Edit tour

Windows Analysis Report
http://reprogrammation-mondialrelay.info

Overview

General Information

Sample URL:	http://reprogrammation-mondialrelay.info
Analysis ID:	1580463
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2192,i,2191230920324930326,6226228881707209879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reprogrammation-mondialrelay.info" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 24 Dec 2024 15:25:18 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Tue, 24 Dec 2024 12:19:33 GMTETag: "328-62a03202e49ce"Accept-Ranges: bytes

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749

Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49897 version: TLS 1.2

Source: classification engine

Classification label: sus20.win@17/2@8/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2192,i,2191230920324930326,6226228881707209879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reprogrammation-mondialrelay.info"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2192,i,2191230920324930326,6226228881707209879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://reprogrammation-mondialrelay.info	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://reprogrammation-mondialrelay.info/	0%	Avira URL Cloud	safe
https://reprogrammation-mondialrelay.info/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
reprogrammation-mondialrelay.info	20.117.177.224	true	true		unknown
www.google.com	142.250.181.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://reprogrammation-mondialrelay.info/favicon.ico	false	Avira URL Cloud: safe	unknown
http://reprogrammation-mondialrelay.info/	false	Avira URL Cloud: safe	unknown
https://reprogrammation-mondialrelay.info/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
20.117.177.224	reprogrammation-mondialrelay.info	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580463
Start date and time:	2024-12-24 16:24:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://reprogrammation-mondialrelay.info
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.win@17/2@8/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 142.250.181.142, 173.194.220.84, 192.229.221.95, 199.232.210.172, 172.217.17.46, 172.217.17.35, 13.107.246.63, 23.218.208.109, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://reprogrammation-mondialrelay.info

