Edit tour

Windows Analysis Report
https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=

Overview

General Information

Sample URL:	https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=
Analysis ID:	1591490
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,1394993840919030335,6465144961603929669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /report/v4?s=03A%2FLemguv%2F%2BttJQTrF49jU6TG8OL0u5cDUnq9wGVmfegSS2dSf7ZE34LbS1s80EA3X1B5gOBuNP6WeimLAbipe5xDkaB8CL9w3puANj%2F7vk2LScWFtVKrTw4ty281TzZzCy%2FASP HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 535Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 00:32:01 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03A%2FLemguv%2F%2BttJQTrF49jU6TG8OL0u5cDUnq9wGVmfegSS2dSf7ZE34LbS1s80EA3X1B5gOBuNP6WeimLAbipe5xDkaB8CL9w3puANj%2F7vk2LScWFtVKrTw4ty281TzZzCy%2FASP"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9021c423eb18ab88-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=13773&min_rtt=13770&rtt_var=5170&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1280&delivery_rate=211624&cwnd=32&unsent_bytes=0&cid=6f853273acab546c&ts=1309&x=0"

Source: sets.json.1.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.1.dr	String found in binary or memory: https://24.hu
Source: sets.json.1.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.1.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.1.dr	String found in binary or memory: https://alice.tw
Source: sets.json.1.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.1.dr	String found in binary or memory: https://autobild.de
Source: sets.json.1.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.1.dr	String found in binary or memory: https://bild.de
Source: sets.json.1.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.1.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.1.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.1.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.1.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.1.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.1.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.1.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.1.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.1.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.1.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.1.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.1.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.1.dr	String found in binary or memory: https://chennien.com
Source: sets.json.1.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.1.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.1.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.1.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.1.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.1.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.1.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.1.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.1.dr	String found in binary or memory: https://css-load.com
Source: sets.json.1.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.1.dr	String found in binary or memory: https://deere.com
Source: sets.json.1.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.1.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.1.dr	String found in binary or memory: https://drimer.io
Source: sets.json.1.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.1.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.1.dr	String found in binary or memory: https://een.be
Source: sets.json.1.dr	String found in binary or memory: https://efront.com
Source: sets.json.1.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.1.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.1.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.1.dr	String found in binary or memory: https://ella.sv
Source: sets.json.1.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.1.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.1.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.1.dr	String found in binary or memory: https://finn.no
Source: sets.json.1.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.1.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.1.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.1.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.1.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://grid.id
Source: sets.json.1.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.1.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.1.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.1.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://hapara.com
Source: sets.json.1.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.global
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.1.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.1.dr	String found in binary or memory: https://hearty.app
Source: sets.json.1.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.1.dr	String found in binary or memory: https://hearty.me
Source: sets.json.1.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.1.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.1.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.1.dr	String found in binary or memory: https://hj.rs
Source: sets.json.1.dr	String found in binary or memory: https://hjck.com
Source: sets.json.1.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.1.dr	String found in binary or memory: https://html-load.com
Source: sets.json.1.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.1.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.1.dr	String found in binary or memory: https://img-load.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.1.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.1.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.1.dr	String found in binary or memory: https://interia.pl
Source: sets.json.1.dr	String found in binary or memory: https://intoday.in
Source: sets.json.1.dr	String found in binary or memory: https://iolam.it
Source: sets.json.1.dr	String found in binary or memory: https://ishares.com
Source: sets.json.1.dr	String found in binary or memory: https://jagran.com
Source: sets.json.1.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.1.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.1.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.1.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.1.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.1.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.1.dr	String found in binary or memory: https://libero.it
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.1.dr	String found in binary or memory: https://livechat.com
Source: sets.json.1.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.1.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.1.dr	String found in binary or memory: https://livemint.com
Source: sets.json.1.dr	String found in binary or memory: https://max.auto
Source: sets.json.1.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.1.dr	String found in binary or memory: https://meo.pt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.1.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.1.dr	String found in binary or memory: https://money.pl
Source: sets.json.1.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.1.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://nacion.com
Source: sets.json.1.dr	String found in binary or memory: https://naukri.com
Source: sets.json.1.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.co
Source: sets.json.1.dr	String found in binary or memory: https://nien.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.org
Source: sets.json.1.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.1.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.1.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.1.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.1.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.1.dr	String found in binary or memory: https://o2.pl
Source: sets.json.1.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.1.dr	String found in binary or memory: https://onet.pl
Source: sets.json.1.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.1.dr	String found in binary or memory: https://p106.net
Source: sets.json.1.dr	String found in binary or memory: https://p24.hu
Source: sets.json.1.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.1.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.1.dr	String found in binary or memory: https://player.pl
Source: sets.json.1.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.1.dr	String found in binary or memory: https://poalim.site
Source: sets.json.1.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.1.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.1.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.1.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.1.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.1.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://radio1.be
Source: sets.json.1.dr	String found in binary or memory: https://radio2.be
Source: sets.json.1.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://repid.org
Source: sets.json.1.dr	String found in binary or memory: https://reshim.org
Source: sets.json.1.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.1.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.1.dr	String found in binary or memory: https://samayam.com
Source: sets.json.1.dr	String found in binary or memory: https://sapo.io
Source: sets.json.1.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.1.dr	String found in binary or memory: https://shock.co
Source: sets.json.1.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.1.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.1.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.1.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.1.dr	String found in binary or memory: https://songshare.com
Source: sets.json.1.dr	String found in binary or memory: https://songstats.com
Source: sets.json.1.dr	String found in binary or memory: https://sporza.be
Source: sets.json.1.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.1.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.1.dr	String found in binary or memory: https://stripe.com
Source: sets.json.1.dr	String found in binary or memory: https://stripe.network
Source: sets.json.1.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.1.dr	String found in binary or memory: https://supereva.it
Source: sets.json.1.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.1.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.1.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.1.dr	String found in binary or memory: https://text.com
Source: sets.json.1.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://the42.ie
Source: sets.json.1.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.1.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.1.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.1.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.1.dr	String found in binary or memory: https://top.pl
Source: sets.json.1.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.1.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://tvid.in
Source: sets.json.1.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.1.dr	String found in binary or memory: https://unotv.com
Source: sets.json.1.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.1.dr	String found in binary or memory: https://vrt.be
Source: sets.json.1.dr	String found in binary or memory: https://vwo.com
Source: sets.json.1.dr	String found in binary or memory: https://welt.de
Source: sets.json.1.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.1.dr	String found in binary or memory: https://wildix.com
Source: sets.json.1.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.1.dr	String found in binary or memory: https://wingify.com
Source: sets.json.1.dr	String found in binary or memory: https://wordle.at
Source: sets.json.1.dr	String found in binary or memory: https://wp.pl
Source: sets.json.1.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.1.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.1.dr	String found in binary or memory: https://ya.ru
Source: sets.json.1.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://zalo.me
Source: sets.json.1.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.1.dr	String found in binary or memory: https://zoom.com
Source: sets.json.1.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 60141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53597
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60141
Source: unknown	Network traffic detected: HTTP traffic on port 53597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:60141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53597 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_2888_820773776

