Edit tour

Windows Analysis Report
http://press-continue.0hb8kkr81em8.top

Overview

General Information

Sample URL:	http://press-continue.0hb8kkr81em8.top
Analysis ID:	1500519
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,5436871817788936352,10395770742615682604,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://press-continue.0hb8kkr81em8.top" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.21.6Date: Wed, 28 Aug 2024 13:53:12 GMTContent-Type: text/htmlContent-Length: 555Connection: keep-aliveKeep-Alive: timeout=10Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.21.6</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.21.6Date: Wed, 28 Aug 2024 13:53:12 GMTContent-Type: text/htmlContent-Length: 555Connection: keep-aliveKeep-Alive: timeout=10Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.21.6</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49157
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 52.185.211.133:443 -> 192.168.2.7:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.7:49731 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/4@7/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,5436871817788936352,10395770742615682604,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://press-continue.0hb8kkr81em8.top"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,5436871817788936352,10395770742615682604,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://press-continue.0hb8kkr81em8.top	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://press-continue.0hb8kkr81em8.top/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
press-continue.0hb8kkr81em8.top	194.63.143.96	true	false	unknown
www.google.com	142.250.184.196	true	false	unknown
198.187.3.20.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://press-continue.0hb8kkr81em8.top/	false		unknown
http://press-continue.0hb8kkr81em8.top/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
194.63.143.96	press-continue.0hb8kkr81em8.top	Russian Federation	50113	SUPERSERVERSDATACENTERRU	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500519
Start date and time:	2024-08-28 15:52:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://press-continue.0hb8kkr81em8.top
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/4@7/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 142.250.186.78, 74.125.71.84, 34.104.35.123, 199.232.214.172, 13.85.23.86, 13.95.31.18, 13.85.23.206, 20.3.187.198, 20.12.23.50, 20.114.59.183, 142.250.185.227, 84.201.210.34
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://press-continue.0hb8kkr81em8.top

