Edit tour

Windows Analysis Report
https://beulad435-8316maraes.pages.dev/296828721837289

Overview

General Information

Sample URL:	https://beulad435-8316maraes.pages.dev/296828721837289
Analysis ID:	1502499
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected BlockedWebSite

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2260,i,336831265092973689,9970920720796225626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://beulad435-8316maraes.pages.dev/296828721837289" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_62	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_60.2.dr, chromecache_61.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_60.2.dr, chromecache_61.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/react-bootstrap
Source: chromecache_60.2.dr, chromecache_61.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/react-dom/umd/react-dom.production.min.js
Source: chromecache_60.2.dr, chromecache_61.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/react/umd/react.production.min.js
Source: chromecache_62.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_62.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.5:49763 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@16/16@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2260,i,336831265092973689,9970920720796225626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://beulad435-8316maraes.pages.dev/296828721837289"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2260,i,336831265092973689,9970920720796225626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://beulad435-8316maraes.pages.dev/296828721837289	100%	Avira URL Cloud	phishing
https://beulad435-8316maraes.pages.dev/296828721837289	17%	Virustotal		Browse
https://beulad435-8316maraes.pages.dev/296828721837289	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdn.jsdelivr.net/npm/react-dom/umd/react-dom.production.min.js	0%	Avira URL Cloud	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://beulad435-8316maraes.pages.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://cdn.jsdelivr.net/npm/bootstrap	0%	Avira URL Cloud	safe
https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://cdn.jsdelivr.net/npm/react/umd/react.production.min.js	0%	Avira URL Cloud	safe
https://beulad435-8316maraes.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://cdn.jsdelivr.net/npm/react-bootstrap	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
beulad435-8316maraes.pages.dev	172.66.46.224	true	false	unknown
www.google.com	216.58.212.132	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://beulad435-8316maraes.pages.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://beulad435-8316maraes.pages.dev/296828721837289	true		unknown
https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown
https://beulad435-8316maraes.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_62.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/react-dom/umd/react-dom.production.min.js	chromecache_60.2.dr, chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/bootstrap	chromecache_60.2.dr, chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/react/umd/react.production.min.js	chromecache_60.2.dr, chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.jsdelivr.net/npm/react-bootstrap	chromecache_60.2.dr, chromecache_61.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_62.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.66.46.224	beulad435-8316maraes.pages.dev	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502499
Start date and time:	2024-09-02 00:11:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://beulad435-8316maraes.pages.dev/296828721837289
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@16/16@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 40.126.31.69, 20.190.159.75, 20.190.159.4, 20.190.159.68, 20.190.159.64, 40.126.31.73, 20.190.159.71, 40.126.31.71, 199.232.210.172, 142.250.186.163, 173.194.76.84, 142.250.185.78, 34.104.35.123, 13.85.23.206, 20.242.39.171, 93.184.221.240, 142.250.186.67
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://beulad435-8316maraes.pages.dev/296828721837289 Model: jbxai	{ "brand":["cloudflare"], "contains_trigger_text":true, "prominent_button_name":"Learn More", "text_input_field_labels":["Your IP: Click to reveal"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: https://beulad435-8316maraes.pages.dev/296828721837289 Model: jbxai

{
"brand":["cloudflare"],
"contains_trigger_text":true,
"prominent_button_name":"Learn More",
"text_input_field_labels":["Your IP: Click to reveal"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 1 21:12:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.987676257490439
Encrypted:	false
SSDEEP:	48:8OddTF1bHcidAKZdA19ehwiZUklqeh+y+3:8k/O9y
MD5:	4B569ABA64E39D9C11C54AC9E6B9A225
SHA1:	C4621691AFE7704396AA136613062C6F1EFBF13A
SHA-256:	DF8AD59F8BD65C240C943B355383A5BAFF31A41FE23B421CAB2B7175C55B0574
SHA-512:	69CC9DE09029CA8DAA5E7FD64C2F8B7FDB19F81BFA5E158626E4F9B597C74D562001CB2C51492961B9ED357C9ED4C4FC647D20AC88E2585A9B4D0BE21B3AB49E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V!Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 1 21:12:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0058035467268835
Encrypted:	false
SSDEEP:	48:8H5ddTF1bHcidAKZdA1weh/iZUkAQkqehty+2:8H5/M9QAy
MD5:	C8681454BFCAC581A9F04DE22397CD4C
SHA1:	1A6BEE6B40293622C939240F89DA33FC9A65CC99
SHA-256:	C82752946A9CBD9E8082AA92C6AB8AF3E0AC6E2223EAAB53CE33D3AC8223A535
SHA-512:	E52330DFAF84AF81A174F1C5B64121EB2EBBEEB2A7B19EC6FA85931261D7B5817F158FF30A570A753AE06E1FF40ADA5E8547251D88779DE1EC55A398EB2FC83F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V!Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.014759857594801
Encrypted:	false
SSDEEP:	48:8xOddTF1sHcidAKZdA14tseh7sFiZUkmgqeh7sHy+BX:8xk/RnBy
MD5:	EF3153791975D27499C013F8EA6DC899
SHA1:	B65B4374DF715D13842DDA9C026AF46A4C0A44BB
SHA-256:	AFFA0E368A110C1291B98E01EE3F3C627C2FAFF7774DF085E7749D02BCD96392
SHA-512:	553F2F733E879D1179E723CF86CD5D8F603C594CF8CB2936A3D8F254B7104C67FCF324B08BDC75EF3629AEACFB729D442B479F728BA07483429949ED559942DB
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 1 21:12:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.004238331983569
Encrypted:	false
SSDEEP:	48:8p9ddTF1bHcidAKZdA1vehDiZUkwqehZy+R:8pN/3fy
MD5:	52B898918D407FDC8047FDC389DFDC19
SHA1:	70F789C21D5CDD118A4FFE6D0B28168C97D861DB
SHA-256:	1A04AA4E2BF4707F01E98FC35F44163C339C90F244C14E1782A6DCF16989E911
SHA-512:	D2550F014DCA971F817470606173D2C9C9DFC2EF787E4874B82AD4C0BC2D88749145489C022B15FBD8D70D6FAF0EA44EC741887DC1D5A151AA5E7DAD52B3412F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....t.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V!Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 1 21:12:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991624704342061
Encrypted:	false
SSDEEP:	48:8BddTF1bHcidAKZdA1hehBiZUk1W1qehLy+C:8x/H9ry
MD5:	2CC6EEE1F2206A1099B316F112399D7F
SHA1:	410FD0E4C013462CB97A06276970C2F6EB225768
SHA-256:	D25215EF662D6C0A86B19F476B6BC8EBF9973A560684BC9822F7515EDB948A13
SHA-512:	381FB39A3FAEF0BC603E1E0A51E15BF474F588B10E40A5591FC88250E53BC6AF56C15CF0CBC7F86F519DB22490E2BFDAA93EDF631A9C3D5DD37167FBD0DBEF86
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....F.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V!Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 1 21:12:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.0016362589995484
Encrypted:	false
SSDEEP:	48:8fddTF1bHcidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbBy+yT+:8j/PT/TbxWOvTbBy7T
MD5:	8A6BE64453800F7F174014764B1D2201
SHA1:	AC1D1832D4B2F648EFC43AA30CBB089A35EAE13E
SHA-256:	2C3F28A93960C26BA7C800E5872EAA9664A72BECFC7C318D3EAA4727484E4D8A
SHA-512:	5F11024CF3E2FE1C1B4F6F50FFEC67506583EB3B4CA5D5ECACBEE688CD908B8466EB3EB1CBE695891263B794B9ACE2A83198D7EFF1F514320AF565175F82B82A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I!Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V!Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V!Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V!Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V!Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............[.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://beulad435-8316maraes.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	5.059011792187525
Encrypted:	false
SSDEEP:	24:0p0JvdYt3DA9iQCCtoJPWnAV2/7E95mSCNeMkSCcO0MkY4Nu:0hA9i2msR/7GhCAMJC+MyNu
MD5:	E179FDE746884835CE31CA76A397E58A
SHA1:	4740957E475DDC012D116C8594B105C9AF3790DE
SHA-256:	64D48900D354D98F416EF5ACFF13DBC1D6E80B0D82D67876D8C2E70A9E8BE8F8
SHA-512:	0F6E5B5001676A95E4A369BABF1F08B478C761F5BCF645C96E0147AA6510F03A2B17D4191E09E8B7AE5E707C43F63DA7A4306EA555DE8AE123A54DCDCB081B43
Malicious:	false
Reputation:	low
Preview:	<!doctype html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <link rel="icon" type="image/svg+xml" href="/assets/facebook_logo_icon_147291-f2dfc6fd.ico" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link. rel="stylesheet". href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css". integrity="sha384-9ndCyUaIbzAi2FUVXJi0CjmCapSmO7SnpJef0486qhLnuZ2cdeRhO02iuK6FUUVM". crossorigin="anonymous". />. <title>Business Help Center \| Privacy Policy</title>. <script type="module" crossorigin src="/assets/index-14fbea31.js"></script>. <link rel="stylesheet" href="/assets/index-d076d531.css">. </head>. <body>. <div id="root"></div>. . </body>. <script src="https://cdn.jsdelivr.net/npm/react/umd/react.production.min.js" crossorigin></script>. <script. src="https://cdn.jsdelivr.net/npm/react-dom/umd/react-dom.production.min.js". crossorigin></script>. <script. src="https://cdn.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	5.059011792187525
Encrypted:	false
SSDEEP:	24:0p0JvdYt3DA9iQCCtoJPWnAV2/7E95mSCNeMkSCcO0MkY4Nu:0hA9i2msR/7GhCAMJC+MyNu
MD5:	E179FDE746884835CE31CA76A397E58A
SHA1:	4740957E475DDC012D116C8594B105C9AF3790DE
SHA-256:	64D48900D354D98F416EF5ACFF13DBC1D6E80B0D82D67876D8C2E70A9E8BE8F8