Jump to behavior

Source: classification engine

Classification label: mal48.win@17/9@6/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,1394993840919030335,6465144961603929669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,1394993840919030335,6465144961603929669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
cdn.trytraffics.com	188.114.96.3	true	false	high
www.google.com	172.217.18.4	true	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.1.dr	false	high
https://mercadoshops.com.co	sets.json.1.dr	false	high
https://gliadomain.com	sets.json.1.dr	false	high
https://poalim.xyz	sets.json.1.dr	false	high
https://mercadolivre.com	sets.json.1.dr	false	high
https://reshim.org	sets.json.1.dr	false	high
https://nourishingpursuits.com	sets.json.1.dr	false	high
https://medonet.pl	sets.json.1.dr	false	high
https://unotv.com	sets.json.1.dr	false	high
https://mercadoshops.com.br	sets.json.1.dr	false	high
https://joyreactor.cc	sets.json.1.dr	false	high
https://zdrowietvn.pl	sets.json.1.dr	false	high
https://johndeere.com	sets.json.1.dr	false	high
https://songstats.com	sets.json.1.dr	false	high
https://baomoi.com	sets.json.1.dr	false	high
https://supereva.it	sets.json.1.dr	false	high
https://elfinancierocr.com	sets.json.1.dr	false	high
https://bolasport.com	sets.json.1.dr	false	high
https://rws1nvtvt.com	sets.json.1.dr	false	high
https://desimartini.com	sets.json.1.dr	false	high
https://hearty.app	sets.json.1.dr	false	high
https://hearty.gift	sets.json.1.dr	false	high
https://mercadoshops.com	sets.json.1.dr	false	high
https://heartymail.com	sets.json.1.dr	false	high
https://nlc.hu	sets.json.1.dr	false	high
https://p106.net	sets.json.1.dr	false	high
https://radio2.be	sets.json.1.dr	false	high
https://finn.no	sets.json.1.dr	false	high
https://hc1.com	sets.json.1.dr	false	high
https://kompas.tv	sets.json.1.dr	false	high
https://mystudentdashboard.com	sets.json.1.dr	false	high
https://songshare.com	sets.json.1.dr	false	high
https://smaker.pl	sets.json.1.dr	false	high
https://mercadopago.com.mx	sets.json.1.dr	false	high
https://p24.hu	sets.json.1.dr	false	high
https://talkdeskqaid.com	sets.json.1.dr	false	high
https://24.hu	sets.json.1.dr	false	high
https://mercadopago.com.pe	sets.json.1.dr	false	high
https://cardsayings.net	sets.json.1.dr	false	high
https://text.com	sets.json.1.dr	false	high
https://mightytext.net	sets.json.1.dr	false	high
https://pudelek.pl	sets.json.1.dr	false	high
https://hazipatika.com	sets.json.1.dr	false	high
https://joyreactor.com	sets.json.1.dr	false	high
https://cookreactor.com	sets.json.1.dr	false	high
https://wildixin.com	sets.json.1.dr	false	high
https://eworkbookcloud.com	sets.json.1.dr	false	high
https://cognitiveai.ru	sets.json.1.dr	false	high
https://nacion.com	sets.json.1.dr	false	high
https://chennien.com	sets.json.1.dr	false	high
https://drimer.travel	sets.json.1.dr	false	high
https://deccoria.pl	sets.json.1.dr	false	high
https://mercadopago.cl	sets.json.1.dr	false	high
https://talkdeskstgid.com	sets.json.1.dr	false	high
https://naukri.com	sets.json.1.dr	false	high
https://interia.pl	sets.json.1.dr	false	high
https://bonvivir.com	sets.json.1.dr	false	high
https://carcostadvisor.be	sets.json.1.dr	false	high
https://salemovetravel.com	sets.json.1.dr	false	high
https://sapo.io	sets.json.1.dr	false	high
https://wpext.pl	sets.json.1.dr	false	high
https://welt.de	sets.json.1.dr	false	high
https://poalim.site	sets.json.1.dr	false	high
https://drimer.io	sets.json.1.dr	false	high
https://infoedgeindia.com	sets.json.1.dr	false	high
https://blackrockadvisorelite.it	sets.json.1.dr	false	high
https://cognitive-ai.ru	sets.json.1.dr	false	high
https://cafemedia.com	sets.json.1.dr	false	high
https://graziadaily.co.uk	sets.json.1.dr	false	high
https://thirdspace.org.au	sets.json.1.dr	false	high
https://mercadoshops.com.ar	sets.json.1.dr	false	high
https://smpn106jkt.sch.id	sets.json.1.dr	false	high
https://elpais.uy	sets.json.1.dr	false	high
https://landyrev.com	sets.json.1.dr	false	high
https://the42.ie	sets.json.1.dr	false	high
https://commentcamarche.com	sets.json.1.dr	false	high
https://tucarro.com.ve	sets.json.1.dr	false	high
https://rws3nvtvt.com	sets.json.1.dr	false	high
https://eleconomista.net	sets.json.1.dr	false	high
https://helpdesk.com	sets.json.1.dr	false	high
https://mercadolivre.com.br	sets.json.1.dr	false	high
https://clmbtech.com	sets.json.1.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.1.dr	false	high
https://07c225f3.online	sets.json.1.dr	false	high
https://salemovefinancial.com	sets.json.1.dr	false	high
https://mercadopago.com.br	sets.json.1.dr	false	high
https://zoom.us	sets.json.1.dr	false	high
https://commentcamarche.net	sets.json.1.dr	false	high
https://etfacademy.it	sets.json.1.dr	false	high
https://mighty-app.appspot.com	sets.json.1.dr	false	high
https://hj.rs	sets.json.1.dr	false	high
https://hearty.me	sets.json.1.dr	false	high
https://mercadolibre.com.gt	sets.json.1.dr	false	high
https://timesinternet.in	sets.json.1.dr	false	high
https://indiatodayne.in	sets.json.1.dr	false	high
https://idbs-staging.com	sets.json.1.dr	false	high
https://blackrock.com	sets.json.1.dr	false	high
https://idbs-eworkbook.com	sets.json.1.dr	false	high
https://motherandbaby.com	sets.json.1.dr	false	high
https://mercadolibre.co.cr	sets.json.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	cdn.trytraffics.com	European Union	13335	CLOUDFLARENETUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591490
Start date and time:	2025-01-15 01:30:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/9@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 172.217.16.206, 108.177.15.84, 142.250.186.78, 216.58.212.174, 142.250.186.46, 2.17.190.73, 199.232.210.172, 172.217.18.14, 142.250.184.206, 142.250.184.238, 142.250.185.206, 216.58.206.78, 142.250.186.99, 34.104.35.123, 104.102.63.47, 13.107.246.45, 2.23.242.162, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, e15275.d.akamaiedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, wildcard.weather.microsoft.com.edgekey.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=