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://reprogrammation-mondialrelay.info Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://reprogrammation-mondialrelay.info
URL: https://reprogrammation-mondialrelay.info/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://reprogrammation-mondialrelay.info/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	4.9078093738349065
Encrypted:	false
SSDEEP:	24:hYj0XJU5DgGeRpbufLUwDdVJUSdEj7RtiKAo1Mc:PS5gGe/uTUwhVJJEjCKN1h
MD5:	A943672A32297727BAB01C3E76977550
SHA1:	3A667C4B7A457EF6C586CC581D533C128737BF53
SHA-256:	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
SHA-512:	0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
Malicious:	false
Reputation:	low
URL:	https://reprogrammation-mondialrelay.info/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 16:24:56.973845005 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:56.973984957 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:56.980235100 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:56.980245113 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:56.980756998 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:56.982458115 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:56.982626915 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:56.982631922 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:56.982815027 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.023325920 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:57.190668106 CET	49673	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:24:57.268822908 CET	49674	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:24:57.487565994 CET	49672	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:24:57.649352074 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:57.649528027 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:57.649597883 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.649801016 CET	49712	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.649821997 CET	443	49712	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:57.891851902 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.891891003 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:24:57.892009020 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.892694950 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:24:57.892709970 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.142100096 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.142270088 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.146008015 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.146014929 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.146935940 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.150177002 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.150350094 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.150357008 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.150922060 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.195344925 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.815674067 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.815783024 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:00.815840960 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.817251921 CET	49713	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:00.817271948 CET	443	49713	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:04.241951942 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:04.242012024 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:04.242079020 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:04.243163109 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:04.243180037 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.470380068 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.470458984 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:06.472270966 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:06.472285986 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.472673893 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.474175930 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:06.474244118 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:06.474250078 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.474464893 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:06.519340038 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:06.813808918 CET	49673	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:25:06.907562971 CET	49674	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:25:07.095088959 CET	49672	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:25:07.138897896 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:07.139000893 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:07.139062881 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:07.139358997 CET	49714	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:07.139377117 CET	443	49714	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:09.520991087 CET	443	49707	173.222.162.64	192.168.2.6
Dec 24, 2024 16:25:09.521137953 CET	49707	443	192.168.2.6	173.222.162.64
Dec 24, 2024 16:25:09.579371929 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:09.579420090 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:09.579746962 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:09.580292940 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:09.580312967 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.275630951 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.275970936 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:11.275984049 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.276988029 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.277048111 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:11.278390884 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:11.278455019 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.326560974 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:11.326577902 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:11.376029968 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:12.205933094 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:12.205988884 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:12.206060886 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:12.206782103 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:12.206793070 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:12.991322994 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:12.991992950 CET	49743	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:13.111747980 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:13.111845016 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:13.112190008 CET	80	49743	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:13.112250090 CET	49743	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:13.112461090 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:13.232084990 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:14.345459938 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:14.395999908 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:14.428294897 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:14.428376913 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:14.431104898 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:14.431113005 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:14.431461096 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:14.433515072 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:14.433574915 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:14.433581114 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:14.433790922 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:14.479348898 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:14.492182016 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:14.492234945 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:14.492321968 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:14.492557049 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:14.492572069 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.099095106 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:15.099265099 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:15.099342108 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:15.099536896 CET	49741	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:15.099558115 