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.7402101876487
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5rutNGlTF5TF5TF5TF5TF5TFK:neRH68QTPTPTPTPTPTc
MD5:	9B9278A3FC0E0DCB812E81D6072A9F99
SHA1:	CFD0D3C0910B1B3BF7ACB195463F820DAA971EF3
SHA-256:	99BEB83BFC755030C90CF2FD651288B365138374DC02AAB8CB538E307A18F67F
SHA-512:	741C85BB45C3AD4A7D2A6E32E837EFEAE7C8FE0BD0F64F460EE3C4C53D1B9380765BDF308310B8FDA8A18D43A6F1AD7FD6231F6F1056CFFE3353F04089578671
Malicious:	false
Reputation:	low
URL:	http://press-continue.0hb8kkr81em8.top/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.21.6</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.712829248003797
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI5rutNGlTF5TF5TF5TF5TF5TFK:cEQtnQTPTPTPTPTPTc
MD5:	8C976DB3FB949415BBF739E5D9D49767
SHA1:	49BD832A90687B706D2EA2FB9BC2913914D7CCCE
SHA-256:	45A20E206CE288D80C4E70F68A1BF83674895E2C7DD180DC428B268B6C0540D2
SHA-512:	B27A72CF7B08739F9EFCF7240ECA1171F231874E809F3CFC5EA39761D2E841DE8C1860D2288ECD11C6BE55285C90BA17E44941B706495CEF490ACC09F991D9AD
Malicious:	false
Reputation:	low
URL:	http://press-continue.0hb8kkr81em8.top/
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx/1.21.6</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 15:53:01.202538013 CEST	49671	443	192.168.2.7	204.79.197.203
Aug 28, 2024 15:53:02.405682087 CEST	49671	443	192.168.2.7	204.79.197.203
Aug 28, 2024 15:53:02.765197039 CEST	49674	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:02.765470028 CEST	49675	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:02.952600002 CEST	49672	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:04.811956882 CEST	49671	443	192.168.2.7	204.79.197.203
Aug 28, 2024 15:53:08.960236073 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:09.531204939 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:09.765546083 CEST	49671	443	192.168.2.7	204.79.197.203
Aug 28, 2024 15:53:10.326963902 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:11.429323912 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:11.429361105 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:11.429610014 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:11.431464911 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:11.431477070 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:11.829735041 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:11.838989019 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:11.839659929 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:11.843780994 CEST	80	49708	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:11.843844891 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:11.844459057 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:11.844955921 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:11.847172022 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:11.851980925 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:12.112117052 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:12.112339020 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:12.231239080 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:12.231268883 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:12.231621981 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:12.399370909 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:12.399413109 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:12.399563074 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:12.399810076 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:12.399825096 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:12.421927929 CEST	49674	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:12.421947956 CEST	49675	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:12.422419071 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:12.521106958 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:12.573137045 CEST	49672	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:12.665436029 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:12.670249939 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:12.840946913 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:12.841042042 CEST	443	49706	52.185.211.133	192.168.2.7
Aug 28, 2024 15:53:12.841110945 CEST	49706	443	192.168.2.7	52.185.211.133
Aug 28, 2024 15:53:12.875345945 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:13.030175924 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:13.033557892 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:13.034435034 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:13.034451962 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:13.035490036 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:13.035552025 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:13.045912981 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:13.045985937 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:13.218230963 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:13.218250036 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:13.327626944 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:13.555502892 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:13.555541039 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:13.555650949 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:13.557077885 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:13.557090998 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:14.153187990 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:14.153215885 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:14.153301001 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:14.154910088 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:14.154923916 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:14.377094984 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:14.377161980 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:14.805934906 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:14.805973053 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:14.806327105 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:14.808322906 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:14.808397055 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:14.808434963 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:14.827240944 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:14.833780050 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:14.833848000 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:14.837034941 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:14.837042093 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:14.837282896 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:14.967886925 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.000036001 CEST	443	49699	104.98.116.138	192.168.2.7
Aug 28, 2024 15:53:15.000118017 CEST	49699	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:15.059077978 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.089502096 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.089782953 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.089927912 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.097254038 CEST	49713	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.097270012 CEST	443	49713	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.104495049 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.144593000 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.144624949 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.144691944 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.145885944 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.145900011 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.205764055 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.205805063 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.205967903 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.206336021 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.206351042 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.249500990 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.249716997 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.249830008 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.249846935 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.249865055 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.249865055 CEST	49714	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.249871969 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.249878883 CEST	443	49714	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.284240007 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.284270048 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.284358025 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.284832954 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.284845114 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.942946911 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.943030119 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.945677996 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.945684910 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.945904970 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.949311972 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:15.961642027 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.963092089 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:15.963113070 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:15.992505074 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:15.993612051 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.025830984 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.025861979 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.027065039 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.027074099 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.027120113 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.027132034 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.028501034 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.028512001 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.028697968 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.028706074 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.227561951 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:16.227631092 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:16.227813959 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:16.229259014 CEST	49717	443	192.168.2.7	184.28.90.27
