Edit tour

Windows Analysis Report
http://xyft.zmdusdxj.ru

Overview

General Information

Sample URL:	http://xyft.zmdusdxj.ru
Analysis ID:	1585558
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=2540,i,3670861997489118483,16347050582518418580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xyft.zmdusdxj.ru" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /report/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 386Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 19:36:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=4566&min_rtt=4565&rtt_var=1715&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1581&delivery_rate=622241&cwnd=237&unsent_bytes=0&cid=5e84696932365ffa&ts=69&x=0"Server: cloudflareCF-RAY: 8fe665cc0c7f726f-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=1998&rtt_var=762&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1237&delivery_rate=1425085&cwnd=172&unsent_bytes=0&cid=e3bece7dcc03821f&ts=370&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Jan 2025 19:36:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MdIHb042IG9jYhLN9QRs2UCtp%2B%2FPRg7uAJckMiI3NAt5ahG4T%2BBhYzjf0x53uVwgzaPCwBvdrpQnISdVdZpbvgMK8Q4%2BodhuwPBKSTPXqElLCptj4kpowXnbbG39LQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=5002&min_rtt=4990&rtt_var=1427&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1501&delivery_rate=560409&cwnd=235&unsent_bytes=0&cid=a661f35742ad7b98&ts=148&x=0"CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 8fe665d6ca2f3354-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=2003&rtt_var=753&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1166&delivery_rate=1451292&cwnd=114&unsent_bytes=0&cid=6b9b3b429176c971&ts=476&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 58413 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58413
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 58414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58412
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58411
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:58411 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@17/2@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=2540,i,3670861997489118483,16347050582518418580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xyft.zmdusdxj.ru"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=2540,i,3670861997489118483,16347050582518418580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://xyft.zmdusdxj.ru	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://xyft.zmdusdxj.ru/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
www.google.com	172.217.16.196	true	false	high
xyft.zmdusdxj.ru	188.114.96.3	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://xyft.zmdusdxj.ru/	false		unknown
https://a.nel.cloudflare.com/report/v4?s=MdIHb042IG9jYhLN9QRs2UCtp%2B%2FPRg7uAJckMiI3NAt5ahG4T%2BBhYzjf0x53uVwgzaPCwBvdrpQnISdVdZpbvgMK8Q4%2BodhuwPBKSTPXqElLCptj4kpowXnbbG39LQ%3D%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D	false		high
https://xyft.zmdusdxj.ru/favicon.ico	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	xyft.zmdusdxj.ru	European Union	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.23
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585558
Start date and time:	2025-01-07 20:35:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://xyft.zmdusdxj.ru
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/2@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.185.78, 74.125.71.84, 172.217.18.14, 142.250.74.206, 192.229.221.95, 199.232.210.172, 142.250.185.110, 172.217.16.206, 142.250.186.174, 216.58.206.78, 142.251.35.174, 74.125.0.74, 142.250.185.142, 142.250.186.35, 184.28.90.27, 13.107.246.45, 52.149.20.212
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://xyft.zmdusdxj.ru