SHA-512:	0F6E5B5001676A95E4A369BABF1F08B478C761F5BCF645C96E0147AA6510F03A2B17D4191E09E8B7AE5E707C43F63DA7A4306EA555DE8AE123A54DCDCB081B43
Malicious:	false
Reputation:	low
URL:	https://beulad435-8316maraes.pages.dev/favicon.ico
Preview:	<!doctype html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <link rel="icon" type="image/svg+xml" href="/assets/facebook_logo_icon_147291-f2dfc6fd.ico" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link. rel="stylesheet". href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css". integrity="sha384-9ndCyUaIbzAi2FUVXJi0CjmCapSmO7SnpJef0486qhLnuZ2cdeRhO02iuK6FUUVM". crossorigin="anonymous". />. <title>Business Help Center \| Privacy Policy</title>. <script type="module" crossorigin src="/assets/index-14fbea31.js"></script>. <link rel="stylesheet" href="/assets/index-d076d531.css">. </head>. <body>. <div id="root"></div>. . </body>. <script src="https://cdn.jsdelivr.net/npm/react/umd/react.production.min.js" crossorigin></script>. <script. src="https://cdn.jsdelivr.net/npm/react-dom/umd/react-dom.production.min.js". crossorigin></script>. <script. src="https://cdn.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4409
Entropy (8bit):	5.089222843821473
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisrXVA2ZLimerR49PaQxJbGD:1j9jhjYjIK/Vo+tsrZOmerO9ieJGD
MD5:	00391DD9970B716ADC95C1CC772089B3
SHA1:	275FE4A6F616431F78064BF4B13F2AC5CFE3BAE1
SHA-256:	FA0F2B0E79DFFF536012FAAA8CF06255A2FC93AB2C4A2BA12339084827D36EAC
SHA-512:	E76F972C2B7B6816D18FD4D56A3DC024FF33D9549C7222D1192C7F6A693C9C7B7FC28B070DD351132C83240015351E60E78AA8CFBAAA57400FFBE68D5AB4153E
Malicious:	false
Reputation:	low
URL:	https://beulad435-8316maraes.pages.dev/296828721837289
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 00:12:17.564608097 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.564785957 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.583121061 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.583142996 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.583414078 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.583884001 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.583915949 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.583962917 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.896593094 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.896610022 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.896650076 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.896697044 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.896733999 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.896747112 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.896778107 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.897028923 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.897028923 CEST	49720	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.897047997 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.897057056 CEST	443	49720	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.913937092 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.913974047 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:17.914066076 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.914189100 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:17.914199114 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:18.661786079 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:18.662405968 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:18.662427902 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:18.666215897 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:18.666224003 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:18.666261911 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:18.666270018 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.005815983 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.005861998 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.006001949 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.006211042 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.006225109 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.186564922 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.186602116 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.186650991 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.186692953 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.186708927 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.186734915 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.187021017 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.187082052 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.187129021 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.187148094 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.187159061 CEST	49722	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.187163115 CEST	443	49722	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.212939978 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.212971926 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.213048935 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.213776112 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.213788033 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.229140997 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:19.229145050 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:19.338521957 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:19.865475893 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.865847111 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.865863085 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.867172956 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.867177963 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.867221117 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:19.867232084 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:19.986820936 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.987006903 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.993083954 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.993094921 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.993349075 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.995568991 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.995718956 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:19.995728016 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:19.996340990 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:20.040523052 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:20.166634083 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:20.166728020 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:20.166790962 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:20.166985035 CEST	49727	443	192.168.2.5	40.113.103.199
Sep 2, 2024 00:12:20.167005062 CEST	443	49727	40.113.103.199	192.168.2.5
Sep 2, 2024 00:12:20.230091095 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230118036 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230154991 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230237007 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:20.230257034 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230602026 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:20.230621099 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230631113 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:20.230756998 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230787992 CEST	443	49725	20.190.159.0	192.168.2.5
Sep 2, 2024 00:12:20.230827093 CEST	49725	443	192.168.2.5	20.190.159.0
Sep 2, 2024 00:12:20.264719009 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:20.264751911 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:20.264837980 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:20.265415907 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:20.265429974 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.120321989 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.120445013 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.123006105 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.123018026 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.123240948 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.125435114 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.125516891 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.125523090 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.125771999 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.172504902 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.296895981 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.297132015 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.297575951 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.298000097 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:21.298017979 CEST	443	49728	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:21.298031092 CEST	49728	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:28.819979906 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:28.820022106 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:28.820095062 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:28.821464062 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:28.821475983 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:28.856100082 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:28.897748947 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:29.059279919 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:29.576111078 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.576181889 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.578336954 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.578345060 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.578577042 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.580744028 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.580802917 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.580807924 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.580905914 