Input	Output
URL: https://cdn.trytraffics.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://cdn.trytraffics.com
URL: https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM= Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM= Model: Joe Sandbox AI	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://cdn.trytraffics.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (580)
Category:	downloaded
Size (bytes):	861
Entropy (8bit):	5.265155464912692
Encrypted:	false
SSDEEP:	24:hMNmlBHkspKZHxfHW+chXErd9HxfHW+chXEvptK:Im3/pKX/W+cyx/W+cutK
MD5:	ECB6ACD75071ADF12B2AB8301480ED67
SHA1:	CB5AF240F2D9402B2E1DA564582A47CF635E2B14
SHA-256:	B1C609F77291DDF13645E8BEDF7E50A1054C44D659F014FA727E0F36A5B680C0
SHA-512:	A019EB7BE3FB8D6053A46DC1A9B6FC67DB22301B0E6C78709AE96AD18171D5F090E0C8E3DF6CEAB0E64A6D2F619F0D0D9D321577B0C9B6BE4D46DFAF4B3B943E
Malicious:	false
Reputation:	low
URL:	https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">.<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title></title></head>.<body><center><h2><!doctype html><html><head><meta charset="utf-8"><title>404 Content not found</title></head><body><div><p style="font-family: Arial, 'Lucida Bright', 'DejaVu Serif', Georgia, 'serif'; font-size: 24px; text-align: center;">404 Content not found</p></div></body></html>.<!doctype html><html><head><meta charset="utf-8"><title>404 Content not found</title></head><body><div><p style="font-family: Arial, 'Lucida Bright', 'DejaVu Serif', Georgia, 'serif'; font-size: 24px; text-align: center;">404 Content not found</p></div></body></html>&B=true&LT=5.</h2></center>..</body>.</html>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 01:31:44.025336027 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:44.025444984 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:44.369220018 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:52.996444941 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:52.996504068 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:52.996790886 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:52.997679949 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:52.997703075 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.649146080 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:53.677850008 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:53.797036886 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.797122955 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.804351091 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.804389954 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.804956913 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.807404995 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.807502031 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.807517052 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.807681084 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.851345062 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.979249001 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.979453087 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:53.979541063 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.979831934 CET	49712	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:31:53.979857922 CET	443	49712	40.115.3.253	192.168.2.6
Jan 15, 2025 01:31:54.015335083 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:55.693521976 CET	443	49705	173.222.162.64	192.168.2.6
Jan 15, 2025 01:31:55.693639040 CET	49705	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:31:56.659696102 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:56.659737110 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:56.659967899 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:56.660264969 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:56.660283089 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.308432102 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.308738947 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:57.308768988 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.310399055 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.310467958 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:57.314152956 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:57.314239979 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.367814064 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:57.367836952 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:31:57.414604902 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:31:58.759345055 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.759385109 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:58.759733915 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.759780884 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:58.759834051 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.759886980 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.760421038 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.760433912 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:58.760550976 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:58.760566950 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.242211103 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.242538929 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.242554903 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.243695021 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.243864059 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.245352983 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.245421886 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.245522976 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.245527983 CET	443	49735	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.245692015 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.245724916 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.245724916 CET	49735	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.246053934 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.246083021 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.246164083 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.246448994 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.246463060 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.268085957 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.268309116 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.268320084 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.270006895 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.270092964 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270426035 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270447016 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270509005 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270513058 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.270745993 CET	443	49736	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.270802021 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270817041 CET	49736	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270837069 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.270864010 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.271270990 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.271270990 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.271296024 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.749870062 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.750313044 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.750343084 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.752038002 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.752119064 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.755335093 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.755438089 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.755667925 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.755676985 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.769984961 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.773257971 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.773284912 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.774374008 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.774456024 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.774895906 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.774965048 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.806919098 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.823668957 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:31:59.823688984 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:31:59.870342016 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:00.370563984 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:00.370711088 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:00.370762110 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:00.378179073 CET	49738	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:00.378211975 CET	443	49738	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:00.568859100 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:00.611330986 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:01.073402882 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:01.073508024 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:01.074280024 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:01.075227976 CET	49739	443	192.168.2.6	188.114.96.3