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://xyft.zmdusdxj.ru Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://xyft.zmdusdxj.ru
URL: https://xyft.zmdusdxj.ru/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://xyft.zmdusdxj.ru/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	low
URL:	https://xyft.zmdusdxj.ru/
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 20:36:22.713912010 CET	49674	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:22.713915110 CET	49673	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:23.026207924 CET	49672	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:32.091214895 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.091268063 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.091577053 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.094172001 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.094187975 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.321896076 CET	49673	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:32.321897030 CET	49674	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:32.634488106 CET	49672	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:32.905100107 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.905258894 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.909845114 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.909852028 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.910087109 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.911662102 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.911827087 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.911827087 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:32.911834002 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:32.959335089 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:33.103369951 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:33.103446960 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:33.103682995 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:33.104603052 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:33.104620934 CET	443	49717	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:33.104655981 CET	49717	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:33.393692017 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:33.393718004 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:33.393838882 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:33.394040108 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:33.394051075 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.096307993 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.097238064 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:34.097249985 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.098202944 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.098485947 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:34.102627039 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:34.102685928 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.150418997 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:34.150429010 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:34.197299004 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:34.380599022 CET	443	49705	173.222.162.64	192.168.2.6
Jan 7, 2025 20:36:34.380680084 CET	49705	443	192.168.2.6	173.222.162.64
Jan 7, 2025 20:36:35.465627909 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.465667009 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.465765953 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.466075897 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.466085911 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.928921938 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.929187059 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.929207087 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.930171013 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.930229902 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.932795048 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.932821989 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.932856083 CET	443	49722	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.932898998 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.932924032 CET	49722	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.933196068 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.933235884 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:35.933306932 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.933516979 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:35.933533907 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.421519041 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.421892881 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.421914101 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.422889948 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.422965050 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.423949003 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.424022913 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.424134970 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.424143076 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.468535900 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.778881073 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.779002905 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.779124022 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.831816912 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:36.831849098 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:36.832001925 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:36.844497919 CET	49723	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:36.844506979 CET	443	49723	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:36.866522074 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:36.866538048 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.171962976 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.172015905 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.172130108 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.172583103 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.172596931 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.353780031 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.354055882 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.354085922 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.355093002 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.355154991 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.356208086 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.356271029 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.356345892 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.356353998 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.396931887 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483087063 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.483236074 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.483292103 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483321905 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483335018 CET	443	49729	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.483344078 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483377934 CET	49729	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483748913 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.483772993 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.483923912 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.484082937 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.484095097 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.634676933 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.635801077 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.635826111 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.636835098 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.636905909 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637527943 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637551069 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637584925 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.637732983 