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.624502897 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.746067047 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.746153116 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.746220112 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.746432066 CEST	49733	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:29.746450901 CEST	443	49733	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:29.874319077 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.874346972 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:29.874427080 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.874692917 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.874716043 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:29.874774933 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.875045061 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.875057936 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:29.875199080 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:29.875211954 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.319140911 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.319467068 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.319479942 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.320348978 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.320461035 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.321227074 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.321475029 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.321494102 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.321734905 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.321795940 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.321948051 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.321955919 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.322401047 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.322467089 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.322782040 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.322838068 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.432336092 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.432372093 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.432413101 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.432492971 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.432497978 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.432559013 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.432559013 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.491990089 CEST	49736	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.492007017 CEST	443	49736	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.493472099 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.493518114 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.548127890 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.590914011 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.590960026 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591000080 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591017008 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.591052055 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591099024 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.591103077 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591114998 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591171026 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.591182947 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591233015 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.591278076 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.591289043 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.596064091 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.596131086 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.596159935 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.596194983 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.596239090 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.596251011 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.652515888 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.675296068 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675412893 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675467014 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.675498009 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675542116 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675585985 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.675599098 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675671101 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.675718069 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.676816940 CEST	49737	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.676846027 CEST	443	49737	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.744805098 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.744848013 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.744937897 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.745280981 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:30.745299101 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:30.836409092 CEST	443	49715	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:30.836519957 CEST	49715	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:31.034801006 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.034840107 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.034949064 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.035576105 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.035588980 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.208316088 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.208736897 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:31.208746910 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.209043026 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.209496975 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:31.209553003 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.209748030 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:31.256491899 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.342813015 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.343002081 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.343168020 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:31.789413929 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.789510965 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.798437119 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.798453093 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.798779964 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.844762087 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.844980955 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.844989061 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:31.846024990 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:31.880681992 CEST	49739	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:31.880707026 CEST	443	49739	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:31.888499975 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:32.016834974 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.016865015 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.016962051 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.017496109 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.017507076 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.020585060 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:32.020936012 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:32.020986080 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:32.021348953 CEST	49740	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:32.021364927 CEST	443	49740	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:32.467427015 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.469223976 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.469238997 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.469599962 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.471863985 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.471925020 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.472381115 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.512504101 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.645808935 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.645953894 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:32.646013975 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.648387909 CEST	49742	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:32.648402929 CEST	443	49742	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.071238041 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.071264982 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.071357012 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.071543932 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.071553946 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.082783937 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.082815886 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.082879066 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.083296061 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.083312988 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.134851933 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.134886980 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.134969950 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.135586977 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.135600090 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.542669058 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.547821999 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.547841072 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.548906088 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.548965931 