Aug 28, 2024 15:53:16.229269028 CEST	443	49717	184.28.90.27	192.168.2.7
Aug 28, 2024 15:53:16.437262058 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.437350035 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:16.437398911 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.442444086 CEST	49715	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:16.442465067 CEST	443	49715	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674432039 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674454927 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674494028 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674509048 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674520016 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.674534082 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674560070 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.674582958 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.674587011 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.674632072 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.675232887 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.675251007 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.675260067 CEST	49716	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.675266027 CEST	443	49716	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.879327059 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.879364967 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:17.879445076 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.879628897 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:17.879641056 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:18.689621925 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:18.690567017 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:18.690567017 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:18.690587044 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:18.690603971 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:18.690639973 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:18.690648079 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341118097 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341159105 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341208935 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341253042 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.341278076 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341312885 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.341553926 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341587067 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.341610909 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341625929 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.341625929 CEST	49719	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.341634035 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.341639996 CEST	443	49719	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.375061989 CEST	49671	443	192.168.2.7	204.79.197.203
Aug 28, 2024 15:53:19.389873028 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.389920950 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:19.390047073 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.390192986 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:19.390207052 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.328054905 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.328560114 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.328583002 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.329271078 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.329277039 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.329360962 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.329377890 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.691880941 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.691907883 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.691950083 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.691992998 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.692019939 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.692049026 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.692353964 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.692497015 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.692497015 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.692519903 CEST	49720	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.692534924 CEST	443	49720	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.730233908 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.730285883 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.730386019 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.730551958 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.730566025 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.750830889 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.750848055 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.751094103 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.751120090 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:20.751137972 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:20.781332016 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:21.530056000 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.531730890 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.531748056 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.533548117 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.533548117 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.533555031 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.533570051 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.557518005 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.557600975 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.615969896 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.615993977 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.616282940 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.618328094 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.618375063 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.618406057 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998367071 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998383045 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998436928 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.998451948 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998461962 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998502016 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.998770952 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.998791933 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:21.998806953 CEST	49722	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:21.998814106 CEST	443	49722	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034003019 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034023046 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034051895 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034075022 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.034082890 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034122944 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.034126997 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.034161091 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.037214041 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.037225008 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.037235975 CEST	49721	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.037240028 CEST	443	49721	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.041498899 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.041538954 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.041609049 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.041829109 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:22.041848898 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:22.075529099 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:22.075556993 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:22.075617075 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:22.075947046 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:22.075963020 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:22.876200914 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:22.876394033 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:22.932868958 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:22.932955980 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:22.933048010 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:23.041053057 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:23.042532921 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:23.042532921 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:23.042547941 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:23.042562962 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:23.042586088 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:23.042592049 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:23.107106924 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.107197046 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.115051985 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.115060091 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.115442991 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.163045883 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.163114071 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.163285017 CEST	443	49724	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.163302898 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.163357973 CEST	49724	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.219562054 CEST	49725	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.219592094 CEST	443	49725	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.219752073 CEST	49725	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.219892979 CEST	49725	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.219908953 CEST	443	49725	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.398030043 CEST	49725	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.408626080 CEST	49699	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:23.408628941 CEST	49727	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:23.408662081 CEST	443	49727	104.98.116.138	192.168.2.7