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.637818098 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637825012 CET	443	49730	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.637845039 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637860060 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.637873888 CET	49730	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.638158083 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.638191938 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.638248920 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.638457060 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:37.638473988 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:37.999147892 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.999414921 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:37.999424934 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:37.999753952 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.000159025 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:38.000219107 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.000282049 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:38.041018963 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:38.041024923 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.108460903 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.108704090 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.108716011 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.109045982 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.109338045 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.109400988 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.109539032 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.131501913 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.131546021 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.131680012 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:38.131886005 CET	49736	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:36:38.131891012 CET	443	49736	35.190.80.1	192.168.2.6
Jan 7, 2025 20:36:38.151333094 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.578547955 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.578612089 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:38.579816103 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.579816103 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.883739948 CET	49737	443	192.168.2.6	188.114.96.3
Jan 7, 2025 20:36:38.883764029 CET	443	49737	188.114.96.3	192.168.2.6
Jan 7, 2025 20:36:39.952516079 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:39.952529907 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:39.952595949 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:39.953123093 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:39.953133106 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.742278099 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.742495060 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.744395018 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.744400978 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.744628906 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.746320009 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.746390104 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.746395111 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.746525049 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.791327953 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.934865952 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.934936047 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.935421944 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.935421944 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:40.935450077 CET	443	49751	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:40.935462952 CET	49751	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:43.997261047 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:43.997315884 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:43.997450113 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:45.542176962 CET	49718	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:36:45.542188883 CET	443	49718	172.217.16.196	192.168.2.6
Jan 7, 2025 20:36:51.952368021 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:51.952388048 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:51.952476025 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:51.952955961 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:51.952967882 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.742937088 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.743031025 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.746035099 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.746049881 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.746294022 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.747997046 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.748064041 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.748069048 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.748204947 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.791327953 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.936589956 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.936647892 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:36:52.936801910 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.936835051 CET	49826	443	192.168.2.6	40.115.3.253
Jan 7, 2025 20:36:52.936844110 CET	443	49826	40.115.3.253	192.168.2.6
Jan 7, 2025 20:37:10.133059978 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.133083105 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.133157015 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.133706093 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.133721113 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.516932964 CET	58357	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:37:10.521714926 CET	53	58357	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:10.521789074 CET	58357	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:37:10.521804094 CET	58357	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:37:10.526596069 CET	53	58357	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:10.965497971 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.965579033 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.969142914 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.969151020 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.969393015 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.971004009 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.971069098 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.971074104 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:10.971180916 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:10.993293047 CET	53	58357	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:10.993969917 CET	58357	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:37:10.999186039 CET	53	58357	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:10.999248981 CET	58357	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:37:11.011337996 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:11.145128012 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:11.145239115 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:11.145443916 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:11.145443916 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:11.446505070 CET	49944	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:11.446528912 CET	443	49944	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:32.705665112 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:32.705719948 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:32.705811024 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:32.706387997 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:32.706402063 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.447575092 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:33.447629929 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:33.447694063 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:33.447936058 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:33.447949886 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:33.494570017 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.494652987 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.496733904 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.496742010 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.496977091 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.498743057 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.498801947 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.498806000 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.499037981 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.543338060 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.670605898 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.670681000 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:33.670732975 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.670892954 CET	58411	443	192.168.2.6	40.113.110.67
