Edit tour

Windows Analysis Report
http://taps.kraftonevent.com/

Overview

General Information

Sample URL:	http://taps.kraftonevent.com/
Analysis ID:	1501491
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2864 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2184,i,6629427741805133568,13743223665775724751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://taps.kraftonevent.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_110	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=UkyEO2tn5kJ3WLNpIozFrbjB3DqVzfLDVovn0VxeeNEOvAKSAn6qcBaQjKOHEENp8WMoTaTMRdy2%2FaOG0FGGE5beLR00lbHVUoALwW7asXRHG6BFS1Br%2FDzN2DGrwbU6S%2FRSRyIOeyM%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 432Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 22:40:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: Accept-Encodingx-turbo-charged-by: LiteSpeedCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UkyEO2tn5kJ3WLNpIozFrbjB3DqVzfLDVovn0VxeeNEOvAKSAn6qcBaQjKOHEENp8WMoTaTMRdy2%2FaOG0FGGE5beLR00lbHVUoALwW7asXRHG6BFS1Br%2FDzN2DGrwbU6S%2FRSRyIOeyM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bb00afaa85b437a-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_111.2.dr	String found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_110.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_110.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53449
Source: unknown	Network traffic detected: HTTP traffic on port 54507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53450
Source: unknown	Network traffic detected: HTTP traffic on port 53450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54507
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54503
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54501
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54501 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54502 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54503 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54504 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:54507 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:53450 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_2864_2101551888

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@23/14@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2184,i,6629427741805133568,13743223665775724751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://taps.kraftonevent.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2184,i,6629427741805133568,13743223665775724751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://taps.kraftonevent.com/	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://mercadoshops.com.co	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://mercadolivre.com	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://supereva.it	0%	URL Reputation	safe
https://elfinancierocr.com	0%	URL Reputation	safe
https://bolasport.com	0%	URL Reputation	safe
https://desimartini.com	0%	URL Reputation	safe
https://hearty.app	0%	URL Reputation	safe
https://hearty.gift	0%	URL Reputation	safe
https://mercadoshops.com	0%	URL Reputation	safe
https://heartymail.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://finn.no	0%	URL Reputation	safe
https://hc1.com	0%	URL Reputation	safe
https://kompas.tv	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://smaker.pl	0%	URL Reputation	safe
https://mercadopago.com.mx	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://mercadopago.com.pe	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://text.com	0%	URL Reputation	safe
https://mightytext.net	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://joyreactor.com	0%	URL Reputation	safe
https://cookreactor.com	0%	URL Reputation	safe
https://eworkbookcloud.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://nacion.com	0%	URL Reputation	safe
https://chennien.com	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://deccoria.pl	0%	URL Reputation	safe
https://mercadopago.cl	0%	URL Reputation	safe
https://bonvivir.com	0%	URL Reputation	safe
https://carcostadvisor.be	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://blackrockadvisorelite.it	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://mercadoshops.com.ar	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://elpais.uy	0%	URL Reputation	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://landyrev.com	0%	URL Reputation	safe
https://the42.ie	0%	URL Reputation	safe
https://commentcamarche.com	0%	URL Reputation	safe
https://tucarro.com.ve	0%	URL Reputation	safe
https://joyreactor.cc	0%	Avira URL Cloud	safe
https://eleconomista.net	0%	URL Reputation	safe
https://helpdesk.com	0%	URL Reputation	safe
https://unotv.com	0%	Avira URL Cloud	safe
https://mercadolivre.com.br	0%	URL Reputation	safe
https://zdrowietvn.pl	0%	Avira URL Cloud	safe
https://poalim.xyz	0%	Avira URL Cloud	safe
https://baomoi.com	0%	Avira URL Cloud	safe
https://medonet.pl	0%	Avira URL Cloud	safe
https://reshim.org	0%	Avira URL Cloud	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://rws1nvtvt.com	0%	Avira URL Cloud	safe
https://mercadopago.com.br	0%	URL Reputation	safe
https://taps.kraftonevent.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	malware
https://commentcamarche.net	0%	URL Reputation	safe
https://etfacademy.it	0%	URL Reputation	safe
https://mighty-app.appspot.com	0%	URL Reputation	safe
https://hj.rs	0%	URL Reputation	safe
https://hearty.me	0%	URL Reputation	safe
https://mercadolibre.com.gt	0%	URL Reputation	safe
https://indiatodayne.in	0%	URL Reputation	safe
https://idbs-staging.com	0%	URL Reputation	safe
https://nlc.hu	0%	Avira URL Cloud	safe
https://radio2.be	0%	Avira URL Cloud	safe
https://talkdeskqaid.com	0%	Avira URL Cloud	safe
https://wildixin.com	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://naukri.com	0%	Avira URL Cloud	safe
https://24.hu	0%	Avira URL Cloud	safe
https://interia.pl	0%	Avira URL Cloud	safe
https://talkdeskstgid.com	0%	Avira URL Cloud	safe
https://pudelek.pl	0%	Avira URL Cloud	safe
https://sapo.io	0%	Avira URL Cloud	safe
https://wpext.pl	0%	Avira URL Cloud	safe
https://clmbtech.com	0%	Avira URL Cloud	safe
https://rws3nvtvt.com	0%	Avira URL Cloud	safe
https://poalim.site	0%	Avira URL Cloud	safe
https://standardsandpraiserepurpose.com	0%	Avira URL Cloud	safe
https://07c225f3.online	0%	Avira URL Cloud	safe
https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	malware
https://timesinternet.in	0%	Avira URL Cloud	safe
http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.186.164	true	false	unknown