CET	443	49741	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:15.852962971 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.853240013 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:15.853276014 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.854374886 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.854448080 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:15.855568886 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:15.855633020 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.855884075 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:15.855892897 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:15.909930944 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.570492029 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:16.570559025 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:16.570729017 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:16.570758104 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.570813894 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.571644068 CET	49749	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.571676016 CET	443	49749	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:16.653629065 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.653655052 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:16.653742075 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.654042006 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:16.654057026 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:17.616651058 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:17.616695881 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:17.616822958 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:17.617461920 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:17.617479086 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:18.030245066 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.030585051 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:18.030603886 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.031090021 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.031467915 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:18.031555891 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.031647921 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:18.075330973 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.542529106 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.542712927 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:18.542777061 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:18.543962002 CET	49755	443	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:18.543977976 CET	443	49755	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:19.838840961 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:19.838944912 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:19.841087103 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:19.841094017 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:19.841423035 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:19.842689991 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:19.842755079 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:19.842760086 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:19.842866898 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:19.883337975 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:20.389066935 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:20.389170885 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:20.389384031 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:20.389503002 CET	49757	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:20.389518023 CET	443	49757	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:20.974374056 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:20.974436998 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:20.974617004 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:21.800327063 CET	49728	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:25:21.800342083 CET	443	49728	142.250.181.68	192.168.2.6
Dec 24, 2024 16:25:27.686693907 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:27.686721087 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:27.686835051 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:27.687453985 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:27.687467098 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:29.910468102 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:29.910634995 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:29.913922071 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:29.913928986 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:29.914165020 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:29.919392109 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:29.919445992 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:29.919450998 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:29.919569016 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:29.967336893 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:30.465013981 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:30.465249062 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:30.465307951 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:30.466147900 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:30.466154099 CET	443	49785	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:30.466176033 CET	49785	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:38.302215099 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:38.302251101 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:38.302345991 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:38.303005934 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:38.303020000 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:40.967922926 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:40.968041897 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:40.972229958 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:40.972237110 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:40.972454071 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:40.973927021 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:40.973989964 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:40.973994970 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:40.974153996 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:41.019329071 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:41.665563107 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:41.665940046 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:41.666304111 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:41.666335106 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:41.666347027 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:41.666347027 CET	49807	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:41.666356087 CET	443	49807	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:50.901428938 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:50.901468039 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:50.901546001 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:50.902158022 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:50.902170897 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.126774073 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.126948118 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.129251957 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.129261971 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.129465103 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.131664038 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.131746054 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.131750107 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.131980896 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.179337025 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.797096014 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.797353983 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:53.797416925 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.797544003 CET	49837	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:25:53.797552109 CET	443	49837	20.198.119.84	192.168.2.6
Dec 24, 2024 16:25:58.126945019 CET	49743	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:58.247347116 CET	80	49743	20.117.177.224	192.168.2.6