Jan 7, 2025 20:37:33.670911074 CET	443	58411	40.113.110.67	192.168.2.6
Jan 7, 2025 20:37:34.094451904 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:34.094758987 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:34.094780922 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:34.095102072 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:34.095405102 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:34.095463991 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:34.149291992 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:36.807471991 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:36.807503939 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:36.807585001 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:36.807816982 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:36.807842016 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.261248112 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.261934996 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.261955023 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.262324095 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.262667894 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.262741089 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.262780905 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.306195974 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.306210041 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.388595104 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.388744116 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.388808966 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.391797066 CET	58413	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.391822100 CET	443	58413	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.392934084 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.392988920 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.393054008 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.393268108 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.393281937 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.871459007 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.871767044 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.871795893 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.872153044 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.872618914 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.872678995 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:37.872751951 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:37.915359020 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:38.013060093 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:38.013133049 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:38.013302088 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:38.013315916 CET	443	58414	35.190.80.1	192.168.2.6
Jan 7, 2025 20:37:38.013325930 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:38.013353109 CET	58414	443	192.168.2.6	35.190.80.1
Jan 7, 2025 20:37:44.008279085 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:44.008354902 CET	443	58412	172.217.16.196	192.168.2.6
Jan 7, 2025 20:37:44.008471012 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:45.541727066 CET	58412	443	192.168.2.6	172.217.16.196
Jan 7, 2025 20:37:45.541748047 CET	443	58412	172.217.16.196	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 7, 2025 20:36:29.374006033 CET	53	64577	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:29.389605999 CET	53	60798	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:30.558976889 CET	53	57770	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:33.385976076 CET	55582	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:33.386348963 CET	50320	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:33.392570972 CET	53	55582	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:33.392900944 CET	53	50320	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:35.211143017 CET	59141	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:35.211366892 CET	55796	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:35.275769949 CET	53	55796	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:35.281737089 CET	55067	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:35.282135963 CET	55027	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:35.295417070 CET	53	55027	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:35.381546021 CET	53	59141	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:35.465102911 CET	53	55067	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:36.793399096 CET	52447	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:36.793618917 CET	51248	53	192.168.2.6	1.1.1.1
Jan 7, 2025 20:36:36.800107002 CET	53	52447	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:36.800483942 CET	53	51248	1.1.1.1	192.168.2.6
Jan 7, 2025 20:36:47.486152887 CET	53	64873	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:06.455153942 CET	53	59221	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:10.516541958 CET	53	55340	1.1.1.1	192.168.2.6
Jan 7, 2025 20:37:28.926912069 CET	53	59920	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 7, 2025 20:36:35.381604910 CET	192.168.2.6	1.1.1.1	c208	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 7, 2025 20:36:33.385976076 CET	192.168.2.6	1.1.1.1	0xce6a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:33.386348963 CET	192.168.2.6	1.1.1.1	0xa209	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 7, 2025 20:36:35.211143017 CET	192.168.2.6	1.1.1.1	0xbb5e	Standard query (0)	xyft.zmdusdxj.ru	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:35.211366892 CET	192.168.2.6	1.1.1.1	0xb742	Standard query (0)	xyft.zmdusdxj.ru	65	IN (0x0001)	false
Jan 7, 2025 20:36:35.281737089 CET	192.168.2.6	1.1.1.1	0x883c	Standard query (0)	xyft.zmdusdxj.ru	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:35.282135963 CET	192.168.2.6	1.1.1.1	0xee8a	Standard query (0)	xyft.zmdusdxj.ru	65	IN (0x0001)	false
Jan 7, 2025 20:36:36.793399096 CET	192.168.2.6	1.1.1.1	0x55ce	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:36.793618917 CET	192.168.2.6	1.1.1.1	0x8314	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 7, 2025 20:36:33.392570972 CET	1.1.1.1	192.168.2.6	0xce6a	No error (0)	www.google.com	172.217.16.196	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:33.392900944 CET	1.1.1.1	192.168.2.6	0xa209	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 7, 2025 20:36:35.275769949 CET	1.1.1.1	192.168.2.6	0xb742	No error (0)	xyft.zmdusdxj.ru		65	IN (0x0001)	false
Jan 7, 2025 20:36:35.295417070 CET	1.1.1.1	192.168.2.6	0xee8a	No error (0)	xyft.zmdusdxj.ru		65	IN (0x0001)	false
Jan 7, 2025 20:36:35.381546021 CET	1.1.1.1	192.168.2.6	0xbb5e	No error (0)	xyft.zmdusdxj.ru	188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:35.381546021 CET	1.1.1.1	192.168.2.6	0xbb5e	No error (0)	xyft.zmdusdxj.ru	188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:35.465102911 CET	1.1.1.1	192.168.2.6	0x883c	No error (0)	xyft.zmdusdxj.ru	188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:35.465102911 CET	1.1.1.1	192.168.2.6	0x883c	No error (0)	xyft.zmdusdxj.ru	188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 7, 2025 20:36:36.800107002 CET	1.1.1.1	192.168.2.6	0x55ce	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