Jan 15, 2025 01:32:01.075251102 CET	443	49739	188.114.96.3	192.168.2.6
Jan 15, 2025 01:32:01.082379103 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.082408905 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.082469940 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.082657099 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.082667112 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.547297001 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.556380987 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.556392908 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.557360888 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.557430029 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.636379957 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.636501074 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.637964964 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.637975931 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.681448936 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.698069096 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:01.698092937 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:01.698257923 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:01.698858023 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:01.698870897 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:01.761033058 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.761104107 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.761373997 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.761401892 CET	443	49754	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.761415958 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.761415958 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.761444092 CET	49754	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.763571978 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.763614893 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:01.763676882 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.763927937 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:01.763943911 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.217396975 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.217689037 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.217715025 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.218802929 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.219254971 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.219372988 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.219379902 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.219454050 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.259591103 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.343677998 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.343847036 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.343929052 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.344163895 CET	49762	443	192.168.2.6	35.190.80.1
Jan 15, 2025 01:32:02.344197989 CET	443	49762	35.190.80.1	192.168.2.6
Jan 15, 2025 01:32:02.510399103 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.510478973 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.512300968 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.512306929 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.513062954 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.515039921 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.515125036 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.515129089 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.515436888 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.559370041 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.687428951 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.687630892 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:02.687961102 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.691729069 CET	49761	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:02.691735029 CET	443	49761	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:07.205950022 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:07.206094027 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:07.206155062 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:07.306763887 CET	49718	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:07.306786060 CET	443	49718	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:16.082102060 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.082132101 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.082287073 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.083111048 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.083122015 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.861449003 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.861531973 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.869594097 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.869606018 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.869863987 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.875987053 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.876208067 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.876213074 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:16.876523972 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:16.923333883 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:17.104053020 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:17.104156017 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:17.104226112 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:17.104440928 CET	49858	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:17.104456902 CET	443	49858	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:30.719634056 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:30.719686031 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:30.719794035 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:30.720376015 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:30.720390081 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.535248041 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.535332918 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.537447929 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.537466049 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.537746906 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.539787054 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.539892912 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.539899111 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.540079117 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.587347984 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.720490932 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.720812082 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.720864058 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.721072912 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:31.721091032 CET	443	49944	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:31.721105099 CET	49944	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:32.172894955 CET	60094	53	192.168.2.6	162.159.36.2