taps.kraftonevent.com	188.114.96.3	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://taps.kraftonevent.com/cdn-cgi/images/icon-exclamation.png?1376755637	true	Avira URL Cloud: malware	unknown
https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_110.2.dr	false	Avira URL Cloud: safe	unknown
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	URL Reputation: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://reshim.org	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://unotv.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://johndeere.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://supereva.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://bolasport.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://desimartini.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.app	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.gift	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://heartymail.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nlc.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://finn.no	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hc1.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	URL Reputation: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://24.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://wildixin.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://chennien.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://drimer.travel	sets.json.0.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_110.2.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://naukri.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://interia.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	URL Reputation: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wpext.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://drimer.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	URL Reputation: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://the42.ie	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	URL Reputation: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://helpdesk.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://07c225f3.online	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hj.rs	sets.json.0.dr	false	URL Reputation: safe	unknown
https://hearty.me	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	URL Reputation: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://indiatodayne.in	sets.json.0.dr	false	URL Reputation: safe	unknown
https://idbs-staging.com	sets.json.0.dr	false	URL Reputation: safe	unknown
http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer	chromecache_111.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	taps.kraftonevent.com	European Union	13335	CLOUDFLARENETUS	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501491
Start date and time:	2024-08-30 00:39:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://taps.kraftonevent.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@23/14@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.251.173.84, 142.250.184.206, 34.104.35.123, 20.114.59.183, 192.229.221.95, 20.242.39.171, 199.232.210.172, 13.95.31.18, 52.165.164.15, 131.107.255.255, 13.85.23.86, 142.250.186.131, 93.184.221.240
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://taps.kraftonevent.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.021127689065198
Encrypted:	false
SSDEEP:	48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
MD5:	68E6B5733E04AB7BF19699A84D8ABBC2
SHA1:	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
SHA-256:	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
SHA-512:	9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9159446964030753
Encrypted:	false
SSDEEP:	3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
MD5:	CFB54589424206D0AE6437B5673F498D
SHA1:	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
SHA-256:	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
SHA-512:	70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
Malicious:	false
Reputation:	low
Preview:	1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.4533115571544695
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
MD5:	C3419069A1C30140B77045ABA38F12CF
SHA1:	11920F0C1E55CADC7D2893D1EEBB268B3459762A
SHA-256:	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
SHA-512:	C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9748
Entropy (8bit):	4.629326694042306
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
MD5:	EEA4913A6625BEB838B3E4E79999B627
SHA1:	1B4966850F1B117041407413B70BFA925FD83703
SHA-256:	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
SHA-512:	31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://taps.kraftonevent.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.084036122002885
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisbA2ZLimijrR49PaQxJbGD:1j9jhjYjIK/Vo+tsFZOmorO9ieJGD
MD5:	B17E76381233F95B07A999C16EB4A0EB
SHA1:	431CA2D2EA6AF70E8D5388C57B9A0211B139BB64
SHA-256:	6AD9E3EAF8950E6CBB10F08D1C2AD53CD4A49FFB45F5DFE77C686B837DD41ADE
SHA-512:	7112ED5E5470DFE5F78FDD7269C9033BB61D5F3C02C48CFAEF0B547F15774D447F742D081927CEA526ADFD6A733EBD0762284FEBA72ACC4B410B6FD2E8F75C72
Malicious:	false
Reputation:	low
URL:	https://taps.kraftonevent.com/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (4070)
Category:	downloaded
Size (bytes):	10385
Entropy (8bit):	5.345321169429939
Encrypted:	false
SSDEEP:	192:rlYHC0HNXGZkHQU7ydPJq5S2KqQVX/uTK3w3DK+tMy47R/Ga0kVhFuPwf8Pn93Jk:FVGaRF8I8hWq+Ii
MD5:	9EF49BF2089C0852FA0B189AC3BCB468
SHA1:	DFD97E33C454984BA71E4AA12D28E038762A78E1
SHA-256:	E176FB974958F4534265F67BFB066F9530F5542FFDA24BD9A15478D833272AC1
SHA-512:	5C4B6D0694E289B1F42CFE0221495C9C0B5FDBD916A9C7630254655762B431C762E57462A0C3C17731DE21ED8A93FADF94878B87A65FCA68C201CBCE14D1F88C
Malicious:	false
Reputation:	low
URL:	https://taps.kraftonevent.com/favicon.ico
Preview:	...<!DOCTYPE html>.<html>. <head>. <meta http-equiv="Content-type" content="text/html; charset=utf-8">. <meta http-equiv="Cache-control" content="no-cache">. <meta http-equiv="Pragma" content="no-cache">. <meta http-equiv="Expires" content="0">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>404 Not Found</title>. <style type="text/css">. body {. font-family: Arial, Helvetica, sans-serif;. font-size: 14px;. line-height: 1.428571429;. background-color: #ffffff;. color: #2F3230;. padding: 0;. margin: 0;. }. section, footer {. display: block;. padding: 0;. margin: 0;. }. .container {. margin-left: auto;. margin-right: auto;. padding: 0 10px;. }. .response-info {. color: #CCCCCC;. }. .status-code {. font-size:

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:40:13.783380032 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.783560038 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.788816929 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.788836956 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.789138079 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.790374041 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.790446997 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.790455103 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.790571928 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.836498976 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.972889900 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.972974062 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:13.973083973 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.973340988 CEST	49709	443	192.168.2.6	40.113.103.199
Aug 30, 2024 00:40:13.973367929 CEST	443	49709	40.113.103.199	192.168.2.6
Aug 30, 2024 00:40:15.387510061 CEST	49674	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:15.387511015 CEST	49673	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:15.715451002 CEST	49672	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:21.861717939 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:21.861764908 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:21.861825943 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:21.863342047 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:21.863354921 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.537702084 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.537741899 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.537815094 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.538537979 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.538549900 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.672949076 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.673067093 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.700742006 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.700769901 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.701100111 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.750277042 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.750376940 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.750395060 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.750576019 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.792525053 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.920527935 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.920619011 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:22.920706034 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.921278000 CEST	49710	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:22.921295881 CEST	443	49710	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.347651005 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.347711086 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.350517988 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.350531101 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.350776911 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.352363110 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.352418900 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.352422953 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.352533102 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.400501013 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.533287048 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.534373999 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.534388065 CEST	443	49711	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:23.534414053 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:23.534430981 CEST	49711	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:24.181952000 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.181988001 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.182292938 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.182566881 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.182578087 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.654378891 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.656631947 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.656651974 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.657779932 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.657881021 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.658929110 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.658993959 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.659116983 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.700510025 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.778687954 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.778719902 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780426025 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780472994 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780505896 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780546904 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.780555964 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780586958 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:24.780606031 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.780632019 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:24.995690107 CEST	49674	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:24.995690107 CEST	49673	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:25.057974100 CEST	49717	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.057986975 CEST	443	49717	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.060724974 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.060741901 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.060811996 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.061103106 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.061114073 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.327785969 CEST	49672	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:25.523616076 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.524027109 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.524043083 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.524367094 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.524717093 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.524821997 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.524840117 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.572504997 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.575603008 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.657403946 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657450914 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657489061 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657514095 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657522917 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.657538891 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657562017 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.657571077 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657598972 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657608986 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.657613039 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.657643080 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.657990932 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.664571047 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.664597034 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.664628029 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.664661884 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.664669037 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.664686918 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.713505030 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.744141102 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744225979 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744256973 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744270086 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.744282961 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744319916 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.744503021 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744591951 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744643927 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.744657993 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744672060 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.744724035 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.748605013 CEST	49718	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.748629093 CEST	443	49718	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.934387922 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.934423923 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:25.934484005 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.935492039 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:25.935503960 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.414341927 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.421859980 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.421874046 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.422216892 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.433818102 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.433984995 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.438941002 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.484503031 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.540838957 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.540899038 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.541047096 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.543168068 CEST	49721	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.543190002 CEST	443	49721	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.588196039 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.588234901 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.588377953 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.588643074 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.588654995 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.775669098 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.775692940 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:26.775769949 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.776352882 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:26.776364088 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.014086008 CEST	443	49705	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:27.014200926 CEST	49705	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:27.219892025 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.220979929 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.221003056 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.221354961 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.221791029 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.221860886 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.222098112 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.235296965 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.235578060 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.235590935 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.236665010 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.236745119 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.237449884 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.237513065 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.237607956 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.237615108 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.264511108 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.277756929 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.370779991 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.370852947 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.370976925 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.375613928 CEST	49724	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.375636101 CEST	443	49724	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.566754103 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:27.566792965 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:27.566864967 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:27.567622900 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:27.567640066 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:27.883397102 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883439064 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883464098 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883491039 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883500099 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.883527040 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883546114 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.883673906 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.883721113 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.883730888 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884428978 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884474993 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884479046 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.884496927 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884532928 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.884538889 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884566069 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.884603977 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.919078112 CEST	49723	443	192.168.2.6	188.114.96.3
Aug 30, 2024 00:40:27.919109106 CEST	443	49723	188.114.96.3	192.168.2.6
Aug 30, 2024 00:40:27.921477079 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:27.921514034 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:27.921684027 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:27.959029913 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:27.959045887 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.006184101 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.006223917 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.006299019 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.010510921 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.010523081 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.205756903 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.261210918 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.275471926 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.275495052 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.277237892 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.277256966 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.277306080 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.279448986 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.279544115 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.323656082 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.323669910 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:28.370520115 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:28.455445051 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.459587097 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.459611893 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.460736990 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.460823059 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.463958025 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.464025974 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.476948977 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.476957083 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.526792049 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.606687069 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.606774092 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.606842041 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.607086897 CEST	49726	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.607104063 CEST	443	49726	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.608455896 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.608505964 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.608576059 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.612565994 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:28.612580061 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:28.653450012 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.653521061 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.656172991 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.656186104 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.656433105 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.695522070 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.740497112 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.925223112 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.925280094 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.925422907 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.925422907 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.925470114 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.925498962 CEST	49727	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.925509930 CEST	443	49727	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.959681034 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.959718943 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:28.960042000 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.960393906 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:28.960410118 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.088227034 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.088907957 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:29.088929892 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.089293957 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.092334986 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:29.092406988 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.093005896 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:29.136501074 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.228053093 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.228128910 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.228223085 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:29.231332064 CEST	49728	443	192.168.2.6	35.190.80.1
Aug 30, 2024 00:40:29.231360912 CEST	443	49728	35.190.80.1	192.168.2.6
