
Dec 14, 2024 14:30:10.032526016 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:10.032624006 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:10.032939911 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:10.033341885 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:10.033400059 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.265400887 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.265790939 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.268054008 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.268109083 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.268902063 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.271617889 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.271617889 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.271727085 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.271763086 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.315366030 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.818979979 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.819169044 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:12.819417000 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:12.819417953 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:13.129030943 CET	50002	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:13.129102945 CET	443	50002	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:52.590511084 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:52.590647936 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:52.590768099 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:52.591346025 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:52.591387987 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:54.841029882 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:54.841196060 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:54.843069077 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:54.843084097 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:54.843899965 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:54.845849037 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:54.845906973 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:54.845916986 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:54.846054077 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:54.891343117 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:55.392895937 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:55.393053055 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:55.393522978 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:55.393569946 CET	443	50009	20.198.118.190	192.168.2.6
Dec 14, 2024 14:30:55.393596888 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:55.393596888 CET	50009	443	192.168.2.6	20.198.118.190
Dec 14, 2024 14:30:55.393609047 CET	443	50009	20.198.118.190	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2024 14:28:08.342055082 CET	53	51652	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:08.385243893 CET	56342	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:08.385430098 CET	61620	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:08.430877924 CET	53	53555	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:08.945000887 CET	53	56342	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:08.945501089 CET	53	61620	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:10.844677925 CET	63359	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:10.844994068 CET	56152	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:10.983812094 CET	53	63359	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:10.985150099 CET	53	56152	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:11.208261967 CET	53	59071	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:11.407630920 CET	53	52353	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:12.332479000 CET	52703	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:12.333462954 CET	61277	53	192.168.2.6	1.1.1.1
Dec 14, 2024 14:28:12.471215010 CET	53	61277	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:12.472949982 CET	53	52703	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:28.162477016 CET	53	51020	1.1.1.1	192.168.2.6
Dec 14, 2024 14:28:46.909266949 CET	53	50447	1.1.1.1	192.168.2.6
Dec 14, 2024 14:29:08.100667953 CET	53	49593	1.1.1.1	192.168.2.6
Dec 14, 2024 14:29:09.533248901 CET	53	64007	1.1.1.1	192.168.2.6
Dec 14, 2024 14:29:40.647697926 CET	53	53650	1.1.1.1	192.168.2.6
Dec 14, 2024 14:30:25.582165956 CET	53	52075	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 14, 2024 14:28:08.385243893 CET	192.168.2.6	1.1.1.1	0xa76b	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 14:28:08.385430098 CET	192.168.2.6	1.1.1.1	0xed32	Standard query (0)	winaero.com	65	IN (0x0001)	false
Dec 14, 2024 14:28:10.844677925 CET	192.168.2.6	1.1.1.1	0xbb8c	Standard query (0)	winaero.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 14:28:10.844994068 CET	192.168.2.6	1.1.1.1	0x9f85	Standard query (0)	winaero.com	65	IN (0x0001)	false
Dec 14, 2024 14:28:12.332479000 CET	192.168.2.6	1.1.1.1	0xbf9e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 14, 2024 14:28:12.333462954 CET	192.168.2.6	1.1.1.1	0x93f1	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 14, 2024 14:28:08.945000887 CET	1.1.1.1	192.168.2.6	0xa76b	No error (0)	winaero.com	68.183.112.81	A (IP address)	IN (0x0001)	false
Dec 14, 2024 14:28:10.983812094 CET	1.1.1.1	192.168.2.6	0xbb8c	No error (0)	winaero.com	68.183.112.81	A (IP address)	IN (0x0001)	false
Dec 14, 2024 14:28:12.471215010 CET	1.1.1.1	192.168.2.6	0x93f1	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 14, 2024 14:28:12.472949982 CET	1.1.1.1	192.168.2.6	0xbf9e	No error (0)	www.google.com	172.217.19.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