Jan 15, 2025 01:32:32.177738905 CET	53	60094	162.159.36.2	192.168.2.6
Jan 15, 2025 01:32:32.177817106 CET	60094	53	192.168.2.6	162.159.36.2
Jan 15, 2025 01:32:32.182713032 CET	53	60094	162.159.36.2	192.168.2.6
Jan 15, 2025 01:32:32.652825117 CET	60094	53	192.168.2.6	162.159.36.2
Jan 15, 2025 01:32:32.657892942 CET	53	60094	162.159.36.2	192.168.2.6
Jan 15, 2025 01:32:32.657962084 CET	60094	53	192.168.2.6	162.159.36.2
Jan 15, 2025 01:32:35.260073900 CET	80	49704	217.20.57.18	192.168.2.6
Jan 15, 2025 01:32:35.260198116 CET	49704	80	192.168.2.6	217.20.57.18
Jan 15, 2025 01:32:35.260243893 CET	49704	80	192.168.2.6	217.20.57.18
Jan 15, 2025 01:32:35.265048027 CET	80	49704	217.20.57.18	192.168.2.6
Jan 15, 2025 01:32:50.126014948 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.126059055 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.126163960 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.126765966 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.126780033 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.928515911 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.928726912 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.931046009 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.931051970 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.931905031 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.934047937 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.934359074 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.934364080 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:50.934520960 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:50.975344896 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:51.111521006 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:51.111777067 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:51.111848116 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:51.111947060 CET	60141	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:32:51.111960888 CET	443	60141	40.115.3.253	192.168.2.6
Jan 15, 2025 01:32:54.297182083 CET	53592	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:54.302035093 CET	53	53592	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:54.302122116 CET	53592	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:54.306900024 CET	53	53592	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:54.747941017 CET	53592	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:54.753153086 CET	53	53592	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:54.753228903 CET	53592	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:56.712980986 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:56.713009119 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:56.713063955 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:56.713340044 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:56.713351011 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:57.345633030 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:57.345947027 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:57.345968008 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:57.346282005 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:57.346674919 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:32:57.346724987 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:32:57.398963928 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:33:07.272746086 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:33:07.272821903 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:33:07.272923946 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:33:07.307537079 CET	53594	443	192.168.2.6	172.217.18.4
Jan 15, 2025 01:33:07.307554007 CET	443	53594	172.217.18.4	192.168.2.6
Jan 15, 2025 01:33:13.824264050 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:13.824326038 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:13.824795008 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:13.825771093 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:13.825793982 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.607536077 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.608200073 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.613049030 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.613075018 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.613290071 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.615540028 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.615540028 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.615571022 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.615700960 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.663333893 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.795103073 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.795301914 CET	443	53597	40.115.3.253	192.168.2.6
Jan 15, 2025 01:33:14.795809984 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.795809984 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.795809984 CET	53597	443	192.168.2.6	40.115.3.253
Jan 15, 2025 01:33:14.795862913 CET	443	53597	40.115.3.253	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 01:31:52.697164059 CET	53	63446	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:52.943423033 CET	53	57438	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:54.003168106 CET	53	60227	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:56.650486946 CET	63565	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:31:56.650759935 CET	49306	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:31:56.658051014 CET	53	49306	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:56.658087969 CET	53	63565	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:58.744618893 CET	59715	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:31:58.746202946 CET	49748	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:31:58.752854109 CET	53	59715	1.1.1.1	192.168.2.6
Jan 15, 2025 01:31:58.756724119 CET	53	49748	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:01.074557066 CET	51658	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:01.074712992 CET	57280	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:32:01.081367970 CET	53	51658	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:01.082015038 CET	53	57280	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:11.093971014 CET	53	59020	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:30.188220978 CET	53	49883	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:32.172236919 CET	53	52689	162.159.36.2	192.168.2.6
Jan 15, 2025 01:32:32.816910982 CET	53	58045	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:52.345952988 CET	53	50724	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:52.516273975 CET	53	62104	1.1.1.1	192.168.2.6
Jan 15, 2025 01:32:54.296593904 CET	53	59525	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 01:31:56.650486946 CET	192.168.2.6	1.1.1.1	0x90f6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:31:56.650759935 CET	192.168.2.6	1.1.1.1	0x1c17	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 01:31:58.744618893 CET	192.168.2.6	1.1.1.1	0xd00	Standard query (0)	cdn.trytraffics.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:31:58.746202946 CET	192.168.2.6	1.1.1.1	0xe2a0	Standard query (0)	cdn.trytraffics.com	65	IN (0x0001)	false
Jan 15, 2025 01:32:01.074557066 CET	192.168.2.6	1.1.1.1	0xc1a2	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:32:01.074712992 CET	192.168.2.6	1.1.1.1	0x6853	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 01:31:56.658051014 CET	1.1.1.1	192.168.2.6	0x1c17	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 15, 2025 01:31:56.658087969 CET	1.1.1.1	192.168.2.6	0x90f6	No error (0)	www.google.com	172.217.18.4	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:31:58.752854109 CET	1.1.1.1	192.168.2.6	0xd00	No error (0)	cdn.trytraffics.com	188.114.96.3	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:31:58.752854109 CET	1.1.1.1	192.168.2.6	0xd00	No error (0)	cdn.trytraffics.com	188.114.97.3	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:31:58.756724119 CET	1.1.1.1	192.168.2.6	0xe2a0	No error (0)	cdn.trytraffics.com		65	IN (0x0001)	false
Jan 15, 2025 01:32:01.081367970 CET	1.1.1.1	192.168.2.6	0xc1a2	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