Aug 28, 2024 15:53:23.411154985 CEST	49727	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:23.414120913 CEST	49727	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:53:23.414134979 CEST	443	49727	104.98.116.138	192.168.2.7
Aug 28, 2024 15:53:23.420176029 CEST	443	49699	104.98.116.138	192.168.2.7
Aug 28, 2024 15:53:23.462599039 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.462620974 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.462677002 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.462907076 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:23.462919950 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:23.624649048 CEST	49709	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:23.624821901 CEST	49711	443	192.168.2.7	142.250.184.196
Aug 28, 2024 15:53:23.624855042 CEST	443	49711	142.250.184.196	192.168.2.7
Aug 28, 2024 15:53:23.630403042 CEST	80	49709	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:24.043463945 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.043483973 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.043514967 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.043540955 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.043569088 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.043582916 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.043585062 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.043631077 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.044785023 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.044807911 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.044820070 CEST	49723	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.044826984 CEST	443	49723	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.247592926 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.247678041 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.293498993 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.293519020 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.293726921 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.295671940 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.295712948 CEST	443	49728	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.295772076 CEST	49728	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.530635118 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.530663013 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.530865908 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.532346964 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:24.532357931 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:24.639079094 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.639095068 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:24.639177084 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.639343023 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:24.639353037 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:25.320410013 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:25.320584059 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:25.419059992 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:25.419087887 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:25.419413090 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:25.420348883 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:25.420393944 CEST	443	49729	20.73.194.208	192.168.2.7
Aug 28, 2024 15:53:25.420453072 CEST	49729	443	192.168.2.7	20.73.194.208
Aug 28, 2024 15:53:25.432002068 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:25.433718920 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:25.433727026 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:25.434323072 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:25.434325933 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:25.434343100 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:25.434355021 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.102227926 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.102262974 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.102354050 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.102721930 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.102736950 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.166835070 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.166860104 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.166882992 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.166913033 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:26.166927099 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.166951895 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:26.167072058 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.167114019 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:26.167684078 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:26.167699099 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.167709112 CEST	49730	443	192.168.2.7	40.126.32.74
Aug 28, 2024 15:53:26.167712927 CEST	443	49730	40.126.32.74	192.168.2.7
Aug 28, 2024 15:53:26.872303963 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.872380018 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.873533964 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.873549938 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.873790026 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.875062943 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.875102043 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.875216961 CEST	443	49731	51.104.136.2	192.168.2.7
Aug 28, 2024 15:53:26.875287056 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:26.875287056 CEST	49731	443	192.168.2.7	51.104.136.2
Aug 28, 2024 15:53:32.687367916 CEST	49677	443	192.168.2.7	20.50.201.200
Aug 28, 2024 15:53:37.976000071 CEST	65534	53	192.168.2.7	162.159.36.2
Aug 28, 2024 15:53:37.980906963 CEST	53	65534	162.159.36.2	192.168.2.7
Aug 28, 2024 15:53:37.981041908 CEST	65534	53	192.168.2.7	162.159.36.2
Aug 28, 2024 15:53:37.981085062 CEST	65534	53	192.168.2.7	162.159.36.2
Aug 28, 2024 15:53:37.985846043 CEST	53	65534	162.159.36.2	192.168.2.7
Aug 28, 2024 15:53:38.444232941 CEST	53	65534	162.159.36.2	192.168.2.7
Aug 28, 2024 15:53:38.444957018 CEST	65534	53	192.168.2.7	162.159.36.2
Aug 28, 2024 15:53:38.450315952 CEST	53	65534	162.159.36.2	192.168.2.7
Aug 28, 2024 15:53:38.450385094 CEST	65534	53	192.168.2.7	162.159.36.2
Aug 28, 2024 15:53:42.452275038 CEST	80	49708	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:42.452342033 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:43.423866987 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:43.734632969 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:53:43.812551975 CEST	80	49708	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:43.812562943 CEST	80	49708	194.63.143.96	192.168.2.7
Aug 28, 2024 15:53:43.812716007 CEST	49708	80	192.168.2.7	194.63.143.96
Aug 28, 2024 15:54:06.201847076 CEST	443	49727	104.98.116.138	192.168.2.7
Aug 28, 2024 15:54:06.201921940 CEST	49727	443	192.168.2.7	104.98.116.138
Aug 28, 2024 15:54:12.453747034 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:12.453778982 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:12.453923941 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:12.455092907 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:12.455111027 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:13.086747885 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:13.087140083 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:13.087165117 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:13.087492943 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:13.088668108 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:13.088737011 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:13.140333891 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:22.993463039 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:22.993560076 CEST	443	49157	142.250.185.164	192.168.2.7
Aug 28, 2024 15:54:22.993840933 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:23.424654007 CEST	49157	443	192.168.2.7	142.250.185.164
Aug 28, 2024 15:54:23.424685001 CEST	443	49157	142.250.185.164	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 15:53:08.969185114 CEST	53	60908	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:09.012826920 CEST	53	49173	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:10.049488068 CEST	53	55626	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:10.804192066 CEST	64061	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:10.804502010 CEST	51462	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:10.974020004 CEST	53	51462	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:11.830596924 CEST	52481	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:11.838278055 CEST	53	52481	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:11.843384027 CEST	53	64061	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:12.391225100 CEST	56912	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:12.391441107 CEST	65013	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:12.398160934 CEST	53	56912	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:12.398205996 CEST	53	65013	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:13.571084976 CEST	123	123	192.168.2.7	40.119.6.228
Aug 28, 2024 15:53:13.708523035 CEST	123	123	40.119.6.228	192.168.2.7
Aug 28, 2024 15:53:27.109359026 CEST	53	58229	1.1.1.1	192.168.2.7
Aug 28, 2024 15:53:37.975583076 CEST	53	57563	162.159.36.2	192.168.2.7
Aug 28, 2024 15:53:38.466960907 CEST	59782	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:53:38.486057997 CEST	53	59782	1.1.1.1	192.168.2.7
Aug 28, 2024 15:54:09.318423986 CEST	138	138	192.168.2.7	192.168.2.255
Aug 28, 2024 15:54:12.444508076 CEST	61797	53	192.168.2.7	1.1.1.1
Aug 28, 2024 15:54:12.451778889 CEST	53	61797	1.1.1.1	192.168.2.7