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.549787998 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.549850941 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.551212072 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.551222086 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.574820042 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.575304985 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.575326920 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.576359034 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.576428890 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.576920986 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.576982021 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.577050924 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.605494022 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.620506048 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.666851044 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.666862965 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.673278093 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.673365116 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.673916101 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.674215078 CEST	49744	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.674228907 CEST	443	49744	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.700184107 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.700562954 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.700575113 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.701596022 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.701798916 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.703542948 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.703605890 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:33.746311903 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.746366024 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.746380091 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.746392012 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.746438980 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.752360106 CEST	49745	443	192.168.2.5	172.66.46.224
Sep 2, 2024 00:12:33.752372026 CEST	443	49745	172.66.46.224	192.168.2.5
Sep 2, 2024 00:12:33.852190018 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:33.852202892 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:34.058626890 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:34.354198933 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:34.354229927 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:34.354314089 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:34.356821060 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:34.356834888 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:34.981019974 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:34.981117964 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:34.985832930 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:34.985845089 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:34.986112118 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.055048943 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.276823044 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.324506998 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.454655886 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.454735041 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.454874992 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.455018044 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.455018044 CEST	49747	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.455040932 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.455054045 CEST	443	49747	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.505641937 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.505696058 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:35.505815029 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.507064104 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:35.507081032 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.119652987 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.119779110 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.120850086 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.120866060 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.121093988 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.122150898 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.164501905 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.381903887 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.381989956 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.382046938 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.382973909 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.382997990 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:36.383011103 CEST	49748	443	192.168.2.5	184.28.90.27
Sep 2, 2024 00:12:36.383017063 CEST	443	49748	184.28.90.27	192.168.2.5
Sep 2, 2024 00:12:39.394153118 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:39.394177914 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:39.394514084 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:39.397058010 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:39.397073030 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.069673061 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.069837093 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.075089931 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.075099945 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.075355053 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.122443914 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.163099051 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.204504967 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388845921 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388870001 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388879061 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388889074 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388921022 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388933897 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.388950109 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.388969898 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.389357090 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.389399052 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.389405012 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.389416933 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.389440060 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.389559031 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.389610052 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.389657021 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.401916027 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.401942015 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.401971102 CEST	49749	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:12:40.401977062 CEST	443	49749	13.85.23.86	192.168.2.5
Sep 2, 2024 00:12:40.549539089 CEST	49715	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:40.549629927 CEST	49715	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:40.549989939 CEST	49751	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:40.550025940 CEST	443	49751	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:40.550128937 CEST	49751	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:40.550600052 CEST	49751	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:40.550615072 CEST	443	49751	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:40.554388046 CEST	443	49715	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:40.554398060 CEST	443	49715	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:41.113445997 CEST	443	49751	23.1.237.91	192.168.2.5
Sep 2, 2024 00:12:41.113537073 CEST	49751	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:12:41.815538883 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:41.815567017 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:41.815788984 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:41.816181898 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:41.816194057 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.655431986 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.655497074 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.657754898 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.657764912 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.657990932 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.659946918 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.660026073 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.660032034 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.660173893 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.704509974 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.827055931 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.827199936 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.827450991 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.827625036 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:42.827639103 CEST	443	49752	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:42.827652931 CEST	49752	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:43.651441097 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:43.651508093 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:43.651618004 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:45.280946016 CEST	49743	443	192.168.2.5	216.58.212.132
Sep 2, 2024 00:12:45.280970097 CEST	443	49743	216.58.212.132	192.168.2.5