cdn.trytraffics.com

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:31:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 52 34 7a 36 79 47 35 38 6b 75 79 55 77 63 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 66 32 34 33 36 62 32 65 63 39 62 37 39 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DR4z6yG58kuyUwcS.1Context: b6f2436b2ec9b796
2025-01-15 00:31:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:31:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 52 34 7a 36 79 47 35 38 6b 75 79 55 77 63 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 66 32 34 33 36 62 32 65 63 39 62 37 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DR4z6yG58kuyUwcS.2Context: b6f2436b2ec9b796<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:31:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 52 34 7a 36 79 47 35 38 6b 75 79 55 77 63 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 66 32 34 33 36 62 32 65 63 39 62 37 39 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: DR4z6yG58kuyUwcS.3Context: b6f2436b2ec9b796<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:31:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:31:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 56 65 4d 6b 2f 6d 73 58 6b 65 41 76 79 48 36 44 37 35 67 63 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qVeMk/msXkeAvyH6D75gcA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49738	188.114.96.3	443	6444	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:31:59 UTC	770	OUT	GET /rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM= HTTP/1.1 Host: cdn.trytraffics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:32:00 UTC	803	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:32:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uONbXo19tvvk1VBl9%2BQFJmt%2BVKofXumj%2FjRiTBC6CqPXYaXdClFjlR7OQOoqk7Zm7eYJvp3b3P6%2FDy%2B0%2FW9h7X3%2F8GZpKn%2FGZMQENJGFvU%2BggDXbusSQAZDv1Lz9CDG6BG8aUV5X"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9021c41f0a61ab7e-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=13877&min_rtt=13869&rtt_var=5218&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1348&delivery_rate=209484&cwnd=32&unsent_bytes=0&cid=ae1b4f1d7ba3f342&ts=641&x=0"
2025-01-15 00:32:00 UTC	566	IN	Data Raw: 33 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: 35d<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title></
2025-01-15 00:32:00 UTC	302	IN	Data Raw: 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 43 6f 6e 74 65 6e 74 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 3e 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 27 4c 75 63 69 64 61 20 42 72 69 67 68 74 27 2c 20 27 44 65 6a 61 56 75 20 53 65 72 69 66 27 2c 20 47 65 6f 72 67 69 61 2c 20 27 73 65 72 69 66 27 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 34 30 34 20 43 6f 6e 74 65 6e 74 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c Data Ascii: tml><html><head><meta charset="utf-8"><title>404 Content not found</title></head><body><div><p style="font-family: Arial, 'Lucida Bright', 'DejaVu Serif', Georgia, 'serif'; font-size: 24px; text-align: center;">404 Content not found</p></div></body></html
2025-01-15 00:32:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49739	188.114.96.3	443	6444	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:00 UTC	702	OUT	GET /favicon.ico HTTP/1.1 Host: cdn.trytraffics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:32:01 UTC	838	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 00:32:01 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=03A%2FLemguv%2F%2BttJQTrF49jU6TG8OL0u5cDUnq9wGVmfegSS2dSf7ZE34LbS1s80EA3X1B5gOBuNP6WeimLAbipe5xDkaB8CL9w3puANj%2F7vk2LScWFtVKrTw4ty281TzZzCy%2FASP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9021c423eb18ab88-YYZ alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=13773&min_rtt=13770&rtt_var=5170&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1280&delivery_rate=211624&cwnd=32&unsent_bytes=0&cid=6f853273acab546c&ts=1309&x=0"
2025-01-15 00:32:01 UTC	322	IN	Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
2025-01-15 00:32:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49754	35.190.80.1	443	6444	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:01 UTC	546	OUT	OPTIONS /report/v4?s=03A%2FLemguv%2F%2BttJQTrF49jU6TG8OL0u5cDUnq9wGVmfegSS2dSf7ZE34LbS1s80EA3X1B5gOBuNP6WeimLAbipe5xDkaB8CL9w3puANj%2F7vk2LScWFtVKrTw4ty281TzZzCy%2FASP HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://cdn.trytraffics.