Dec 24, 2024 16:25:59.345722914 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:25:59.465306997 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:26:04.154189110 CET	80	49743	20.117.177.224	192.168.2.6
Dec 24, 2024 16:26:04.154481888 CET	49743	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:26:04.346719027 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:26:04.346906900 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:26:05.798554897 CET	49743	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:26:05.798629999 CET	49742	80	192.168.2.6	20.117.177.224
Dec 24, 2024 16:26:05.918143034 CET	80	49743	20.117.177.224	192.168.2.6
Dec 24, 2024 16:26:05.918168068 CET	80	49742	20.117.177.224	192.168.2.6
Dec 24, 2024 16:26:08.646780014 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:08.646877050 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:08.646971941 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:08.647797108 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:08.647834063 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:09.503487110 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:09.503536940 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:09.503602982 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:09.503945112 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:09.503959894 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:10.865937948 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:10.866031885 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:10.868982077 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:10.869002104 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:10.869229078 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:10.870521069 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:10.870594025 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:10.870606899 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:10.870703936 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:10.915333033 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:11.198914051 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:11.199333906 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:11.199347973 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:11.199807882 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:11.200139999 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:11.200208902 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:11.251441002 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:11.417124987 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:11.417195082 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:11.417248011 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:11.417537928 CET	49880	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:11.417560101 CET	443	49880	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:15.463655949 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:15.463686943 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:15.463795900 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:15.464385986 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:15.464397907 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.020601988 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.020678043 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.022831917 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.022841930 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.023041010 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.025021076 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.025099993 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.025105953 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.025324106 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.071330070 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.571415901 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.571643114 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.571705103 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.571877956 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:18.571898937 CET	443	49897	20.198.119.84	192.168.2.6
Dec 24, 2024 16:26:18.571943998 CET	49897	443	192.168.2.6	20.198.119.84
Dec 24, 2024 16:26:20.895061970 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:20.895119905 CET	443	49882	142.250.181.68	192.168.2.6
Dec 24, 2024 16:26:20.895160913 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:21.800576925 CET	49882	443	192.168.2.6	142.250.181.68
Dec 24, 2024 16:26:21.800601006 CET	443	49882	142.250.181.68	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 16:25:05.392298937 CET	53	61016	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:05.406841993 CET	53	57107	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:08.136560917 CET	53	65190	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:09.440764904 CET	60935	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:09.440927982 CET	50395	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:09.577646017 CET	53	60935	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:09.577922106 CET	53	50395	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:11.602854967 CET	58941	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:11.603511095 CET	61408	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:12.613857031 CET	62424	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:12.614106894 CET	57939	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:12.716350079 CET	53	61408	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:12.752424955 CET	53	57939	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:12.990089893 CET	53	58941	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:12.990504026 CET	53	62424	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:14.353651047 CET	63035	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:14.353805065 CET	58788	53	192.168.2.6	1.1.1.1
Dec 24, 2024 16:25:14.490500927 CET	53	63035	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:14.491672993 CET	53	58788	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:25.172362089 CET	53	57288	1.1.1.1	192.168.2.6
Dec 24, 2024 16:25:44.469791889 CET	53	55278	1.1.1.1	192.168.2.6
Dec 24, 2024 16:26:05.286518097 CET	53	64765	1.1.1.1	192.168.2.6
Dec 24, 2024 16:26:07.286082029 CET	53	59361	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 24, 2024 16:25:12.757467031 CET	192.168.2.6	1.1.1.1	c23b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 24, 2024 16:25:09.440764904 CET	192.168.2.6	1.1.1.1	0x2894	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:09.440927982 CET	192.168.2.6	1.1.1.1	0xca70	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 24, 2024 16:25:11.602854967 CET	192.168.2.6	1.1.1.1	0x1823	Standard query (0)	reprogrammation-mondialrelay.info	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:11.603511095 CET	192.168.2.6	1.1.1.1	0xc5ec	Standard query (0)	reprogrammation-mondialrelay.info	65	IN (0x0001)	false
Dec 24, 2024 16:25:12.613857031 CET	192.168.2.6	1.1.1.1	0x8c3f	Standard query (0)	reprogrammation-mondialrelay.info	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:12.614106894 CET	192.168.2.6	1.1.1.1	0xecb9	Standard query (0)	reprogrammation-mondialrelay.info	65	IN (0x0001)	false
Dec 24, 2024 16:25:14.353651047 CET	192.168.2.6	1.1.1.1	0x6ead	Standard query (0)	reprogrammation-mondialrelay.info	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:14.353805065 CET	192.168.2.6	1.1.1.1	0x2c82	Standard query (0)	reprogrammation-mondialrelay.info	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 24, 2024 16:25:09.577646017 CET	1.1.1.1	192.168.2.6	0x2894	No error (0)	www.google.com	142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:09.577922106 CET	1.1.1.1	192.168.2.6	0xca70	No error (0)	www.google.com		65	IN (0x0001)	false
Dec 24, 2024 16:25:12.990089893 CET	1.1.1.1	192.168.2.6	0x1823	No error (0)	reprogrammation-mondialrelay.info	20.117.177.224	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:12.990504026 CET	1.1.1.1	192.168.2.6	0x8c3f	No error (0)	reprogrammation-mondialrelay.info	20.117.177.224	A (IP address)	IN (0x0001)	false
Dec 24, 2024 16:25:14.490500927 CET	1.1.1.1	192.168.2.6	0x6ead	No error (0)	reprogrammation-mondialrelay.info	20.117.177.224	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reprogrammation-mondialrelay.info