winaero.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	68.183.112.81	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:10 UTC	582	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 13:28:10 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 13:28:10 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Sat, 14 Dec 2024 13:28:09 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2024-12-14 13:28:10 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49710	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 41 54 64 58 68 45 69 79 30 4f 4d 68 56 59 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 61 32 37 64 30 65 35 66 61 66 30 38 62 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7ATdXhEiy0OMhVYP.1Context: 1ba27d0e5faf08bf
2024-12-14 13:28:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:28:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 41 54 64 58 68 45 69 79 30 4f 4d 68 56 59 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 61 32 37 64 30 65 35 66 61 66 30 38 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7ATdXhEiy0OMhVYP.2Context: 1ba27d0e5faf08bf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:28:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 41 54 64 58 68 45 69 79 30 4f 4d 68 56 59 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 61 32 37 64 30 65 35 66 61 66 30 38 62 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7ATdXhEiy0OMhVYP.3Context: 1ba27d0e5faf08bf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:28:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:28:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 4d 37 68 58 43 73 44 76 45 61 4b 51 47 38 39 42 4c 41 54 49 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +M7hXCsDvEaKQG89BLATIg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49718	68.183.112.81	443	4144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:12 UTC	382	OUT	GET /blog/wp-content/uploads/2016/05/build-10158.png HTTP/1.1 Host: winaero.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-14 13:28:12 UTC	338	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 14 Dec 2024 13:28:12 GMT Content-Type: image/png Content-Length: 7584 Last-Modified: Sat, 28 May 2016 14:51:48 GMT Connection: close ETag: "5749b084-1da0" Expires: Sat, 14 Dec 2024 13:28:11 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
2024-12-14 13:28:12 UTC	7584	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 1d 52 49 44 41 54 78 da ed 5d 4b 8c 65 d7 55 dd 55 5d 76 07 75 bb 69 07 c9 4a 83 64 1c c4 c0 04 45 74 23 21 84 70 a4 b6 c5 10 c5 49 26 01 65 d2 99 10 48 06 21 83 84 64 84 23 45 4c 71 a4 48 64 96 0e 30 b7 8d 19 62 d2 0a 03 04 93 ee 78 14 31 f0 0f 85 04 45 0e ed ee fa bf 7a 6f 73 ef eb fa bc ba ef 9c b3 f7 3e bf 7b df bb 6b 49 d5 55 5d ef 5b ef de bd ce 5e eb ec bd ef 06 33 13 00 00 e3 c4 26 3e 02 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 08 00 00 00 10 00 00 00 20 00 00 00 40 00 00 00 80 00 00 Data Ascii: PNGIHDR\rfpHYs~RIDATx]KeUU]vuiJdEt#!pI&eH!d#ELqHd0bx1Ezos>{kIU][^3&> @ @