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:32:01 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Wed, 15 Jan 2025 00:32:01 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49762	35.190.80.1	443	6444	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:02 UTC	484	OUT	POST /report/v4?s=03A%2FLemguv%2F%2BttJQTrF49jU6TG8OL0u5cDUnq9wGVmfegSS2dSf7ZE34LbS1s80EA3X1B5gOBuNP6WeimLAbipe5xDkaB8CL9w3puANj%2F7vk2LScWFtVKrTw4ty281TzZzCy%2FASP HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 535 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:32:02 UTC	535	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 30 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 74 72 79 74 72 61 66 66 69 63 73 2e 63 6f 6d 2f 72 64 72 2f 59 57 45 39 4d 7a 55 79 4f 44 41 77 4f 44 6b 78 4a 6e 4e 6c 61 54 30 7a 4d 44 51 33 4e 44 55 33 4e 43 5a 30 61 7a 31 4a 52 30 64 6f 54 58 4a 47 4e 58 4e 70 56 6e 4a 42 59 7a 5a 6b 57 6c 42 55 57 53 5a 30 50 54 55 6d 59 7a 30 35 4d 47 46 7a 4f 44 63 32 5a 6d 51 34 4f 57 46 7a 4e 57 5a 6e 4f 47 45 77 4f 58 4d 3d 22 2c 22 73 61 6d 70 6c 69 6e 67 Data Ascii: [{"age":0,"body":{"elapsed_time":505,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=","sampling
2025-01-15 00:32:02 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 15 Jan 2025 00:32:01 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49761	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:02 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 62 4a 72 62 50 62 50 34 55 4b 4a 31 64 6e 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 34 36 34 38 33 64 63 66 64 31 36 62 61 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ebJrbPbP4UKJ1dnV.1Context: b346483dcfd16ba8
2025-01-15 00:32:02 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:32:02 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 62 4a 72 62 50 62 50 34 55 4b 4a 31 64 6e 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 34 36 34 38 33 64 63 66 64 31 36 62 61 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ebJrbPbP4UKJ1dnV.2Context: b346483dcfd16ba8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:32:02 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 62 4a 72 62 50 62 50 34 55 4b 4a 31 64 6e 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 34 36 34 38 33 64 63 66 64 31 36 62 61 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ebJrbPbP4UKJ1dnV.3Context: b346483dcfd16ba8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:32:02 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:32:02 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 4f 48 47 55 4e 6d 2f 73 55 2b 59 48 4b 77 53 4c 63 4c 6e 41 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: MOHGUNm/sU+YHKwSLcLnAw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49858	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 52 72 62 69 68 76 79 57 6b 57 2b 42 32 4c 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 37 33 33 31 31 33 64 63 39 37 66 33 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: tRrbihvyWkW+B2LN.1Context: 6e3733113dc97f34
2025-01-15 00:32:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:32:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 52 72 62 69 68 76 79 57 6b 57 2b 42 32 4c 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 37 33 33 31 31 33 64 63 39 37 66 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tRrbihvyWkW+B2LN.2Context: 6e3733113dc97f34<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:32:16 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 52 72 62 69 68 76 79 57 6b 57 2b 42 32 4c 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 65 33 37 33 33 31 31 33 64 63 39 37 66 33 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: tRrbihvyWkW+B2LN.3Context: 6e3733113dc97f34<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:32:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:32:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 75 31 59 51 49 56 69 34 55 79 65 68 4e 53 45 48 4a 35 67 35 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Qu1YQIVi4UyehNSEHJ5g5A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49944	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 38 55 56 48 4d 68 4a 45 55 57 48 46 32 63 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 31 61 35 35 64 62 31 37 63 61 65 61 64 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: F8UVHMhJEUWHF2c2.1Context: f91a55db17caead0
2025-01-15 00:32:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:32:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 38 55 56 48 4d 68 4a 45 55 57 48 46 32 63 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 31 61 35 35 64 62 31 37 63 61 65 61 64 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: F8UVHMhJEUWHF2c2.2Context: f91a55db17caead0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:32:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 46 38 55 56 48 4d 68 4a 45 55 57 48 46 32 63 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 31 61 35 35 64 62 31 37 63 61 65 61 64 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: F8UVHMhJEUWHF2c2.3Context: f91a55db17caead0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:32:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:32:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 6a 75 63 7a 63 76 49 73 45 71 4b 42 4a 2b 44 56 47 42 47 51 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ijuczcvIsEqKBJ+DVGBGQw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	60141	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:32:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 73 69 75 4a 46 56 63 79 30 2b 2b 64 51 31 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 64 64 33 66 65 64 34 37 62 38 66 35 35 64 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: OsiuJFVcy0++dQ1C.1Context: 5dd3fed47b8f55d8