Aug 30, 2024 00:40:29.615771055 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.615853071 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.618690968 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.618696928 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.618969917 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.620508909 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.668493986 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.896049976 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.896115065 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.896310091 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.897370100 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.897382021 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:29.897427082 CEST	49729	443	192.168.2.6	184.28.90.27
Aug 30, 2024 00:40:29.897432089 CEST	443	49729	184.28.90.27	192.168.2.6
Aug 30, 2024 00:40:30.160933018 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:30.160964012 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:30.161046028 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:30.161729097 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:30.161746979 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:30.944814920 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:30.944905043 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.038918018 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.038954973 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.039284945 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.042046070 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.042093992 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.042104959 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.042469978 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.088500977 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.219902039 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.220035076 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:31.220141888 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.225049973 CEST	49730	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:31.225064993 CEST	443	49730	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:38.174571991 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:38.174631119 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:38.174966097 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:38.328032017 CEST	49705	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.330281973 CEST	49705	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.331533909 CEST	49734	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.331587076 CEST	443	49734	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:38.331669092 CEST	49734	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.332824945 CEST	443	49705	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:38.332937002 CEST	49734	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.332950115 CEST	443	49734	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:38.335967064 CEST	443	49705	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:38.411830902 CEST	54499	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:38.416687012 CEST	53	54499	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:38.416810989 CEST	54499	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:38.416881084 CEST	54499	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:38.421700954 CEST	53	54499	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:38.868911982 CEST	53	54499	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:38.869621038 CEST	54499	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:38.875972033 CEST	53	54499	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:38.876022100 CEST	54499	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:38.925312042 CEST	443	49734	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:38.925396919 CEST	49734	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:38.967502117 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:38.967546940 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:38.967614889 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:38.968329906 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:38.968344927 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.357150078 CEST	49725	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:40:39.357182980 CEST	443	49725	142.250.186.164	192.168.2.6
Aug 30, 2024 00:40:39.762110949 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.762192965 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.798122883 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.798145056 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.798428059 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.799799919 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.799894094 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.799899101 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.800071001 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.840509892 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.973073959 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.973155975 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:39.973233938 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.994632006 CEST	54501	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:39.994646072 CEST	443	54501	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:43.347115040 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:43.347166061 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:43.347230911 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:43.347826004 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:43.347841978 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.150389910 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.150624037 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.152709961 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.152719975 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.152976036 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.155960083 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.156085014 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.156089067 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.156246901 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.200495005 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.337318897 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.337397099 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.337846994 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:44.337897062 CEST	443	54502	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:44.337927103 CEST	54502	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:58.148838043 CEST	443	49734	173.222.162.64	192.168.2.6
Aug 30, 2024 00:40:58.149002075 CEST	49734	443	192.168.2.6	173.222.162.64
Aug 30, 2024 00:40:59.169610977 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.169653893 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.169718981 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.170651913 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.170667887 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.966705084 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.966916084 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.972374916 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.972399950 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.972662926 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.974380016 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.974380016 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:40:59.974399090 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:40:59.974864960 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:00.016510010 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:00.149957895 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:00.150085926 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:00.150336027 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:00.150551081 CEST	54503	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:00.150572062 CEST	443	54503	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:04.516349077 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:04.516393900 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:04.516499996 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:04.517843962 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:04.517860889 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.329931021 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.330056906 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.331995964 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.332009077 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.332268000 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.336046934 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.336149931 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.336155891 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.336504936 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.384506941 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.511132002 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.511210918 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:05.511275053 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.511765957 CEST	54504	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:05.511790037 CEST	443	54504	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.170583963 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.170628071 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.170698881 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.171284914 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.171294928 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.968529940 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.968674898 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.972394943 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.972419024 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.972676039 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.975290060 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.975454092 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:23.975464106 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:23.975861073 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:24.020499945 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:24.146496058 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:24.146610975 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:24.146683931 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:24.147342920 CEST	54507	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:24.147361994 CEST	443	54507	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:26.113560915 CEST	53446	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:41:26.119833946 CEST	53	53446	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:26.119925976 CEST	53446	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:41:26.119925976 CEST	53446	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:41:26.126213074 CEST	53	53446	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:26.650768995 CEST	53	53446	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:26.652230024 CEST	53446	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:41:26.658701897 CEST	53	53446	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:26.658787012 CEST	53446	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:41:27.592485905 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:27.592530012 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:27.596621037 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:27.596761942 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:27.596775055 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:28.480380058 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:28.480747938 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:28.480766058 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:28.481105089 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:28.481585026 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:28.481650114 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:28.526487112 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:34.972511053 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:34.972557068 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:34.972628117 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:34.973227024 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:34.973237991 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:35.898051023 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:35.898190022 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:35.900029898 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:35.900041103 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:35.900314093 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:35.902394056 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:35.902502060 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:35.902508020 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:35.902635098 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:35.948501110 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:36.076570034 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:36.076657057 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:36.077136993 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:36.077184916 CEST	443	53450	40.113.110.67	192.168.2.6
Aug 30, 2024 00:41:36.077224970 CEST	53450	443	192.168.2.6	40.113.110.67
Aug 30, 2024 00:41:38.142199993 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:38.142273903 CEST	443	53449	142.250.186.164	192.168.2.6
Aug 30, 2024 00:41:38.142410040 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:39.359524965 CEST	53449	443	192.168.2.6	142.250.186.164
Aug 30, 2024 00:41:39.359544039 CEST	443	53449	142.250.186.164	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 30, 2024 00:40:22.899754047 CEST	53	55381	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:23.033612013 CEST	53	53615	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:24.012660980 CEST	53	60827	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:24.150089025 CEST	57723	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:24.150311947 CEST	50288	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:24.161952019 CEST	53	50288	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:24.161966085 CEST	53	57723	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:24.164633036 CEST	56644	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:24.164870024 CEST	65119	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:24.177357912 CEST	53	56644	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:24.181345940 CEST	53	65119	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:26.676270008 CEST	64025	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:26.677028894 CEST	57489	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:26.770046949 CEST	53	57489	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:26.774172068 CEST	53	64025	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:27.554598093 CEST	64412	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:27.554749012 CEST	49645	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:27.562701941 CEST	53	64412	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:27.563226938 CEST	53	49645	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:27.910151005 CEST	54939	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:27.910953999 CEST	61944	53	192.168.2.6	1.1.1.1
Aug 30, 2024 00:40:27.918139935 CEST	53	54939	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:27.919502974 CEST	53	61944	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:38.410728931 CEST	53	56833	1.1.1.1	192.168.2.6
Aug 30, 2024 00:40:41.116082907 CEST	53	58741	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:00.167159081 CEST	53	65014	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:22.963115931 CEST	53	50916	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:23.217232943 CEST	53	59159	1.1.1.1	192.168.2.6
Aug 30, 2024 00:41:26.113132000 CEST	53	57584	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 30, 2024 00:40:24.150089025 CEST	192.168.2.6	1.1.1.1	0x17ad	Standard query (0)	taps.kraftonevent.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.150311947 CEST	192.168.2.6	1.1.1.1	0x33fc	Standard query (0)	taps.kraftonevent.com	65	IN (0x0001)	false
Aug 30, 2024 00:40:24.164633036 CEST	192.168.2.6	1.1.1.1	0xe428	Standard query (0)	taps.kraftonevent.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.164870024 CEST	192.168.2.6	1.1.1.1	0x913f	Standard query (0)	taps.kraftonevent.com	65	IN (0x0001)	false
Aug 30, 2024 00:40:26.676270008 CEST	192.168.2.6	1.1.1.1	0x3db0	Standard query (0)	taps.kraftonevent.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:26.677028894 CEST	192.168.2.6	1.1.1.1	0x85a9	Standard query (0)	taps.kraftonevent.com	65	IN (0x0001)	false
Aug 30, 2024 00:40:27.554598093 CEST	192.168.2.6	1.1.1.1	0x2962	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:27.554749012 CEST	192.168.2.6	1.1.1.1	0x9975	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 30, 2024 00:40:27.910151005 CEST	192.168.2.6	1.1.1.1	0xb05c	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:27.910953999 CEST	192.168.2.6	1.1.1.1	0x4bc5	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 30, 2024 00:40:24.161952019 CEST	1.1.1.1	192.168.2.6	0x33fc	No error (0)	taps.kraftonevent.com			65	IN (0x0001)	false
Aug 30, 2024 00:40:24.161966085 CEST	1.1.1.1	192.168.2.6	0x17ad	No error (0)	taps.kraftonevent.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.161966085 CEST	1.1.1.1	192.168.2.6	0x17ad	No error (0)	taps.kraftonevent.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.177357912 CEST	1.1.1.1	192.168.2.6	0xe428	No error (0)	taps.kraftonevent.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.177357912 CEST	1.1.1.1	192.168.2.6	0xe428	No error (0)	taps.kraftonevent.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:24.181345940 CEST	1.1.1.1	192.168.2.6	0x913f	No error (0)	taps.kraftonevent.com			65	IN (0x0001)	false
Aug 30, 2024 00:40:26.770046949 CEST	1.1.1.1	192.168.2.6	0x85a9	No error (0)	taps.kraftonevent.com			65	IN (0x0001)	false
Aug 30, 2024 00:40:26.774172068 CEST	1.1.1.1	192.168.2.6	0x3db0	No error (0)	taps.kraftonevent.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:26.774172068 CEST	1.1.1.1	192.168.2.6	0x3db0	No error (0)	taps.kraftonevent.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:27.562701941 CEST	1.1.1.1	192.168.2.6	0x2962	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:27.563226938 CEST	1.1.1.1	192.168.2.6	0x9975	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 30, 2024 00:40:27.918139935 CEST	1.1.1.1	192.168.2.6	0xb05c	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:36.046582937 CEST	1.1.1.1	192.168.2.6	0x1337	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 30, 2024 00:40:36.046582937 CEST	1.1.1.1	192.168.2.6	0x1337	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:38.710361958 CEST	1.1.1.1	192.168.2.6	0xe2	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Aug 30, 2024 00:40:38.710361958 CEST	1.1.1.1	192.168.2.6	0xe2	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