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 28, 2024 15:53:11.843687057 CEST	192.168.2.7	1.1.1.1	c248	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 28, 2024 15:53:10.804192066 CEST	192.168.2.7	1.1.1.1	0x175e	Standard query (0)	press-continue.0hb8kkr81em8.top	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:10.804502010 CEST	192.168.2.7	1.1.1.1	0x96e7	Standard query (0)	press-continue.0hb8kkr81em8.top	65	IN (0x0001)	false
Aug 28, 2024 15:53:11.830596924 CEST	192.168.2.7	1.1.1.1	0x99a	Standard query (0)	press-continue.0hb8kkr81em8.top	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:12.391225100 CEST	192.168.2.7	1.1.1.1	0x74a2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:12.391441107 CEST	192.168.2.7	1.1.1.1	0x8ea9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 15:53:38.466960907 CEST	192.168.2.7	1.1.1.1	0xd561	Standard query (0)	198.187.3.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Aug 28, 2024 15:54:12.444508076 CEST	192.168.2.7	1.1.1.1	0xbf33	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 28, 2024 15:53:11.838278055 CEST	1.1.1.1	192.168.2.7	0x99a	No error (0)	press-continue.0hb8kkr81em8.top		194.63.143.96	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.838278055 CEST	1.1.1.1	192.168.2.7	0x99a	No error (0)	press-continue.0hb8kkr81em8.top		194.63.143.61	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.838278055 CEST	1.1.1.1	192.168.2.7	0x99a	No error (0)	press-continue.0hb8kkr81em8.top		185.246.188.124	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.838278055 CEST	1.1.1.1	192.168.2.7	0x99a	No error (0)	press-continue.0hb8kkr81em8.top		185.246.188.125	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.838278055 CEST	1.1.1.1	192.168.2.7	0x99a	No error (0)	press-continue.0hb8kkr81em8.top		194.63.140.103	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.843384027 CEST	1.1.1.1	192.168.2.7	0x175e	No error (0)	press-continue.0hb8kkr81em8.top		194.63.143.96	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.843384027 CEST	1.1.1.1	192.168.2.7	0x175e	No error (0)	press-continue.0hb8kkr81em8.top		185.246.188.125	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.843384027 CEST	1.1.1.1	192.168.2.7	0x175e	No error (0)	press-continue.0hb8kkr81em8.top		194.63.143.61	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.843384027 CEST	1.1.1.1	192.168.2.7	0x175e	No error (0)	press-continue.0hb8kkr81em8.top		185.246.188.124	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:11.843384027 CEST	1.1.1.1	192.168.2.7	0x175e	No error (0)	press-continue.0hb8kkr81em8.top		194.63.140.103	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:12.398160934 CEST	1.1.1.1	192.168.2.7	0x74a2	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Aug 28, 2024 15:53:12.398205996 CEST	1.1.1.1	192.168.2.7	0x8ea9	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 15:53:38.486057997 CEST	1.1.1.1	192.168.2.7	0xd561	Name error (3)	198.187.3.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Aug 28, 2024 15:54:12.451778889 CEST	1.1.1.1	192.168.2.7	0xbf33	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