xyft.zmdusdxj.ru

a.nel.cloudflare.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49717	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 67 50 46 79 74 66 6d 51 45 43 66 4d 53 6d 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 30 34 35 30 63 35 31 39 66 34 38 32 31 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GgPFytfmQECfMSmK.1Context: 8b0450c519f48213
2025-01-07 19:36:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-07 19:36:32 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 67 50 46 79 74 66 6d 51 45 43 66 4d 53 6d 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 30 34 35 30 63 35 31 39 66 34 38 32 31 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 71 57 54 54 65 77 6b 53 32 38 45 65 48 33 43 4c 71 67 68 4d 4d 62 75 56 53 38 5a 4e 6c 68 47 53 32 2b 58 74 78 71 4b 56 57 41 47 69 52 62 49 50 73 6d 56 6e 56 4c 62 73 50 4c 2b 58 71 30 57 46 67 6b 6e 76 47 70 49 63 54 36 48 43 4a 4f 61 61 44 72 7a 77 47 50 6d 4c 4f 4f 4a 76 39 49 6c 47 34 61 32 76 49 78 63 7a 76 42 43 66 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GgPFytfmQECfMSmK.2Context: 8b0450c519f48213<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbqWTTewkS28EeH3CLqghMMbuVS8ZNlhGS2+XtxqKVWAGiRbIPsmVnVLbsPL+Xq0WFgknvGpIcT6HCJOaaDrzwGPmLOOJv9IlG4a2vIxczvBCf
2025-01-07 19:36:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 67 50 46 79 74 66 6d 51 45 43 66 4d 53 6d 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 62 30 34 35 30 63 35 31 39 66 34 38 32 31 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GgPFytfmQECfMSmK.3Context: 8b0450c519f48213<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-07 19:36:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-07 19:36:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 79 6d 30 57 6e 79 64 6e 45 4b 4e 69 41 45 77 62 52 45 61 51 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: rym0WnydnEKNiAEwbREaQA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49723	188.114.96.3	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:36 UTC	659	OUT	GET / HTTP/1.1 Host: xyft.zmdusdxj.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:36:36 UTC	1014	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 19:36:36 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4566&min_rtt=4565&rtt_var=1715&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1581&delivery_rate=622241&cwnd=237&unsent_bytes=0&cid=5e84696932365ffa&ts=69&x=0" Server: cloudflare CF-RAY: 8fe665cc0c7f726f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=1998&rtt_var=762&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1237&delivery_rate=1425085&cwnd=172&unsent_bytes=0&cid=e3bece7dcc03821f&ts=370&x=0"
2025-01-07 19:36:36 UTC	355	IN	Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
2025-01-07 19:36:36 UTC	200	IN	Data Raw: 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: - a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
2025-01-07 19:36:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49729	35.190.80.1	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:37 UTC	535	OUT	OPTIONS /report/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://xyft.zmdusdxj.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:36:37 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 07 Jan 2025 19:36:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49736	35.190.80.1	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:37 UTC	476	OUT	POST /report/v4?s=1T06xTtOF4J%2Fh4AaDnHZJVbuUPI%2Bv8SiJ%2BRRGEE743nZpgkD868Ebp7Fe6hyet6s5sBElcd2V3LDDrMDk6n7cTyDm9cMfFCRvXRGfay9VUNZs0n6yxQlEElvZw3jLg%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 386 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:36:37 UTC	386	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 35 31 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 78 79 66 74 2e 7a 6d 64 75 73 64 78 6a 2e 72 75 Data Ascii: [{"age":0,"body":{"elapsed_time":1510,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","url":"https://xyft.zmdusdxj.ru
2025-01-07 19:36:38 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 07 Jan 2025 19:36:38 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49737	188.114.96.3	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:38 UTC	588	OUT	GET /favicon.ico HTTP/1.1 Host: xyft.zmdusdxj.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xyft.zmdusdxj.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:36:38 UTC	1062	IN	HTTP/1.1 404 Not Found Date: Tue, 07 Jan 2025 19:36:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MdIHb042IG9jYhLN9QRs2UCtp%2B%2FPRg7uAJckMiI3NAt5ahG4T%2BBhYzjf0x53uVwgzaPCwBvdrpQnISdVdZpbvgMK8Q4%2BodhuwPBKSTPXqElLCptj4kpowXnbbG39LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5002&min_rtt=4990&rtt_var=1427&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1501&delivery_rate=560409&cwnd=235&unsent_bytes=0&cid=a661f35742ad7b98&ts=148&x=0" CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 8fe665d6ca2f3354-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2004&min_rtt=2003&rtt_var=753&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1166&delivery_rate=1451292&cwnd=114&unsent_bytes=0&cid=6b9b3b429176c971&ts=476&x=0"