Sep 2, 2024 00:12:46.045929909 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.045983076 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.046053886 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.046783924 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.046798944 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.844574928 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.844664097 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.850121975 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.850136995 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.850370884 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.852117062 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.852485895 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.852492094 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:46.852776051 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:46.896507025 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:47.027326107 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:47.027393103 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:47.027652979 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:47.028337955 CEST	49753	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:47.028358936 CEST	443	49753	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:53.332771063 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:53.332808971 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:53.332920074 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:53.333801031 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:53.333813906 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.142272949 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.142366886 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.145308971 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.145320892 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.145556927 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.147742033 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.147933960 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.147939920 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.148425102 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.188510895 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.327291012 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.327392101 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:12:54.327456951 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.327796936 CEST	49754	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:12:54.327811956 CEST	443	49754	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:00.258467913 CEST	443	49751	23.1.237.91	192.168.2.5
Sep 2, 2024 00:13:00.258562088 CEST	49751	443	192.168.2.5	23.1.237.91
Sep 2, 2024 00:13:07.099462032 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.099503040 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.099597931 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.100106955 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.100120068 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.874423981 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.874495029 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.880384922 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.880393982 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.880657911 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.882422924 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.882486105 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.882492065 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:07.882596016 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:07.928498030 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:08.048258066 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:08.048602104 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:08.048662901 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.048830986 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.048856020 CEST	443	49755	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:08.048865080 CEST	49755	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.296189070 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.296236038 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:08.296302080 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.296930075 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:08.296942949 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.074954987 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.075112104 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.077111959 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.077121973 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.077367067 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.078828096 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.079013109 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.079013109 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.079020023 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.124499083 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.256632090 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.257347107 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.257383108 CEST	443	49756	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:09.257420063 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:09.257443905 CEST	49756	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:16.682537079 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:16.682566881 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:16.682668924 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:16.683129072 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:16.683144093 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.320296049 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.320375919 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.321758032 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.321765900 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.321996927 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.323419094 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.368499994 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.569222927 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.569250107 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.569263935 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.569374084 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.569389105 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.569453001 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.570106030 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.570141077 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.570194960 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.570195913 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.570235014 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.570255041 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.576082945 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.576105118 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:17.576153994 CEST	49757	443	192.168.2.5	13.85.23.86
Sep 2, 2024 00:13:17.576159954 CEST	443	49757	13.85.23.86	192.168.2.5
Sep 2, 2024 00:13:26.804133892 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:26.804173946 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:26.804404974 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:26.805187941 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:26.805201054 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.580627918 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.580709934 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.587146044 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.587157011 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.587420940 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.589833021 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.590145111 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.590150118 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.590549946 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.636497021 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.761179924 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.761265039 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:27.761421919 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.764904976 CEST	49759	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:27.764923096 CEST	443	49759	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:33.130681038 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:33.130714893 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.130789042 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:33.131052971 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:33.131072044 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.814908028 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.815449953 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:33.815464020 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.815792084 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.816250086 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:33.816307068 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:33.871151924 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:37.704539061 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:37.704597950 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:37.704761028 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:37.721671104 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:37.721688986 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.623425961 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.623547077 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.628523111 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.628532887 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.628828049 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.632591963 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.633078098 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.633083105 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.633512020 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.676496029 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.811472893 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.811588049 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:38.811640978 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.817387104 CEST	49762	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:38.817409992 CEST	443	49762	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:43.654839993 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:43.654910088 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:43.655280113 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:45.352107048 CEST	49761	443	192.168.2.5	142.250.185.164