press-continue.0hb8kkr81em8.top

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49709	194.63.143.96	80	5424	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Aug 28, 2024 15:53:11.847172022 CEST	446	OUT	GET / HTTP/1.1 Host: press-continue.0hb8kkr81em8.top Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 28, 2024 15:53:12.521106958 CEST	734	IN	HTTP/1.1 403 Forbidden Server: nginx/1.21.6 Date: Wed, 28 Aug 2024 13:53:12 GMT Content-Type: text/html Content-Length: 555 Connection: keep-alive Keep-Alive: timeout=10 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED] Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx/1.21.6</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Aug 28, 2024 15:53:12.665436029 CEST	406	OUT	GET /favicon.ico HTTP/1.1 Host: press-continue.0hb8kkr81em8.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://press-continue.0hb8kkr81em8.top/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 28, 2024 15:53:12.875345945 CEST	734	IN	HTTP/1.1 404 Not Found Server: nginx/1.21.6 Date: Wed, 28 Aug 2024 13:53:12 GMT Content-Type: text/html Content-Length: 555 Connection: keep-alive Keep-Alive: timeout=10 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.21.6</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49713	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:14 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-08-28 13:53:14 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:15 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:14 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_BL2 x-ms-request-id: 01e95bb7-3b4d-4260-b728-f8fd55d59a93 PPServer: PPV: 30 H: BL02EPF00027B51 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:14 GMT Connection: close Content-Length: 1276
2024-08-28 13:53:15 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49714	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:15 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 13:53:15 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=243762 Date: Wed, 28 Aug 2024 13:53:15 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49717	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:15 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 13:53:16 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=243770 Date: Wed, 28 Aug 2024 13:53:16 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-28 13:53:16 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49716	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:16 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-08-28 13:53:16 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 67 62 76 78 69 68 75 6c 6b 6d 68 70 66 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 32 70 79 42 62 2c 71 50 76 74 44 62 62 4b 33 25 45 73 70 71 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02qgbvxihulkmhpf</Membername><Password>2pyBb,qPvtDbbK3%Espq</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
2024-08-28 13:53:17 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Wed, 28 Aug 2024 13:52:16 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C526_BL2 x-ms-request-id: 699aab63-05e2-4ab5-8801-73e5c23a754f PPServer: PPV: 30 H: BL02EPF0001D8E5 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:16 GMT Connection: close Content-Length: 17166
2024-08-28 13:53:17 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 30 36 34 38 42 33 45 41 36 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 64 34 62 39 37 61 61 62 2d 66 35 32 66 2d 34 36 39 62 2d 39 34 66 31 2d 36 39 39 61 39 33 33 30 66 33 64 64 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>00180010648B3EA6</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="d4b97aab-f52f-469b-94f1-699a9330f3dd" LicenseID="3252b20c-d425-4711
2024-08-28 13:53:17 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49715	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:16 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3528 Host: login.live.com
2024-08-28 13:53:16 UTC	3528	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:16 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:16 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: b6ce02cc-f76a-4f89-b02d-c753301071eb PPServer: PPV: 30 H: SN1PEPF00040154 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:15 GMT Connection: close Content-Length: 1276
2024-08-28 13:53:16 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49719	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:18 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-08-28 13:53:18 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:19 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:18 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30324.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C536_BL2 x-ms-request-id: 71c5f2f2-b088-4aab-bf73-940c3a80d3f3 PPServer: PPV: 30 H: BL02EPF00027925 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:18 GMT Connection: close Content-Length: 11389
2024-08-28 13:53:19 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49720	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:20 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-08-28 13:53:20 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:20 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:20 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C536_BL2 x-ms-request-id: 2835a69d-d6f6-43cc-a3b1-5d99658056a9 PPServer: PPV: 30 H: BL02EPF0001D82C V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:20 GMT Connection: close Content-Length: 11389
2024-08-28 13:53:20 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49721	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:21 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4710 Host: login.live.com
2024-08-28 13:53:21 UTC	4710	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:22 UTC	656	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:21 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=5&213=292991&215=0&315=1&215=0&315=1&214=30&288=16.0.30324.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C536_BL2 x-ms-request-id: 48470d7c-ad8c-4fdc-bb43-d0e97c87811f PPServer: PPV: 30 H: BL02EPF0001D8E2 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:21 GMT Connection: close Content-Length: 10173
2024-08-28 13:53:22 UTC	10173	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49722	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:21 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-08-28 13:53:21 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:21 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:21 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: 93e0aa56-5c35-4561-995c-beddcff016a2 PPServer: PPV: 30 H: SN1PEPF00040154 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:21 GMT Connection: close Content-Length: 1918
2024-08-28 13:53:21 UTC	1918	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49723	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:23 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-08-28 13:53:23 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:24 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:23 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30324.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C536_BL2 x-ms-request-id: 2ddcaaad-10e5-453e-8298-ccf81f1722e9 PPServer: PPV: 30 H: BL02EPF00027923 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:23 GMT Connection: close Content-Length: 11369
2024-08-28 13:53:24 UTC	11369	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49730	40.126.32.74	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 13:53:25 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-08-28 13:53:25 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-08-28 13:53:26 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 28 Aug 2024 13:52:25 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C536_SN1 x-ms-request-id: 9e5282dc-db69-4986-890a-0137b659b359 PPServer: PPV: 30 H: SN1PEPF0002F0B7 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 28 Aug 2024 13:53:25 GMT Connection: close Content-Length: 11369
2024-08-28 13:53:26 UTC	11369	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7152, Parent PID: 2268

General

Target ID:	0
Start time:	09:53:04
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5424, Parent PID: 7152

General

Target ID:	2
Start time:	09:53:06
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,5436871817788936352,10395770742615682604,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6932, Parent PID: 2268

General

Target ID:	11
Start time:	09:53:10
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://press-continue.0hb8kkr81em8.top"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 52.185.211.133
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: press-continue.0hb8kkr81em8.topConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: press-continue.0hb8kkr81em8.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://press-continue.0hb8kkr81em8.top/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: press-continue.0hb8kkr81em8.top
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://press-continue.0hb8kkr81em8.top

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 7152, Parent PID: 2268

General

Chronological Activities

Analysis Process: chrome.exePID: 5424, Parent PID: 7152

General

Chronological Activities

Analysis Process: chrome.exePID: 6932, Parent PID: 2268

General

Chronological Activities

Disassembly

Windows Analysis Report
http://press-continue.0hb8kkr81em8.top