https:

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49742	20.117.177.224	80	516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2024 16:25:13.112461090 CET	448	OUT	GET / HTTP/1.1 Host: reprogrammation-mondialrelay.info Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 24, 2024 16:25:14.345459938 CET	372	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 24 Dec 2024 15:25:14 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://reprogrammation-mondialrelay.info/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Dec 24, 2024 16:25:59.345722914 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49743	20.117.177.224	80	516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 24, 2024 16:25:58.126945019 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:24:56 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 33 73 36 31 6a 33 41 6d 55 32 6e 6b 4f 43 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 64 35 34 35 35 63 31 38 63 65 37 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: T3s61j3AmU2nkOCL.1Context: a425d5455c18ce78
2024-12-24 15:24:56 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:24:56 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 33 73 36 31 6a 33 41 6d 55 32 6e 6b 4f 43 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 64 35 34 35 35 63 31 38 63 65 37 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: T3s61j3AmU2nkOCL.2Context: a425d5455c18ce78<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:24:56 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 54 33 73 36 31 6a 33 41 6d 55 32 6e 6b 4f 43 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 64 35 34 35 35 63 31 38 63 65 37 38 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: T3s61j3AmU2nkOCL.3Context: a425d5455c18ce78
2024-12-24 15:24:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:24:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 67 6c 58 46 6d 39 31 32 45 53 70 53 36 35 59 30 42 47 54 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uglXFm912ESpS65Y0BGTiQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49713	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:00 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 73 30 6a 73 41 47 79 61 45 61 2b 33 67 2b 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 35 63 34 34 62 64 30 34 62 61 66 35 37 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9s0jsAGyaEa+3g+s.1Context: 4d5c44bd04baf57a
2024-12-24 15:25:00 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:00 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 73 30 6a 73 41 47 79 61 45 61 2b 33 67 2b 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 35 63 34 34 62 64 30 34 62 61 66 35 37 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9s0jsAGyaEa+3g+s.2Context: 4d5c44bd04baf57a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:00 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 73 30 6a 73 41 47 79 61 45 61 2b 33 67 2b 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 64 35 63 34 34 62 64 30 34 62 61 66 35 37 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9s0jsAGyaEa+3g+s.3Context: 4d5c44bd04baf57a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-24 15:25:00 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:00 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 41 2b 33 6f 32 4a 4d 65 6b 79 43 37 70 6d 71 75 6e 58 53 2f 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TA+3o2JMekyC7pmqunXS/g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49714	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 43 6f 2b 33 54 41 66 46 55 32 64 38 4e 74 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 38 65 64 33 37 66 66 62 39 39 37 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2Co+3TAfFU2d8Nt1.1Context: 9d7a8ed37ffb9977
2024-12-24 15:25:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 43 6f 2b 33 54 41 66 46 55 32 64 38 4e 74 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 38 65 64 33 37 66 66 62 39 39 37 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2Co+3TAfFU2d8Nt1.2Context: 9d7a8ed37ffb9977<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:06 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 32 43 6f 2b 33 54 41 66 46 55 32 64 38 4e 74 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 38 65 64 33 37 66 66 62 39 39 37 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 2Co+3TAfFU2d8Nt1.3Context: 9d7a8ed37ffb9977
2024-12-24 15:25:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 71 53 47 75 61 4d 72 6f 55 2b 32 6e 63 45 33 78 68 5a 4b 74 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9qSGuaMroU+2ncE3xhZKtQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49741	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 54 6b 64 69 49 39 69 63 6b 6d 31 4d 4f 4e 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 35 62 66 34 38 39 31 64 30 62 66 62 31 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cTkdiI9ickm1MONr.1Context: f15bf4891d0bfb14
2024-12-24 15:25:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 54 6b 64 69 49 39 69 63 6b 6d 31 4d 4f 4e 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 35 62 66 34 38 39 31 64 30 62 66 62 31 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cTkdiI9ickm1MONr.2Context: f15bf4891d0bfb14<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 54 6b 64 69 49 39 69 63 6b 6d 31 4d 4f 4e 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 31 35 62 66 34 38 39 31 64 30 62 66 62 31 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cTkdiI9ickm1MONr.3Context: f15bf4891d0bfb14<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-24 15:25:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 65 68 37 51 32 36 2f 35 30 75 69 2b 48 4f 4f 68 76 66 75 30 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: peh7Q26/50ui+HOOhvfu0w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49749	20.117.177.224	443	516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:15 UTC	676	OUT	GET / HTTP/1.1 Host: reprogrammation-mondialrelay.info Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-24 15:25:16 UTC	399	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 24 Dec 2024 15:25:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.2.26 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=i4fkbbthf0cj4frrt0nkbqo41t; path=/ Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-24 15:25:16 UTC	2455	IN	Data Raw: 39 38 62 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 72 61 6e 64 6f 6d 2d 62 6f 78 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 32 33 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 34 35 36 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 61 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 31 32 70 78 20 64 6f 74 74 65 64 20 23 33 61 33 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 32 37 70 78 3b 0d 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 31 30 70 78 20 32 30 70 78 20 33 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 35 29 3b 0d 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 31 33 64 65 67 29 3b 0d 0a 7d 0d Data Ascii: 98b<style type="text/css">.random-box { width: 123px; height: 456px; background-color: #f0a; border: 12px dotted #3a3; border-radius: 27px; box-shadow: 10px 20px 30px rgba(0, 0, 0, 0.5); transform: rotate(13deg);}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49755	20.117.177.224	443	516	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:18 UTC	668	OUT	GET /favicon.ico HTTP/1.1 Host: reprogrammation-mondialrelay.info Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://reprogrammation-mondialrelay.info/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i4fkbbthf0cj4frrt0nkbqo41t
2024-12-24 15:25:18 UTC	238	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 24 Dec 2024 15:25:18 GMT Content-Type: text/html Content-Length: 808 Connection: close Last-Modified: Tue, 24 Dec 2024 12:19:33 GMT ETag: "328-62a03202e49ce" Accept-Ranges: bytes
2024-12-24 15:25:18 UTC	808	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="s