Sep 2, 2024 00:13:45.352134943 CEST	443	49761	142.250.185.164	192.168.2.5
Sep 2, 2024 00:13:52.224419117 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:52.224468946 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:52.224636078 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:52.225325108 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:52.225338936 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.033318996 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.033413887 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.035624981 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.035635948 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.035875082 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.037928104 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.038058043 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.038063049 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.038388014 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.080493927 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.221456051 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.221793890 CEST	443	49763	40.113.110.67	192.168.2.5
Sep 2, 2024 00:13:53.221932888 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.222014904 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.222014904 CEST	49763	443	192.168.2.5	40.113.110.67
Sep 2, 2024 00:13:53.222035885 CEST	443	49763	40.113.110.67	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 00:12:28.478089094 CEST	53	54314	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:28.480700970 CEST	53	54185	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:29.454333067 CEST	53	60502	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:29.860959053 CEST	57854	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:29.861159086 CEST	53562	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:29.872220039 CEST	53	53562	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:29.873106003 CEST	53	57854	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:33.061796904 CEST	60703	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:33.062657118 CEST	49229	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:33.068026066 CEST	60076	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:33.068627119 CEST	53	60703	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:33.068705082 CEST	56111	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:12:33.069446087 CEST	53	49229	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:33.079576015 CEST	53	60076	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:33.081789970 CEST	53	56111	1.1.1.1	192.168.2.5
Sep 2, 2024 00:12:46.577927113 CEST	53	56349	1.1.1.1	192.168.2.5
Sep 2, 2024 00:13:05.548440933 CEST	53	62040	1.1.1.1	192.168.2.5
Sep 2, 2024 00:13:28.097728014 CEST	53	62407	1.1.1.1	192.168.2.5
Sep 2, 2024 00:13:28.170787096 CEST	53	52291	1.1.1.1	192.168.2.5
Sep 2, 2024 00:13:33.122665882 CEST	49662	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:13:33.123133898 CEST	53400	53	192.168.2.5	1.1.1.1
Sep 2, 2024 00:13:33.129594088 CEST	53	49662	1.1.1.1	192.168.2.5
Sep 2, 2024 00:13:33.129873037 CEST	53	53400	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 2, 2024 00:12:29.860959053 CEST	192.168.2.5	1.1.1.1	0xf8a4	Standard query (0)	beulad435-8316maraes.pages.dev	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:29.861159086 CEST	192.168.2.5	1.1.1.1	0xee3	Standard query (0)	beulad435-8316maraes.pages.dev	65	IN (0x0001)	false
Sep 2, 2024 00:12:33.061796904 CEST	192.168.2.5	1.1.1.1	0x5f79	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.062657118 CEST	192.168.2.5	1.1.1.1	0x676	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 2, 2024 00:12:33.068026066 CEST	192.168.2.5	1.1.1.1	0xaf4b	Standard query (0)	beulad435-8316maraes.pages.dev	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.068705082 CEST	192.168.2.5	1.1.1.1	0x9799	Standard query (0)	beulad435-8316maraes.pages.dev	65	IN (0x0001)	false
Sep 2, 2024 00:13:33.122665882 CEST	192.168.2.5	1.1.1.1	0x66ae	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:13:33.123133898 CEST	192.168.2.5	1.1.1.1	0x3116	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 2, 2024 00:12:18.656358957 CEST	1.1.1.1	192.168.2.5	0x7d28	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:18.656358957 CEST	1.1.1.1	192.168.2.5	0x7d28	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:29.872220039 CEST	1.1.1.1	192.168.2.5	0xee3	No error (0)	beulad435-8316maraes.pages.dev		65	IN (0x0001)	false
Sep 2, 2024 00:12:29.873106003 CEST	1.1.1.1	192.168.2.5	0xf8a4	No error (0)	beulad435-8316maraes.pages.dev	172.66.46.224	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:29.873106003 CEST	1.1.1.1	192.168.2.5	0xf8a4	No error (0)	beulad435-8316maraes.pages.dev	172.66.45.32	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.068627119 CEST	1.1.1.1	192.168.2.5	0x5f79	No error (0)	www.google.com	216.58.212.132	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.069446087 CEST	1.1.1.1	192.168.2.5	0x676	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 2, 2024 00:12:33.079576015 CEST	1.1.1.1	192.168.2.5	0xaf4b	No error (0)	beulad435-8316maraes.pages.dev	172.66.46.224	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.079576015 CEST	1.1.1.1	192.168.2.5	0xaf4b	No error (0)	beulad435-8316maraes.pages.dev	172.66.45.32	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:12:33.081789970 CEST	1.1.1.1	192.168.2.5	0x9799	No error (0)	beulad435-8316maraes.pages.dev		65	IN (0x0001)	false
Sep 2, 2024 00:13:33.129594088 CEST	1.1.1.1	192.168.2.5	0x66ae	No error (0)	www.google.com	142.250.185.164	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:13:33.129873037 CEST	1.1.1.1	192.168.2.5	0x3116	No error (0)	www.google.com		65	IN (0x0001)	false
Sep 2, 2024 00:13:41.242075920 CEST	1.1.1.1	192.168.2.5	0xc829	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 2, 2024 00:13:41.242075920 CEST	1.1.1.1	192.168.2.5	0xc829	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

beulad435-8316maraes.pages.dev

https:

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49720	20.190.159.0	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:17 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-09-01 22:12:17 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-01 22:12:17 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 01 Sep 2024 22:11:17 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C559_SN1 x-ms-request-id: 5ba0068f-a321-4a1a-9e91-94785715d4bb PPServer: PPV: 30 H: SN1PEPF0002FA43 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 01 Sep 2024 22:12:17 GMT Connection: close Content-Length: 11389
2024-09-01 22:12:17 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49722	20.190.159.0	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:18 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4694 Host: login.live.com
2024-09-01 22:12:18 UTC	4694	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-01 22:12:19 UTC	656	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 01 Sep 2024 22:11:19 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=5&213=280810&215=0&315=1&215=0&315=1&214=30&288=16.0.30345.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C559_SN1 x-ms-request-id: 5f72c014-27d2-4f26-a4e5-b8852fd0273f PPServer: PPV: 30 H: SN1PEPF0002FA84 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 01 Sep 2024 22:12:18 GMT Connection: close Content-Length: 10901
2024-09-01 22:12:19 UTC	10901	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49725	20.190.159.0	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:19 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4694 Host: login.live.com
2024-09-01 22:12:19 UTC	4694	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-09-01 22:12:20 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sun, 01 Sep 2024 22:11:20 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C559_SN1 x-ms-request-id: a4268ef7-1b26-4604-82f9-f53044b7f8de PPServer: PPV: 30 H: SN1PEPF0002FA8E V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sun, 01 Sep 2024 22:12:19 GMT Connection: close Content-Length: 10901
2024-09-01 22:12:20 UTC	10901	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49727	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 51 41 6d 6a 51 76 57 6f 30 53 66 41 46 4d 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 65 62 34 37 37 33 37 63 35 63 32 64 31 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: DQAmjQvWo0SfAFMH.1Context: d5eb47737c5c2d18
2024-09-01 22:12:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:19 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 51 41 6d 6a 51 76 57 6f 30 53 66 41 46 4d 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 65 62 34 37 37 33 37 63 35 63 32 64 31 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6a 4e 77 7a 2f 44 70 76 58 79 41 70 51 56 4c 77 68 70 4a 4c 49 7a 74 6a 41 7a 57 48 64 51 6b 37 47 6c 2f 67 45 69 31 68 52 4d 5a 56 41 48 78 49 4f 73 36 45 42 6b 73 49 51 4a 58 6e 4b 73 32 47 50 47 35 47 41 44 33 30 7a 61 31 51 53 5a 63 62 4e 68 79 63 70 6c 41 49 77 65 2b 74 43 48 78 39 76 6b 39 62 57 52 34 64 4c 4b 34 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DQAmjQvWo0SfAFMH.2Context: d5eb47737c5c2d18<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWjNwz/DpvXyApQVLwhpJLIztjAzWHdQk7Gl/gEi1hRMZVAHxIOs6EBksIQJXnKs2GPG5GAD30za1QSZcbNhycplAIwe+tCHx9vk9bWR4dLK4A