taps.kraftonevent.com

https:

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:13 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 56 49 44 64 72 56 30 30 30 43 58 56 75 6a 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 64 37 37 33 39 31 64 38 63 38 32 37 65 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: YVIDdrV000CXVujH.1Context: e6d77391d8c827e2
2024-08-29 22:40:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:13 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 59 56 49 44 64 72 56 30 30 30 43 58 56 75 6a 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 64 37 37 33 39 31 64 38 63 38 32 37 65 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: YVIDdrV000CXVujH.2Context: e6d77391d8c827e2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:13 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 59 56 49 44 64 72 56 30 30 30 43 58 56 75 6a 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 36 64 37 37 33 39 31 64 38 63 38 32 37 65 32 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: YVIDdrV000CXVujH.3Context: e6d77391d8c827e2
2024-08-29 22:40:13 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:13 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6b 52 61 2b 65 59 55 42 48 6b 69 6d 72 30 6d 31 77 36 62 46 65 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: kRa+eYUBHkimr0m1w6bFeA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49710	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 41 37 6b 4b 48 73 53 78 6b 79 48 47 77 4d 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 65 63 31 66 36 65 37 34 37 30 64 39 35 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: iA7kKHsSxkyHGwMO.1Context: f9ec1f6e7470d954
2024-08-29 22:40:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 41 37 6b 4b 48 73 53 78 6b 79 48 47 77 4d 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 65 63 31 66 36 65 37 34 37 30 64 39 35 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: iA7kKHsSxkyHGwMO.2Context: f9ec1f6e7470d954<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 41 37 6b 4b 48 73 53 78 6b 79 48 47 77 4d 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 39 65 63 31 66 36 65 37 34 37 30 64 39 35 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: iA7kKHsSxkyHGwMO.3Context: f9ec1f6e7470d954<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-29 22:40:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 73 31 58 36 78 62 65 48 55 4f 57 30 49 30 66 36 4f 46 2f 71 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Ns1X6xbeHUOW0I0f6OF/qg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49711	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 58 68 70 4f 51 58 70 57 30 6d 45 6c 6f 4c 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 63 32 32 30 35 35 34 31 34 65 62 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ZXhpOQXpW0mEloLs.1Context: a425c22055414ebf
2024-08-29 22:40:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:23 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 5a 58 68 70 4f 51 58 70 57 30 6d 45 6c 6f 4c 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 63 32 32 30 35 35 34 31 34 65 62 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ZXhpOQXpW0mEloLs.2Context: a425c22055414ebf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:23 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 5a 58 68 70 4f 51 58 70 57 30 6d 45 6c 6f 4c 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 34 32 35 63 32 32 30 35 35 34 31 34 65 62 66 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: ZXhpOQXpW0mEloLs.3Context: a425c22055414ebf
2024-08-29 22:40:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 74 52 65 42 5a 79 54 72 41 6b 47 35 4c 54 42 53 73 49 78 67 6b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: tReBZyTrAkG5LTBSsIxgkA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49717	188.114.96.3	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:24 UTC	664	OUT	GET / HTTP/1.1 Host: taps.kraftonevent.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:24 UTC	555	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:40:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAOGocS7zIV18W6afuhyrCZ5bZgVTg%2BYyGWpTqCseMDJ9V15tBPIuk1K28thyS0QxrMaCj0Z3LYMnmGkI56L9bhXmELSyJrULp01ky%2FiGhro3Tshd1cBX9kgZk6t2GtnekITKZr%2BeK0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb00aea9b8a0c78-EWR
2024-08-29 22:40:24 UTC	814	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-29 22:40:24 UTC	1369	IN	Data Raw: 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 Data Ascii: les/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('
2024-08-29 22:40:24 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 37 4d 61 4e 41 62 48 34 4d 4b 72 6f 4d 4b 5f 56 39 39 71 79 50 71 4f 4a 45 44 6f 2e 79 71 66 33 6e 49 4e 38 47 77 76 66 31 70 73 2d 31 37 32 34 39 37 31 32 32 34 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="7MaNAbH4MKroMK_V99qyPqOJEDo.yqf3nIN8Gwvf1ps-1724971224-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-29 22:40:24 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-29 22:40:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	188.114.96.3	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:25 UTC	569	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: taps.kraftonevent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://taps.kraftonevent.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:25 UTC	411	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:40:25 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-5df3" Server: cloudflare CF-RAY: 8bb00af00ed28c99-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:40:25 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:40:25 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-08-29 22:40:25 UTC	389	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 73 74 61 63 6b 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 7a 6f 6f 6d 3a 31 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f Data Ascii: select:none;-ms-user-select:none;user-select:none;display:-moz-inline-stack;display:inline-block;vertical-align:middle;zoom:1;border-radius:2px;box-sizing:border-box;-webkit-transition:all .2s ease;transition:all .2s ease}#cf-wrapper .cf-btn:hover{backgro
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 2e 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 3a 61 63 74 69 76 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f Data Ascii: per .cf-btn-danger:active,#cf-wrapper .cf-btn-danger:focus,#cf-wrapper .cf-btn-error.active,#cf-wrapper .cf-btn-error:active,#cf-wrapper .cf-btn-error:focus,#cf-wrapper .cf-btn-important.active,#cf-wrapper .cf-btn-important:active,#cf-wrapper .cf-btn-impo
2024-08-29 22:40:25 UTC	1369	IN	Data Raw: 6d 3a 31 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 32 73 20 65 61 73 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 67 72 61 79 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 3a 66 6f 63 75 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 Data Ascii: m:1;box-sizing:border-box;-webkit-transition:all .2s ease;transition:all .2s ease;border-radius:2px}#cf-wrapper input:hover,#cf-wrapper select:hover,#cf-wrapper textarea:hover{border-color:gray}#cf-wrapper input:focus,#cf-wrapper select:focus,#cf-wrapper