2025-01-07 19:36:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49751	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:40 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 41 46 4e 71 43 49 65 51 6b 71 48 4a 58 65 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 34 65 39 66 66 30 64 39 38 35 37 34 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: eAFNqCIeQkqHJXeU.1Context: e704e9ff0d98574e
2025-01-07 19:36:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-07 19:36:40 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 41 46 4e 71 43 49 65 51 6b 71 48 4a 58 65 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 34 65 39 66 66 30 64 39 38 35 37 34 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 71 57 54 54 65 77 6b 53 32 38 45 65 48 33 43 4c 71 67 68 4d 4d 62 75 56 53 38 5a 4e 6c 68 47 53 32 2b 58 74 78 71 4b 56 57 41 47 69 52 62 49 50 73 6d 56 6e 56 4c 62 73 50 4c 2b 58 71 30 57 46 67 6b 6e 76 47 70 49 63 54 36 48 43 4a 4f 61 61 44 72 7a 77 47 50 6d 4c 4f 4f 4a 76 39 49 6c 47 34 61 32 76 49 78 63 7a 76 42 43 66 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: eAFNqCIeQkqHJXeU.2Context: e704e9ff0d98574e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbqWTTewkS28EeH3CLqghMMbuVS8ZNlhGS2+XtxqKVWAGiRbIPsmVnVLbsPL+Xq0WFgknvGpIcT6HCJOaaDrzwGPmLOOJv9IlG4a2vIxczvBCf
2025-01-07 19:36:40 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 41 46 4e 71 43 49 65 51 6b 71 48 4a 58 65 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 37 30 34 65 39 66 66 30 64 39 38 35 37 34 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: eAFNqCIeQkqHJXeU.3Context: e704e9ff0d98574e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-07 19:36:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-07 19:36:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 34 62 4f 4e 73 37 55 55 74 55 75 55 44 56 76 6e 73 46 70 66 42 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 4bONs7UUtUuUDVvnsFpfBg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49826	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:36:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 35 30 2b 76 58 58 37 70 55 75 4e 67 48 63 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 65 30 31 31 34 34 33 34 39 37 32 62 30 62 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: J50+vXX7pUuNgHck.1Context: 5e0114434972b0b4
2025-01-07 19:36:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-07 19:36:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 35 30 2b 76 58 58 37 70 55 75 4e 67 48 63 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 65 30 31 31 34 34 33 34 39 37 32 62 30 62 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 71 57 54 54 65 77 6b 53 32 38 45 65 48 33 43 4c 71 67 68 4d 4d 62 75 56 53 38 5a 4e 6c 68 47 53 32 2b 58 74 78 71 4b 56 57 41 47 69 52 62 49 50 73 6d 56 6e 56 4c 62 73 50 4c 2b 58 71 30 57 46 67 6b 6e 76 47 70 49 63 54 36 48 43 4a 4f 61 61 44 72 7a 77 47 50 6d 4c 4f 4f 4a 76 39 49 6c 47 34 61 32 76 49 78 63 7a 76 42 43 66 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: J50+vXX7pUuNgHck.2Context: 5e0114434972b0b4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbqWTTewkS28EeH3CLqghMMbuVS8ZNlhGS2+XtxqKVWAGiRbIPsmVnVLbsPL+Xq0WFgknvGpIcT6HCJOaaDrzwGPmLOOJv9IlG4a2vIxczvBCf
2025-01-07 19:36:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 35 30 2b 76 58 58 37 70 55 75 4e 67 48 63 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 65 30 31 31 34 34 33 34 39 37 32 62 30 62 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: J50+vXX7pUuNgHck.3Context: 5e0114434972b0b4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-07 19:36:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-07 19:36:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 47 6f 51 76 63 62 48 7a 30 53 31 71 47 36 58 4e 50 41 58 48 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: CGoQvcbHz0S1qG6XNPAXHg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49944	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:37:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 58 32 4f 78 43 68 56 74 48 30 61 77 30 32 57 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 33 38 31 35 34 65 36 37 31 37 66 38 62 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: X2OxChVtH0aw02WK.1Context: 7538154e6717f8be
2025-01-07 19:37:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-07 19:37:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 58 32 4f 78 43 68 56 74 48 30 61 77 30 32 57 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 33 38 31 35 34 65 36 37 31 37 66 38 62 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 71 57 54 54 65 77 6b 53 32 38 45 65 48 33 43 4c 71 67 68 4d 4d 62 75 56 53 38 5a 4e 6c 68 47 53 32 2b 58 74 78 71 4b 56 57 41 47 69 52 62 49 50 73 6d 56 6e 56 4c 62 73 50 4c 2b 58 71 30 57 46 67 6b 6e 76 47 70 49 63 54 36 48 43 4a 4f 61 61 44 72 7a 77 47 50 6d 4c 4f 4f 4a 76 39 49 6c 47 34 61 32 76 49 78 63 7a 76 42 43 66 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: X2OxChVtH0aw02WK.2Context: 7538154e6717f8be<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbqWTTewkS28EeH3CLqghMMbuVS8ZNlhGS2+XtxqKVWAGiRbIPsmVnVLbsPL+Xq0WFgknvGpIcT6HCJOaaDrzwGPmLOOJv9IlG4a2vIxczvBCf