2024-09-01 22:12:19 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 44 51 41 6d 6a 51 76 57 6f 30 53 66 41 46 4d 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 35 65 62 34 37 37 33 37 63 35 63 32 64 31 38 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: DQAmjQvWo0SfAFMH.3Context: d5eb47737c5c2d18
2024-09-01 22:12:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 73 51 42 6f 43 7a 6a 6f 50 6b 53 59 71 6f 6d 72 50 41 38 4f 57 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: sQBoCzjoPkSYqomrPA8OWw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49728	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 4e 64 78 76 4c 35 67 73 55 6d 4d 4d 77 63 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 33 34 32 36 62 31 61 63 62 32 65 32 32 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: QNdxvL5gsUmMMwce.1Context: 7e3426b1acb2e226
2024-09-01 22:12:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 4e 64 78 76 4c 35 67 73 55 6d 4d 4d 77 63 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 33 34 32 36 62 31 61 63 62 32 65 32 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: QNdxvL5gsUmMMwce.2Context: 7e3426b1acb2e226<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:12:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 4e 64 78 76 4c 35 67 73 55 6d 4d 4d 77 63 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 33 34 32 36 62 31 61 63 62 32 65 32 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: QNdxvL5gsUmMMwce.3Context: 7e3426b1acb2e226<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:12:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 76 39 2b 6e 6f 72 53 5a 55 6d 42 69 7a 33 57 4e 62 4d 42 6c 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Lv9+norSZUmBiz3WNbMBlg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49733	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 70 55 54 57 46 4a 61 62 7a 45 71 4e 55 39 77 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 32 33 36 66 34 64 39 32 61 61 64 35 35 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: pUTWFJabzEqNU9wP.1Context: 90236f4d92aad555
2024-09-01 22:12:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 70 55 54 57 46 4a 61 62 7a 45 71 4e 55 39 77 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 32 33 36 66 34 64 39 32 61 61 64 35 35 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6a 4e 77 7a 2f 44 70 76 58 79 41 70 51 56 4c 77 68 70 4a 4c 49 7a 74 6a 41 7a 57 48 64 51 6b 37 47 6c 2f 67 45 69 31 68 52 4d 5a 56 41 48 78 49 4f 73 36 45 42 6b 73 49 51 4a 58 6e 4b 73 32 47 50 47 35 47 41 44 33 30 7a 61 31 51 53 5a 63 62 4e 68 79 63 70 6c 41 49 77 65 2b 74 43 48 78 39 76 6b 39 62 57 52 34 64 4c 4b 34 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: pUTWFJabzEqNU9wP.2Context: 90236f4d92aad555<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWjNwz/DpvXyApQVLwhpJLIztjAzWHdQk7Gl/gEi1hRMZVAHxIOs6EBksIQJXnKs2GPG5GAD30za1QSZcbNhycplAIwe+tCHx9vk9bWR4dLK4A
2024-09-01 22:12:29 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 70 55 54 57 46 4a 61 62 7a 45 71 4e 55 39 77 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 30 32 33 36 66 34 64 39 32 61 61 64 35 35 35 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: pUTWFJabzEqNU9wP.3Context: 90236f4d92aad555
2024-09-01 22:12:29 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:29 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 52 36 6e 33 49 2b 4b 61 4e 55 43 62 67 2f 71 59 62 47 33 37 71 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: R6n3I+KaNUCbg/qYbG37qQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49736	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:30 UTC	688	OUT	GET /296828721837289 HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:30 UTC	571	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YvPfjz8ePiiJM6xatZqEZHbrEwT3dEamE5U7%2BhyOulFSLvJdqeXZGy4Qe2VrH1%2FSTDdTQ6u61txD0KYOKo%2BTsxdqNu1CPdCHJJtPjSWeewlJQykWCf5NcPgO2Bl48ROunatNV47f%2Fyt%2BRz6XFOpANI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc89a29ef78c3f5-EWR
2024-09-01 22:12:30 UTC	798	IN	Data Raw: 31 31 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1139<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: ef="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 2e 34 39 63 6b 65 6c 68 73 69 41 59 53 42 6c 65 55 49 6b 4a 49 64 6a 71 4c 7a 41 53 76 5f 79 70 6e 62 6d 4a 65 75 2e 7a 2e 45 55 2d 31 37 32 35 32 32 38 37 35 30 2d 30 2e 30 2e 31 2e 31 2d 2f 32 39 36 38 32 38 37 32 31 38 33 37 32 38 39 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 Data Ascii: e="text/plain"> <input type="hidden" name="atok" value=".49ckelhsiAYSBleUIkJIdjqLzASv_ypnbmJeu.z.EU-1725228750-0.0.1.1-/296828721837289"> <a href="https://www.cloudflare.com/learning/access-management/phi
2024-09-01 22:12:30 UTC	881	IN	Data Raw: 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e Data Ascii: pan class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_lin
2024-09-01 22:12:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49737	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:30 UTC	602	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://beulad435-8316maraes.pages.dev/296828721837289 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:30 UTC	411	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:30 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT ETag: "66ce249e-5df3" Server: cloudflare CF-RAY: 8bc89a2aef2f4295-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Sep 2024 00:12:30 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-01 22:12:30 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-09-01 22:12:30 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49739	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:31 UTC	679	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:31 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:31 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT ETag: "66ce249e-1c4" Server: cloudflare CF-RAY: 8bc89a2f9b9dc32c-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Sep 2024 00:12:31 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-01 22:12:31 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49740	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 51 2f 4e 59 6f 6f 75 6f 55 75 55 50 4b 55 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 30 35 36 63 39 32 36 31 35 31 32 62 30 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BQ/NYoouoUuUPKUB.1Context: ac056c9261512b09
2024-09-01 22:12:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 51 2f 4e 59 6f 6f 75 6f 55 75 55 50 4b 55 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 30 35 36 63 39 32 36 31 35 31 32 62 30 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BQ/NYoouoUuUPKUB.2Context: ac056c9261512b09<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:12:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 51 2f 4e 59 6f 6f 75 6f 55 75 55 50 4b 55 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 30 35 36 63 39 32 36 31 35 31 32 62 30 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: BQ/NYoouoUuUPKUB.3Context: ac056c9261512b09<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:12:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 56 34 49 66 72 56 43 38 55 75 4a 79 30 59 45 71 63 46 5a 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +V4IfrVC8UuJy0YEqcFZiQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49742	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:32 UTC	631	OUT	GET /favicon.ico HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://beulad435-8316maraes.pages.dev/296828721837289 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:32 UTC	738	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:32 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4wtEqKPNd6JHnJzXzC8u1zhomBxmEfelILFxwAdNYqOOusTGem7jH2kY4YrP%2BGgNFJ2zg%2FdELaPU1%2FX4zCxy0Dds15HgvIB%2B7KZIrMHXw%2BhHzcWPCvyU6UbdS5asdkAxWqDxOyv0Y7oBBpocLjjykg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc89a376d0c8c4d-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 22:12:32 UTC	1161	IN	Data Raw: 34 38 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 66 61 63 65 62 6f 6f 6b 5f 6c 6f 67 6f 5f 69 63 6f 6e 5f 31 34 37 32 39 31 2d 66 32 64 66 63 36 66 64 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 Data Ascii: 482<!doctype html><html lang="en"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/assets/facebook_logo_icon_147291-f2dfc6fd.ico" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
2024-09-01 22:12:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49744	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:33 UTC	400	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:33 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:33 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 27 Aug 2024 19:10:22 GMT ETag: "66ce249e-1c4" Server: cloudflare CF-RAY: 8bc89a3e19e5188d-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Sep 2024 00:12:33 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-01 22:12:33 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49745	172.66.46.224	443	4012	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:33 UTC	365	OUT	GET /favicon.ico HTTP/1.1 Host: beulad435-8316maraes.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 22:12:33 UTC	742	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 22:12:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TkQpdEGbGnD%2FIki3uXMDKYxFyF%2BSd1YIWnn1p6tFtu6cKIiCIWQjviNEJfU7VZO%2B8yX9dt7XA41kyJzA7KUei%2FbqOWxuQv0IIE4AqAzMnK4wwto1YkaHN%2FejVFwi62Bvz%2FdM329VHLzAYXZL9%2BeFlzs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc89a3e5e07c351-EWR alt-svc: h3=":443"; ma=86400
2024-09-01 22:12:33 UTC	1161	IN	Data Raw: 34 38 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 66 61 63 65 62 6f 6f 6b 5f 6c 6f 67 6f 5f 69 63 6f 6e 5f 31 34 37 32 39 31 2d 66 32 64 66 63 36 66 64 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 Data Ascii: 482<!doctype html><html lang="en"> <head> <meta charset="UTF-8" /> <link rel="icon" type="image/svg+xml" href="/assets/facebook_logo_icon_147291-f2dfc6fd.ico" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