2025-01-15 00:32:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:32:50 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 73 69 75 4a 46 56 63 79 30 2b 2b 64 51 31 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 64 64 33 66 65 64 34 37 62 38 66 35 35 64 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OsiuJFVcy0++dQ1C.2Context: 5dd3fed47b8f55d8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:32:50 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 73 69 75 4a 46 56 63 79 30 2b 2b 64 51 31 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 64 64 33 66 65 64 34 37 62 38 66 35 35 64 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: OsiuJFVcy0++dQ1C.3Context: 5dd3fed47b8f55d8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:32:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:32:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 6b 59 65 61 73 4e 6f 74 55 53 59 51 69 58 31 30 79 71 36 37 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wkYeasNotUSYQiX10yq67w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	53597	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:33:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 79 38 6f 55 63 32 77 67 30 4b 62 30 5a 4a 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 65 32 63 35 61 66 35 39 31 33 39 39 33 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: by8oUc2wg0Kb0ZJo.1Context: 31e2c5af59139930
2025-01-15 00:33:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:33:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 79 38 6f 55 63 32 77 67 30 4b 62 30 5a 4a 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 65 32 63 35 61 66 35 39 31 33 39 39 33 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 64 64 6e 4f 79 69 65 63 6d 44 67 72 58 69 69 64 6e 38 55 78 57 35 31 31 66 53 64 62 49 33 4f 55 47 65 5a 46 67 47 68 75 70 4a 35 77 64 55 78 48 52 49 4d 4d 43 45 75 5a 55 37 2b 54 6c 6d 42 6d 61 78 4c 68 63 37 47 62 30 77 34 74 63 48 6c 56 74 36 4a 5a 7a 73 48 4e 74 70 45 71 4e 39 38 78 32 56 4f 75 55 4f 45 2b 78 6a 4f 61 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: by8oUc2wg0Kb0ZJo.2Context: 31e2c5af59139930<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAddnOyiecmDgrXiidn8UxW511fSdbI3OUGeZFgGhupJ5wdUxHRIMMCEuZU7+TlmBmaxLhc7Gb0w4tcHlVt6JZzsHNtpEqN98x2VOuUOE+xjOa+
2025-01-15 00:33:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 79 38 6f 55 63 32 77 67 30 4b 62 30 5a 4a 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 31 65 32 63 35 61 66 35 39 31 33 39 39 33 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: by8oUc2wg0Kb0ZJo.3Context: 31e2c5af59139930<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:33:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:33:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 51 71 68 4e 51 36 42 35 45 65 58 65 72 52 46 55 65 5a 62 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YQqhNQ6B5EeXerRFUeZbug.0Payload parsing failed.

Target ID:	1
Start time:	19:31:46
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:31:50
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1980,i,1394993840919030335,6465144961603929669,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:31:57
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM="
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: global traffic	TCP traffic: 192.168.2.6:53592 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:60094 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2

Source: global traffic	HTTP traffic detected: GET /rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM= HTTP/1.1Host: cdn.trytraffics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.trytraffics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.trytraffics.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2888_199646773\sets.json

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2888, Parent PID: 5944

General

Chronological Activities

Analysis Process: chrome.exePID: 6444, Parent PID: 2888

General

Chronological Activities

Analysis Process: chrome.exePID: 7116, Parent PID: 5944

Windows Analysis Report
https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=