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49738	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 7a 39 62 42 4f 39 64 2b 55 4f 38 63 63 62 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 64 36 32 65 30 33 37 31 36 37 65 32 34 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Yz9bBO9d+UO8ccbu.1Context: 2dd62e037167e249
2024-12-14 13:28:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:28:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 59 7a 39 62 42 4f 39 64 2b 55 4f 38 63 63 62 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 64 36 32 65 30 33 37 31 36 37 65 32 34 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Yz9bBO9d+UO8ccbu.2Context: 2dd62e037167e249<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:28:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 7a 39 62 42 4f 39 64 2b 55 4f 38 63 63 62 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 64 36 32 65 30 33 37 31 36 37 65 32 34 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Yz9bBO9d+UO8ccbu.3Context: 2dd62e037167e249<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:28:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:28:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 52 6d 4a 4a 49 30 69 37 2f 6b 71 79 77 6d 4d 61 53 70 4c 31 6d 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: RmJJI0i7/kqywmMaSpL1mA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49776	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 72 43 61 67 42 66 6e 2f 66 55 6d 65 36 6b 57 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 37 30 38 37 33 35 62 30 33 34 30 65 38 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: rCagBfn/fUme6kWG.1Context: c3708735b0340e80
2024-12-14 13:28:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:28:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 72 43 61 67 42 66 6e 2f 66 55 6d 65 36 6b 57 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 37 30 38 37 33 35 62 30 33 34 30 65 38 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: rCagBfn/fUme6kWG.2Context: c3708735b0340e80<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:28:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 72 43 61 67 42 66 6e 2f 66 55 6d 65 36 6b 57 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 37 30 38 37 33 35 62 30 33 34 30 65 38 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: rCagBfn/fUme6kWG.3Context: c3708735b0340e80<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:28:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:28:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 73 54 6b 76 48 32 6d 31 46 30 6d 46 65 48 6c 62 64 76 62 41 78 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: sTkvH2m1F0mFeHlbdvbAxA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49809	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:28:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 4a 62 53 54 76 6d 67 38 55 57 43 44 78 76 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 37 35 37 32 34 32 39 39 34 39 32 36 63 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7JbSTvmg8UWCDxvf.1Context: b2757242994926c7
2024-12-14 13:28:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:28:50 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 4a 62 53 54 76 6d 67 38 55 57 43 44 78 76 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 37 35 37 32 34 32 39 39 34 39 32 36 63 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7JbSTvmg8UWCDxvf.2Context: b2757242994926c7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:28:50 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 4a 62 53 54 76 6d 67 38 55 57 43 44 78 76 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 37 35 37 32 34 32 39 39 34 39 32 36 63 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7JbSTvmg8UWCDxvf.3Context: b2757242994926c7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:28:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:28:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 64 4b 55 50 42 59 73 75 45 4b 71 35 77 55 4a 74 55 43 67 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ZdKUPBYsuEKq5wUJtUCg/A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49865	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:29:13 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 4f 44 37 69 36 57 6d 39 6b 4b 68 72 79 5a 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 38 65 36 30 36 66 30 35 62 39 64 66 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: qOD7i6Wm9kKhryZG.1Context: 748e606f05b9df38
2024-12-14 13:29:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:29:13 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 71 4f 44 37 69 36 57 6d 39 6b 4b 68 72 79 5a 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 38 65 36 30 36 66 30 35 62 39 64 66 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: qOD7i6Wm9kKhryZG.2Context: 748e606f05b9df38<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:29:13 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 4f 44 37 69 36 57 6d 39 6b 4b 68 72 79 5a 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 38 65 36 30 36 66 30 35 62 39 64 66 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: qOD7i6Wm9kKhryZG.3Context: 748e606f05b9df38<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:29:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:29:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 47 64 75 54 47 47 57 69 6b 69 37 32 63 46 6b 6d 4d 4f 6c 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wGduTGGWiki72cFkmMOloA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49924	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:29:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 76 44 6c 34 30 38 4a 6f 77 30 61 33 2b 65 4b 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 64 31 66 32 34 65 31 38 35 30 61 31 65 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: vDl408Jow0a3+eKT.1Context: 43d1f24e1850a1e3
2024-12-14 13:29:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:29:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 76 44 6c 34 30 38 4a 6f 77 30 61 33 2b 65 4b 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 64 31 66 32 34 65 31 38 35 30 61 31 65 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: vDl408Jow0a3+eKT.2Context: 43d1f24e1850a1e3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:29:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 76 44 6c 34 30 38 4a 6f 77 30 61 33 2b 65 4b 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 64 31 66 32 34 65 31 38 35 30 61 31 65 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: vDl408Jow0a3+eKT.3Context: 43d1f24e1850a1e3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:29:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:29:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4b 43 44 77 4f 68 33 49 76 30 75 78 73 4c 64 74 74 33 38 69 57 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: KCDwOh3Iv0uxsLdtt38iWA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	50002	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:30:12 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 47 53 56 66 7a 72 34 31 45 2b 77 59 52 58 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 64 32 37 35 35 66 33 61 37 64 64 62 33 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: VGSVfzr41E+wYRXG.1Context: 50d2755f3a7ddb3b
2024-12-14 13:30:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:30:12 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 47 53 56 66 7a 72 34 31 45 2b 77 59 52 58 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 64 32 37 35 35 66 33 61 37 64 64 62 33 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VGSVfzr41E+wYRXG.2Context: 50d2755f3a7ddb3b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:30:12 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 47 53 56 66 7a 72 34 31 45 2b 77 59 52 58 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 30 64 32 37 35 35 66 33 61 37 64 64 62 33 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: VGSVfzr41E+wYRXG.3Context: 50d2755f3a7ddb3b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:30:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:30:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 52 4c 4d 77 41 6d 6c 6d 30 75 39 44 5a 68 6e 55 73 56 61 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YRLMwAmlm0u9DZhnUsVaiA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	50009	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-14 13:30:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 59 54 63 4a 4e 74 4e 6b 55 4f 72 4a 62 31 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 38 63 62 33 31 39 62 36 65 61 36 32 36 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DYTcJNtNkUOrJb1N.1Context: f98cb319b6ea626a
2024-12-14 13:30:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-14 13:30:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 59 54 63 4a 4e 74 4e 6b 55 4f 72 4a 62 31 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 38 63 62 33 31 39 62 36 65 61 36 32 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 58 34 48 43 52 6c 4b 78 59 59 75 57 4b 61 73 6f 55 47 6e 55 51 61 39 38 56 7a 51 6b 74 62 79 31 4c 54 64 6d 79 6e 7a 49 4a 6d 77 49 2f 65 35 5a 68 39 6a 45 64 4d 4e 5a 76 45 49 53 32 46 4f 62 43 6c 4d 67 76 6f 57 74 67 4d 64 50 64 68 56 62 59 36 68 57 79 4d 4c 58 72 38 42 35 39 4b 57 55 4d 36 49 69 4d 71 6d 5a 6a 51 30 62 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DYTcJNtNkUOrJb1N.2Context: f98cb319b6ea626a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAdX4HCRlKxYYuWKasoUGnUQa98VzQktby1LTdmynzIJmwI/e5Zh9jEdMNZvEIS2FObClMgvoWtgMdPdhVbY6hWyMLXr8B59KWUM6IiMqmZjQ0b
2024-12-14 13:30:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 59 54 63 4a 4e 74 4e 6b 55 4f 72 4a 62 31 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 38 63 62 33 31 39 62 36 65 61 36 32 36 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: DYTcJNtNkUOrJb1N.3Context: f98cb319b6ea626a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-14 13:30:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-14 13:30:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 34 61 4b 45 46 63 45 62 45 75 70 6c 4b 4c 63 74 68 52 69 6a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: r4aKEFcEbEuplKLcthRijA.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4996, Parent PID: 6044

General

Target ID:	2
Start time:	08:28:03
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\FEDEX234598765.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4144, Parent PID: 4996

General

Target ID:	4
Start time:	08:28:06
Start date:	14/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2240,i,9691722367303139419,9418863543842077403,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FEDEX234598765.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4996, Parent PID: 6044

General

Chronological Activities

Analysis Process: chrome.exePID: 4144, Parent PID: 4996

General

Chronological Activities

Disassembly

Windows Analysis Report
FEDEX234598765.html