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49721	188.114.96.3	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:26 UTC	661	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: taps.kraftonevent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:26 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:40:26 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8bb00af59ae30c7e-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:40:26 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:40:26 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49723	188.114.96.3	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:27 UTC	598	OUT	GET /favicon.ico HTTP/1.1 Host: taps.kraftonevent.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://taps.kraftonevent.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:27 UTC	655	IN	HTTP/1.1 404 Not Found Date: Thu, 29 Aug 2024 22:40:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close vary: Accept-Encoding x-turbo-charged-by: LiteSpeed Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UkyEO2tn5kJ3WLNpIozFrbjB3DqVzfLDVovn0VxeeNEOvAKSAn6qcBaQjKOHEENp8WMoTaTMRdy2%2FaOG0FGGE5beLR00lbHVUoALwW7asXRHG6BFS1Br%2FDzN2DGrwbU6S%2FRSRyIOeyM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bb00afaa85b437a-EWR alt-svc: h3=":443"; ma=86400
2024-08-29 22:40:27 UTC	714	IN	Data Raw: 32 38 39 31 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f Data Ascii: 2891<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" co
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 72 65 73 70 6f 6e 73 65 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 43 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e Data Ascii: k; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CCCCCC; } .
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 7d 0a 20 20 20 20 20 20 20 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 61 64 64 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 Data Ascii: } ul li { float: left; text-align: center; } .additional-info-items ul li { width: 100%; } .info-image { padding: 10px; } .info-heading { f
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 32 70 78 20 30 20 30 20 39 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 73 65 72 76 65 72 20 61 Data Ascii: } .contact-info { font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0 0 98px; } .info-server a
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 4d 77 71 4e 69 62 59 33 38 6d 6c 76 58 4b 44 64 55 35 70 44 48 33 54 52 6b 6c 34 30 76 78 4a 6b 5a 2b 44 4f 32 4e 75 2f 33 48 6e 79 43 37 74 31 35 6f 62 47 42 74 71 52 46 52 58 6f 36 2b 30 5a 35 59 51 68 35 4c 48 64 39 59 47 57 4f 73 46 2b 39 49 73 35 6f 51 58 63 74 5a 4b 62 76 64 41 41 74 62 48 48 4d 38 2b 47 4c 66 6f 6a 57 64 49 67 50 66 66 37 59 69 66 52 54 4e 69 5a 6d 75 73 57 2b 77 38 66 44 6a 31 78 64 65 76 4e 6e 62 55 33 56 46 66 54 45 4c 2f 57 33 33 70 66 48 33 31 63 47 59 42 70 67 57 39 4c 62 61 33 49 63 38 43 38 69 41 37 37 4e 4c 65 35 31 34 76 75 38 42 50 6a 36 2f 6e 33 6c 43 64 2f 56 6b 67 4b 58 47 6b 77 59 55 51 48 41 61 4d 2b 79 51 75 6e 42 6d 4e 53 77 62 52 56 59 68 2b 6b 4f 63 67 4d 68 76 52 44 42 31 4d 64 32 30 59 66 69 52 2b 55 46 66 76 Data Ascii: MwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9YGWOsF+9Is5oQXctZKbvdAAtbHHM8+GLfojWdIgPff7YifRTNiZmusW+w8fDj1xdevNnbU3VFfTEL/W33pfH31cGYBpgW9Lba3Ic8C8iA77NLe514vu8BPj6/n3lCd/VkgKXGkwYUQHAaM+yQunBmNSwbRVYh+kOcgMhvRDB1Md20YfiR+UFfv
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 70 2b 31 2f 49 61 78 71 47 41 52 7a 72 46 74 74 70 68 55 52 2b 4d 76 45 50 53 78 2b 36 6d 2f 70 43 78 45 69 33 59 37 70 34 38 35 45 53 41 56 6d 75 6c 64 76 7a 53 54 4b 77 32 66 71 48 53 47 4d 35 68 42 57 31 49 55 49 30 66 2f 4c 64 4f 4e 74 45 55 4b 58 47 43 39 35 6a 4b 2b 52 67 34 51 42 56 77 4e 6d 6c 65 50 5a 56 6a 54 78 75 6f 32 34 6b 57 4d 72 51 48 67 2f 6e 5a 7a 78 44 71 6d 71 46 52 46 43 37 39 39 2b 64 62 45 69 72 4d 6f 56 45 58 68 56 41 30 37 59 2b 47 57 4e 4d 4f 42 43 78 49 49 70 43 67 43 70 41 58 35 4b 67 48 42 36 49 51 49 4c 48 77 45 33 48 58 6b 32 58 51 56 73 7a 64 53 6b 47 45 43 6a 55 41 42 68 50 4c 4d 64 54 2f 75 4b 4c 30 52 49 51 38 44 7a 59 4f 4b 4a 75 39 38 56 30 30 36 4c 62 53 49 6b 76 42 73 52 6c 7a 42 50 59 6b 49 52 49 48 31 37 34 33 69 Data Ascii: p+1/IaxqGARzrFttphUR+MvEPSx+6m/pCxEi3Y7p485ESAVmuldvzSTKw2fqHSGM5hBW1IUI0f/LdONtEUKXGC95jK+Rg4QBVwNmlePZVjTxuo24kWMrQHg/nZzxDqmqFRFC799+dbEirMoVEXhVA07Y+GWNMOBCxIIpCgCpAX5KgHB6IQILHwE3HXk2XQVszdSkGECjUABhPLMdT/uKL0RIQ8DzYOKJu98V006LbSIkvBsRlzBPYkIRIH1743i
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 36 4e 2f 4d 39 57 73 69 41 44 4f 30 30 41 33 51 55 30 68 6f 68 58 35 52 54 64 65 43 72 73 74 79 54 31 57 70 68 55 52 54 42 65 76 42 61 56 34 69 77 59 4a 47 47 63 74 52 44 43 31 46 73 47 61 51 33 52 74 47 46 66 4c 34 6f 73 33 34 67 36 54 2b 41 6b 41 54 38 34 62 73 30 66 58 32 77 65 53 38 38 58 37 58 36 68 58 52 44 44 52 7a 64 77 48 5a 2f 35 44 32 68 6a 6a 67 68 74 33 4d 62 35 79 31 4e 49 4e 71 2b 62 65 5a 42 75 38 64 38 34 36 35 37 77 50 59 66 4e 38 70 5a 42 63 30 67 2b 4a 4b 69 4b 59 69 4e 72 39 72 34 76 31 5a 72 76 64 62 74 61 7a 70 31 36 54 53 43 4f 66 5a 70 70 4d 69 47 44 36 69 56 71 72 32 37 31 6f 56 6f 6b 55 36 41 4a 39 55 35 46 47 6e 58 49 77 77 35 6d 48 2b 6b 4c 45 68 78 49 31 63 6c 32 30 51 43 47 43 54 67 52 4d 41 2f 33 2b 46 32 6c 52 58 58 74 7a Data Ascii: 6N/M9WsiADO00A3QU0hohX5RTdeCrstyT1WphURTBevBaV4iwYJGGctRDC1FsGaQ3RtGFfL4os34g6T+AkAT84bs0fX2weS88X7X6hXRDDRzdwHZ/5D2hjjght3Mb5y1NINq+beZBu8d84657wPYfN8pZBc0g+JKiKYiNr9r4v1Zrvdbtazp16TSCOfZppMiGD6iVqr271oVokU6AJ9U5FGnXIww5mH+kLEhxI1cl20QCGCTgRMA/3+F2lRXXtz
2024-08-29 22:40:27 UTC	1369	IN	Data Raw: 38 38 65 39 36 39 65 39 35 38 66 64 35 38 38 39 33 38 66 39 36 39 37 64 62 38 62 39 34 38 39 38 66 64 62 63 66 63 66 63 38 64 62 39 34 39 35 64 62 62 64 38 39 39 32 39 66 39 61 38 32 64 37 64 62 63 38 63 62 64 36 62 61 38 65 39 63 64 36 63 39 63 62 63 39 63 66 64 62 63 62 63 65 63 31 63 66 63 62 63 31 63 39 63 63 64 62 61 63 62 32 62 39 22 3e 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 72 65 61 73 6f 6e 2d 74 65 78 74 22 3e 54 68 65 20 73 65 72 76 65 72 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 70 61 67 65 3a 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 Data Ascii: 88e969e958fd588938f9697db8b94898fdbcfcfc8db9495dbbd89929f9a82d7dbc8cbd6ba8e9cd6c9cbc9cfdbcbcec1cfcbc1c9ccdbacb2b9"> WebMaster</a>. </section> <p class="reason-text">The server cannot find the requested page:</p> </div>
2024-08-29 22:40:27 UTC	96	IN	Data Raw: 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: rc="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>