2025-01-07 19:37:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 58 32 4f 78 43 68 56 74 48 30 61 77 30 32 57 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 35 33 38 31 35 34 65 36 37 31 37 66 38 62 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: X2OxChVtH0aw02WK.3Context: 7538154e6717f8be<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-07 19:37:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-07 19:37:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 76 43 43 77 6a 59 4e 7a 45 47 35 70 31 48 54 54 46 7a 53 42 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +vCCwjYNzEG5p1HTTFzSBg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	58411	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:37:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 38 76 38 36 67 68 74 34 45 75 68 69 4a 32 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 30 63 36 31 66 39 35 39 34 63 66 37 39 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: m8v86ght4EuhiJ2x.1Context: 970c61f9594cf798
2025-01-07 19:37:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-07 19:37:33 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6d 38 76 38 36 67 68 74 34 45 75 68 69 4a 32 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 30 63 36 31 66 39 35 39 34 63 66 37 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 71 57 54 54 65 77 6b 53 32 38 45 65 48 33 43 4c 71 67 68 4d 4d 62 75 56 53 38 5a 4e 6c 68 47 53 32 2b 58 74 78 71 4b 56 57 41 47 69 52 62 49 50 73 6d 56 6e 56 4c 62 73 50 4c 2b 58 71 30 57 46 67 6b 6e 76 47 70 49 63 54 36 48 43 4a 4f 61 61 44 72 7a 77 47 50 6d 4c 4f 4f 4a 76 39 49 6c 47 34 61 32 76 49 78 63 7a 76 42 43 66 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: m8v86ght4EuhiJ2x.2Context: 970c61f9594cf798<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbqWTTewkS28EeH3CLqghMMbuVS8ZNlhGS2+XtxqKVWAGiRbIPsmVnVLbsPL+Xq0WFgknvGpIcT6HCJOaaDrzwGPmLOOJv9IlG4a2vIxczvBCf
2025-01-07 19:37:33 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 38 76 38 36 67 68 74 34 45 75 68 69 4a 32 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 37 30 63 36 31 66 39 35 39 34 63 66 37 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: m8v86ght4EuhiJ2x.3Context: 970c61f9594cf798<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-07 19:37:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-07 19:37:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 6f 71 39 2f 4a 50 50 78 30 36 68 6f 49 4c 6d 33 2b 46 47 43 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: boq9/JPPx06hoILm3+FGCQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	58413	35.190.80.1	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:37:37 UTC	537	OUT	OPTIONS /report/v4?s=MdIHb042IG9jYhLN9QRs2UCtp%2B%2FPRg7uAJckMiI3NAt5ahG4T%2BBhYzjf0x53uVwgzaPCwBvdrpQnISdVdZpbvgMK8Q4%2BodhuwPBKSTPXqElLCptj4kpowXnbbG39LQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://xyft.zmdusdxj.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:37:37 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 07 Jan 2025 19:37:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	58414	35.190.80.1	443	6440	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-07 19:37:37 UTC	478	OUT	POST /report/v4?s=MdIHb042IG9jYhLN9QRs2UCtp%2B%2FPRg7uAJckMiI3NAt5ahG4T%2BBhYzjf0x53uVwgzaPCwBvdrpQnISdVdZpbvgMK8Q4%2BodhuwPBKSTPXqElLCptj4kpowXnbbG39LQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 426 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-07 19:37:37 UTC	426	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 32 32 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 34 30 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 78 79 66 74 2e 7a 6d 64 75 73 64 78 6a 2e 72 75 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 Data Ascii: [{"age":58227,"body":{"elapsed_time":1407,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://xyft.zmdusdxj.ru/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","u
2025-01-07 19:37:38 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 07 Jan 2025 19:37:37 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5316, Parent PID: 5884

General

Target ID:	2
Start time:	14:36:23
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6440, Parent PID: 5316

General

Target ID:	4
Start time:	14:36:27
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 --field-trial-handle=2540,i,3670861997489118483,16347050582518418580,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7092, Parent PID: 5884

General

Target ID:	5
Start time:	14:36:33
Start date:	07/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://xyft.zmdusdxj.ru"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: xyft.zmdusdxj.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xyft.zmdusdxj.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xyft.zmdusdxj.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: xyft.zmdusdxj.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://xyft.zmdusdxj.ru

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5316, Parent PID: 5884

General

Chronological Activities

Analysis Process: chrome.exePID: 6440, Parent PID: 5316

General

Chronological Activities

Analysis Process: chrome.exePID: 7092, Parent PID: 5884

General

Chronological Activities

Disassembly

Windows Analysis Report
http://xyft.zmdusdxj.ru