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49757	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 4a 69 38 78 32 64 34 69 30 47 42 44 57 36 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 64 30 34 63 62 63 64 66 30 32 31 33 38 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: XJi8x2d4i0GBDW6b.1Context: 6bd04cbcdf02138f
2024-12-24 15:25:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 4a 69 38 78 32 64 34 69 30 47 42 44 57 36 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 64 30 34 63 62 63 64 66 30 32 31 33 38 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: XJi8x2d4i0GBDW6b.2Context: 6bd04cbcdf02138f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:19 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 58 4a 69 38 78 32 64 34 69 30 47 42 44 57 36 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 64 30 34 63 62 63 64 66 30 32 31 33 38 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: XJi8x2d4i0GBDW6b.3Context: 6bd04cbcdf02138f
2024-12-24 15:25:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 4c 69 4f 2f 76 2b 57 53 30 6d 73 78 52 39 6f 49 79 6e 46 78 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gLiO/v+WS0msxR9oIynFxw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49785	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:29 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 49 6c 78 34 79 4f 77 42 35 55 71 63 35 4e 73 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 34 32 37 34 38 31 61 31 31 39 35 66 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: Ilx4yOwB5Uqc5Nsb.1Context: 53427481a1195fe
2024-12-24 15:25:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:29 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 49 6c 78 34 79 4f 77 42 35 55 71 63 35 4e 73 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 34 32 37 34 38 31 61 31 31 39 35 66 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 56 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: Ilx4yOwB5Uqc5Nsb.2Context: 53427481a1195fe<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3V
2024-12-24 15:25:29 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 49 6c 78 34 79 4f 77 42 35 55 71 63 35 4e 73 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 33 34 32 37 34 38 31 61 31 31 39 35 66 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: Ilx4yOwB5Uqc5Nsb.3Context: 53427481a1195fe<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-24 15:25:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6e 69 44 47 65 65 74 32 39 30 43 35 67 49 37 73 33 55 55 48 59 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: niDGeet290C5gI7s3UUHYQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49807	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 58 79 58 33 44 48 39 4c 6b 6d 66 65 59 73 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 33 36 30 36 31 35 66 32 66 38 33 62 33 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WXyX3DH9LkmfeYsV.1Context: d3360615f2f83b34
2024-12-24 15:25:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 58 79 58 33 44 48 39 4c 6b 6d 66 65 59 73 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 33 36 30 36 31 35 66 32 66 38 33 62 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WXyX3DH9LkmfeYsV.2Context: d3360615f2f83b34<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:40 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 57 58 79 58 33 44 48 39 4c 6b 6d 66 65 59 73 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 33 36 30 36 31 35 66 32 66 38 33 62 33 34 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: WXyX3DH9LkmfeYsV.3Context: d3360615f2f83b34
2024-12-24 15:25:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 2b 7a 74 2f 68 36 32 48 55 4b 61 57 75 72 35 63 39 2b 45 30 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: a+zt/h62HUKaWur5c9+E0Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49837	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:25:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 64 53 38 78 4c 35 70 78 48 55 57 4e 39 73 50 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 62 66 66 38 31 65 38 61 36 31 32 39 61 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: dS8xL5pxHUWN9sPR.1Context: 6ebff81e8a6129a5
2024-12-24 15:25:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:25:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 64 53 38 78 4c 35 70 78 48 55 57 4e 39 73 50 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 62 66 66 38 31 65 38 61 36 31 32 39 61 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: dS8xL5pxHUWN9sPR.2Context: 6ebff81e8a6129a5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:25:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 64 53 38 78 4c 35 70 78 48 55 57 4e 39 73 50 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 62 66 66 38 31 65 38 61 36 31 32 39 61 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: dS8xL5pxHUWN9sPR.3Context: 6ebff81e8a6129a5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-24 15:25:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:25:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6a 57 46 65 2b 31 70 31 72 55 4b 65 64 63 59 4f 37 6f 77 37 54 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: jWFe+1p1rUKedcYO7ow7TQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49880	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:26:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 7a 38 70 48 79 4f 76 52 6b 4b 6d 4b 34 64 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 62 39 66 61 63 35 31 66 39 62 30 36 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Kz8pHyOvRkKmK4d8.1Context: ddeb9fac51f9b06a
2024-12-24 15:26:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:26:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 7a 38 70 48 79 4f 76 52 6b 4b 6d 4b 34 64 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 62 39 66 61 63 35 31 66 39 62 30 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Kz8pHyOvRkKmK4d8.2Context: ddeb9fac51f9b06a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:26:10 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4b 7a 38 70 48 79 4f 76 52 6b 4b 6d 4b 34 64 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 64 65 62 39 66 61 63 35 31 66 39 62 30 36 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: Kz8pHyOvRkKmK4d8.3Context: ddeb9fac51f9b06a
2024-12-24 15:26:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:26:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 32 7a 5a 45 5a 4e 33 65 30 69 57 4e 43 70 79 6e 31 34 36 56 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: b2zZEZN3e0iWNCpyn146Vg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49897	20.198.119.84	443