2024-08-29 22:40:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49724	188.114.96.3	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:27 UTC	391	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: taps.kraftonevent.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:27 UTC	409	IN	HTTP/1.1 200 OK Date: Thu, 29 Aug 2024 22:40:27 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8bb00afacdf58c7e-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Fri, 30 Aug 2024 00:40:27 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-29 22:40:27 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49726	35.190.80.1	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:28 UTC	550	OUT	OPTIONS /report/v4?s=UkyEO2tn5kJ3WLNpIozFrbjB3DqVzfLDVovn0VxeeNEOvAKSAn6qcBaQjKOHEENp8WMoTaTMRdy2%2FaOG0FGGE5beLR00lbHVUoALwW7asXRHG6BFS1Br%2FDzN2DGrwbU6S%2FRSRyIOeyM%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://taps.kraftonevent.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:28 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 29 Aug 2024 22:40:28 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49727	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:40:28 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=125785 Date: Thu, 29 Aug 2024 22:40:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49728	35.190.80.1	443	3992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:29 UTC	486	OUT	POST /report/v4?s=UkyEO2tn5kJ3WLNpIozFrbjB3DqVzfLDVovn0VxeeNEOvAKSAn6qcBaQjKOHEENp8WMoTaTMRdy2%2FaOG0FGGE5beLR00lbHVUoALwW7asXRHG6BFS1Br%2FDzN2DGrwbU6S%2FRSRyIOeyM%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 432 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-29 22:40:29 UTC	432	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 32 31 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 74 61 70 73 2e 6b 72 61 66 74 6f 6e 65 76 65 6e 74 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 Data Ascii: [{"age":0,"body":{"elapsed_time":1321,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://taps.kraftonevent.com/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":404,"type":"http.error"},"type":"network-error","
2024-08-29 22:40:29 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 29 Aug 2024 22:40:29 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49729	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-29 22:40:29 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=125737 Date: Thu, 29 Aug 2024 22:40:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-29 22:40:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49730	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 35 2f 6a 7a 69 58 49 31 45 69 77 4f 48 2f 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 31 36 36 32 37 35 63 61 31 39 32 33 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Q5/jziXI1EiwOH/Z.1Context: 837166275ca1923d
2024-08-29 22:40:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 35 2f 6a 7a 69 58 49 31 45 69 77 4f 48 2f 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 31 36 36 32 37 35 63 61 31 39 32 33 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Q5/jziXI1EiwOH/Z.2Context: 837166275ca1923d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 35 2f 6a 7a 69 58 49 31 45 69 77 4f 48 2f 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 37 31 36 36 32 37 35 63 61 31 39 32 33 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Q5/jziXI1EiwOH/Z.3Context: 837166275ca1923d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-29 22:40:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 46 71 63 2b 38 34 56 70 50 6b 69 57 49 70 58 35 4d 72 79 64 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Fqc+84VpPkiWIpX5MrydiA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	54501	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 69 49 57 2b 77 72 32 6a 45 4b 6d 48 4e 49 57 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 64 64 37 63 37 62 31 63 34 35 61 63 62 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6iIW+wr2jEKmHNIW.1Context: 91dd7c7b1c45acbe
2024-08-29 22:40:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 69 49 57 2b 77 72 32 6a 45 4b 6d 48 4e 49 57 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 64 64 37 63 37 62 31 63 34 35 61 63 62 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6iIW+wr2jEKmHNIW.2Context: 91dd7c7b1c45acbe<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:39 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 36 69 49 57 2b 77 72 32 6a 45 4b 6d 48 4e 49 57 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 64 64 37 63 37 62 31 63 34 35 61 63 62 65 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 6iIW+wr2jEKmHNIW.3Context: 91dd7c7b1c45acbe
2024-08-29 22:40:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 77 73 4a 4d 37 35 64 70 55 69 4a 54 64 51 54 4c 44 7a 62 4a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vwsJM75dpUiJTdQTLDzbJA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	54502	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:44 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 2f 78 69 76 74 71 51 62 55 32 6a 41 67 38 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 61 37 65 37 38 65 65 32 35 66 61 65 36 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Z/xivtqQbU2jAg8R.1Context: f4a7e78ee25fae6d
2024-08-29 22:40:44 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:44 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 5a 2f 78 69 76 74 71 51 62 55 32 6a 41 67 38 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 61 37 65 37 38 65 65 32 35 66 61 65 36 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Z/xivtqQbU2jAg8R.2Context: f4a7e78ee25fae6d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:44 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 2f 78 69 76 74 71 51 62 55 32 6a 41 67 38 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 61 37 65 37 38 65 65 32 35 66 61 65 36 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Z/xivtqQbU2jAg8R.3Context: f4a7e78ee25fae6d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-29 22:40:44 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:40:44 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 37 41 72 5a 76 50 64 70 55 6d 32 36 4f 65 76 32 31 79 5a 79 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: u7ArZvPdpUm26Oev21yZyA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	54503	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:40:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 62 75 57 56 75 66 6b 4f 30 2b 46 30 34 48 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 36 32 38 63 30 34 34 36 34 36 30 35 66 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: LbuWVufkO0+F04HM.1Context: a0628c04464605f1
2024-08-29 22:40:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:40:59 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4c 62 75 57 56 75 66 6b 4f 30 2b 46 30 34 48 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 36 32 38 63 30 34 34 36 34 36 30 35 66 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: LbuWVufkO0+F04HM.2Context: a0628c04464605f1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:40:59 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4c 62 75 57 56 75 66 6b 4f 30 2b 46 30 34 48 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 36 32 38 63 30 34 34 36 34 36 30 35 66 31 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: LbuWVufkO0+F04HM.3Context: a0628c04464605f1