Timestamp	Bytes transferred	Direction	Data
2024-12-24 15:26:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 68 33 30 6f 51 74 74 4c 45 53 49 39 50 30 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 62 35 33 35 37 30 34 30 31 64 37 31 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Dh30oQttLESI9P0S.1Context: c8db53570401d71f
2024-12-24 15:26:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-24 15:26:18 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 68 33 30 6f 51 74 74 4c 45 53 49 39 50 30 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 62 35 33 35 37 30 34 30 31 64 37 31 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 59 61 55 59 54 58 32 65 6e 64 4c 45 65 39 71 4b 4f 6f 77 77 34 50 43 4b 47 6e 4f 32 6b 35 34 4f 38 48 6b 71 50 75 72 70 54 34 79 47 59 54 2b 45 68 62 76 70 6a 57 64 6b 45 4c 4e 75 41 57 4e 56 4c 72 62 4b 6a 75 2f 71 74 32 75 53 52 69 76 77 76 70 62 74 4c 6e 73 77 6c 51 4f 68 63 39 4e 76 43 6b 4c 76 59 64 72 74 58 37 64 33 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Dh30oQttLESI9P0S.2Context: c8db53570401d71f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWYaUYTX2endLEe9qKOoww4PCKGnO2k54O8HkqPurpT4yGYT+EhbvpjWdkELNuAWNVLrbKju/qt2uSRivwvpbtLnswlQOhc9NvCkLvYdrtX7d3
2024-12-24 15:26:18 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 68 33 30 6f 51 74 74 4c 45 53 49 39 50 30 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 38 64 62 35 33 35 37 30 34 30 31 64 37 31 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Dh30oQttLESI9P0S.3Context: c8db53570401d71f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-24 15:26:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-24 15:26:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 52 61 42 48 6d 59 39 75 6b 61 53 76 6a 58 70 2b 68 6e 62 30 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8RaBHmY9ukaSvjXp+hnb0A.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 672, Parent PID: 3768

General

Target ID:	1
Start time:	10:24:59
Start date:	24/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 516, Parent PID: 672

General

Target ID:	3
Start time:	10:25:03
Start date:	24/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2192,i,2191230920324930326,6226228881707209879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4852, Parent PID: 3768

General

Target ID:	4
Start time:	10:25:10
Start date:	24/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reprogrammation-mondialrelay.info"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Email	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://reprogrammation-mondialrelay.info
Source: Email	Joe Sandbox AI: AI detected Typosquatting in URL: http://reprogrammation-mondialrelay.info

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: reprogrammation-mondialrelay.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reprogrammation-mondialrelay.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reprogrammation-mondialrelay.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i4fkbbthf0cj4frrt0nkbqo41t
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: reprogrammation-mondialrelay.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: reprogrammation-mondialrelay.info

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://reprogrammation-mondialrelay.info

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 672, Parent PID: 3768

General

Chronological Activities

Analysis Process: chrome.exePID: 516, Parent PID: 672

General

Chronological Activities

Analysis Process: chrome.exePID: 4852, Parent PID: 3768

General

Chronological Activities

Disassembly

Windows Analysis Report
http://reprogrammation-mondialrelay.info