2024-08-29 22:41:00 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:41:00 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 58 68 4f 6d 33 45 47 47 30 75 7a 69 4e 54 64 59 41 6e 6d 53 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: LXhOm3EGG0uziNTdYAnmSQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	54504	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:41:05 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 4a 41 37 36 38 75 73 70 45 32 63 4a 57 75 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 66 36 30 64 36 35 31 37 64 37 38 66 33 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: uJA768uspE2cJWuH.1Context: a5f60d6517d78f32
2024-08-29 22:41:05 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:41:05 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 4a 41 37 36 38 75 73 70 45 32 63 4a 57 75 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 66 36 30 64 36 35 31 37 64 37 38 66 33 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: uJA768uspE2cJWuH.2Context: a5f60d6517d78f32<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:41:05 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 4a 41 37 36 38 75 73 70 45 32 63 4a 57 75 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 66 36 30 64 36 35 31 37 64 37 38 66 33 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: uJA768uspE2cJWuH.3Context: a5f60d6517d78f32<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-29 22:41:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:41:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 31 6b 2f 68 54 51 61 44 45 36 46 78 69 79 36 7a 75 55 4f 35 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 11k/hTQaDE6Fxiy6zuUO5Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	54507	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:41:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 66 64 66 61 74 4b 6c 4c 55 2b 39 55 77 34 2b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 35 35 33 37 39 34 63 65 31 36 33 38 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: JfdfatKlLU+9Uw4+.1Context: 989553794ce16385
2024-08-29 22:41:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:41:23 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 66 64 66 61 74 4b 6c 4c 55 2b 39 55 77 34 2b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 35 35 33 37 39 34 63 65 31 36 33 38 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: JfdfatKlLU+9Uw4+.2Context: 989553794ce16385<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:41:23 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4a 66 64 66 61 74 4b 6c 4c 55 2b 39 55 77 34 2b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 39 35 35 33 37 39 34 63 65 31 36 33 38 35 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: JfdfatKlLU+9Uw4+.3Context: 989553794ce16385
2024-08-29 22:41:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:41:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 71 6a 74 7a 71 38 34 52 6b 43 64 77 73 70 41 70 58 75 52 72 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: cqjtzq84RkCdwspApXuRrQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	53450	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-08-29 22:41:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 52 35 65 59 55 30 36 64 6b 47 44 66 77 70 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 66 61 64 39 34 39 32 61 32 31 33 30 66 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WR5eYU06dkGDfwp4.1Context: e4fad9492a2130f0
2024-08-29 22:41:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-29 22:41:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 52 35 65 59 55 30 36 64 6b 47 44 66 77 70 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 66 61 64 39 34 39 32 61 32 31 33 30 66 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 59 69 53 7a 7a 73 64 74 47 36 5a 44 58 37 59 57 6c 37 62 73 66 51 4a 54 56 33 6c 2f 6a 4d 4a 32 68 44 30 4c 31 49 77 31 66 6d 66 6b 49 59 71 45 77 2f 70 2b 34 71 73 31 6f 51 50 6f 66 46 65 35 4c 56 4e 37 34 74 50 55 47 34 55 45 79 74 59 33 56 56 43 65 76 4f 52 69 62 61 77 33 7a 4e 75 59 6c 79 6c 55 30 69 77 57 6a 68 51 4d Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WR5eYU06dkGDfwp4.2Context: e4fad9492a2130f0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASYiSzzsdtG6ZDX7YWl7bsfQJTV3l/jMJ2hD0L1Iw1fmfkIYqEw/p+4qs1oQPofFe5LVN74tPUG4UEytY3VVCevORibaw3zNuYlylU0iwWjhQM
2024-08-29 22:41:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 52 35 65 59 55 30 36 64 6b 47 44 66 77 70 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 66 61 64 39 34 39 32 61 32 31 33 30 66 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WR5eYU06dkGDfwp4.3Context: e4fad9492a2130f0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-29 22:41:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-29 22:41:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 54 78 41 6a 56 66 47 45 6b 6d 74 44 55 75 57 66 2b 50 50 46 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: OTxAjVfGEkmtDUuWf+PPFg.0Payload parsing failed.

Target ID:	0
Start time:	18:40:16
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:40:21
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2184,i,6629427741805133568,13743223665775724751,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:40:22
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://taps.kraftonevent.com/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://taps.kraftonevent.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: malware
Source: https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: malware

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_110, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.6:54499 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:53446 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: taps.kraftonevent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: taps.kraftonevent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://taps.kraftonevent.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: taps.kraftonevent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://taps.kraftonevent.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: taps.kraftonevent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://taps.kraftonevent.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: taps.kraftonevent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: taps.kraftonevent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://taps.kraftonevent.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2864_515767947\sets.json

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2864, Parent PID: 6024

General

Windows Analysis Report
http://taps.kraftonevent.com/