2024-09-01 22:12:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:35 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 22:12:35 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=153185 Date: Sun, 01 Sep 2024 22:12:35 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-01 22:12:36 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=153184 Date: Sun, 01 Sep 2024 22:12:36 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-01 22:12:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49749	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:40 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9PRzH3cYfgcdyc2&MD=uc8FmAb6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-01 22:12:40 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 00593007-27a0-4462-aaa7-3ed01c7d1535 MS-RequestId: 7bda7e10-cd29-4e22-85ac-0c3120451984 MS-CV: vUux1Jb7SEKJZkiD.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 01 Sep 2024 22:12:39 GMT Connection: close Content-Length: 24490
2024-09-01 22:12:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-01 22:12:40 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49752	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 76 66 4c 45 4d 4f 46 47 55 4b 2f 36 2b 6d 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 35 38 33 34 39 65 62 31 39 33 30 35 65 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WvfLEMOFGUK/6+m/.1Context: fe58349eb19305e8
2024-09-01 22:12:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:42 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 76 66 4c 45 4d 4f 46 47 55 4b 2f 36 2b 6d 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 35 38 33 34 39 65 62 31 39 33 30 35 65 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WvfLEMOFGUK/6+m/.2Context: fe58349eb19305e8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:12:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 76 66 4c 45 4d 4f 46 47 55 4b 2f 36 2b 6d 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 35 38 33 34 39 65 62 31 39 33 30 35 65 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WvfLEMOFGUK/6+m/.3Context: fe58349eb19305e8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:12:42 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:42 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 71 43 78 34 42 4c 43 4a 30 79 43 63 30 2b 70 6e 61 42 34 65 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UqCx4BLCJ0yCc0+pnaB4eQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49753	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:46 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 73 4a 33 4b 32 55 43 77 30 75 50 58 65 71 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 39 65 34 61 37 64 35 61 62 37 38 34 35 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2sJ3K2UCw0uPXeqh.1Context: 499e4a7d5ab78453
2024-09-01 22:12:46 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:46 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 73 4a 33 4b 32 55 43 77 30 75 50 58 65 71 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 39 65 34 61 37 64 35 61 62 37 38 34 35 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6a 4e 77 7a 2f 44 70 76 58 79 41 70 51 56 4c 77 68 70 4a 4c 49 7a 74 6a 41 7a 57 48 64 51 6b 37 47 6c 2f 67 45 69 31 68 52 4d 5a 56 41 48 78 49 4f 73 36 45 42 6b 73 49 51 4a 58 6e 4b 73 32 47 50 47 35 47 41 44 33 30 7a 61 31 51 53 5a 63 62 4e 68 79 63 70 6c 41 49 77 65 2b 74 43 48 78 39 76 6b 39 62 57 52 34 64 4c 4b 34 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2sJ3K2UCw0uPXeqh.2Context: 499e4a7d5ab78453<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWjNwz/DpvXyApQVLwhpJLIztjAzWHdQk7Gl/gEi1hRMZVAHxIOs6EBksIQJXnKs2GPG5GAD30za1QSZcbNhycplAIwe+tCHx9vk9bWR4dLK4A
2024-09-01 22:12:46 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 32 73 4a 33 4b 32 55 43 77 30 75 50 58 65 71 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 39 65 34 61 37 64 35 61 62 37 38 34 35 33 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 2sJ3K2UCw0uPXeqh.3Context: 499e4a7d5ab78453
2024-09-01 22:12:47 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:47 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 42 35 59 75 65 33 53 76 6b 6d 53 55 35 32 30 78 78 34 54 56 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: oB5Yue3SvkmSU520xx4TVg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49754	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:12:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 62 37 48 36 74 55 62 36 30 36 39 31 5a 46 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 66 62 61 32 36 39 61 39 30 64 61 32 30 32 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Vb7H6tUb60691ZFp.1Context: afba269a90da2025
2024-09-01 22:12:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:12:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 62 37 48 36 74 55 62 36 30 36 39 31 5a 46 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 66 62 61 32 36 39 61 39 30 64 61 32 30 32 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Vb7H6tUb60691ZFp.2Context: afba269a90da2025<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:12:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 62 37 48 36 74 55 62 36 30 36 39 31 5a 46 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 66 62 61 32 36 39 61 39 30 64 61 32 30 32 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Vb7H6tUb60691ZFp.3Context: afba269a90da2025<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:12:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:12:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 43 46 34 32 5a 4b 74 36 6b 79 36 76 79 66 64 4a 72 66 6d 6b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: aCF42ZKt6ky6vyfdJrfmkQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.5	49755	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 76 4d 4f 68 6b 77 33 39 30 71 43 4d 56 6b 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 38 66 63 37 61 62 38 34 62 36 39 35 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BvMOhkw390qCMVk8.1Context: 33e8fc7ab84b6957
2024-09-01 22:13:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:13:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 42 76 4d 4f 68 6b 77 33 39 30 71 43 4d 56 6b 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 38 66 63 37 61 62 38 34 62 36 39 35 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: BvMOhkw390qCMVk8.2Context: 33e8fc7ab84b6957<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:13:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 76 4d 4f 68 6b 77 33 39 30 71 43 4d 56 6b 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 38 66 63 37 61 62 38 34 62 36 39 35 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: BvMOhkw390qCMVk8.3Context: 33e8fc7ab84b6957<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:13:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:13:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 76 6a 42 50 78 4d 61 6a 33 30 4b 42 55 74 32 39 69 79 32 6a 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: vjBPxMaj30KBUt29iy2jiQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49756	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 61 34 6c 49 38 50 79 32 52 30 43 65 48 42 4e 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 38 30 64 62 31 61 62 62 35 32 63 30 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: a4lI8Py2R0CeHBNu.1Context: 8cd80db1abb52c09
2024-09-01 22:13:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:13:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 61 34 6c 49 38 50 79 32 52 30 43 65 48 42 4e 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 38 30 64 62 31 61 62 62 35 32 63 30 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6a 4e 77 7a 2f 44 70 76 58 79 41 70 51 56 4c 77 68 70 4a 4c 49 7a 74 6a 41 7a 57 48 64 51 6b 37 47 6c 2f 67 45 69 31 68 52 4d 5a 56 41 48 78 49 4f 73 36 45 42 6b 73 49 51 4a 58 6e 4b 73 32 47 50 47 35 47 41 44 33 30 7a 61 31 51 53 5a 63 62 4e 68 79 63 70 6c 41 49 77 65 2b 74 43 48 78 39 76 6b 39 62 57 52 34 64 4c 4b 34 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: a4lI8Py2R0CeHBNu.2Context: 8cd80db1abb52c09<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWjNwz/DpvXyApQVLwhpJLIztjAzWHdQk7Gl/gEi1hRMZVAHxIOs6EBksIQJXnKs2GPG5GAD30za1QSZcbNhycplAIwe+tCHx9vk9bWR4dLK4A
2024-09-01 22:13:09 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 61 34 6c 49 38 50 79 32 52 30 43 65 48 42 4e 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 38 30 64 62 31 61 62 62 35 32 63 30 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: a4lI8Py2R0CeHBNu.3Context: 8cd80db1abb52c09
2024-09-01 22:13:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:13:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 66 31 2f 6f 78 47 6b 44 77 55 4f 77 78 43 64 2f 35 65 71 72 62 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: f1/oxGkDwUOwxCd/5eqrbw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49757	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:17 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9PRzH3cYfgcdyc2&MD=uc8FmAb6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-01 22:13:17 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: b4adc09f-c553-464e-9962-a175210df364 MS-RequestId: 753d357e-4126-4ca2-b889-f42281dbe062 MS-CV: gXpORpHcw0Oyy0vs.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 01 Sep 2024 22:13:16 GMT Connection: close Content-Length: 30005
2024-09-01 22:13:17 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-01 22:13:17 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49759	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 41 53 44 57 4c 4a 48 39 55 43 38 39 30 6b 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 66 35 64 37 64 36 34 33 61 34 39 34 65 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7ASDWLJH9UC890kI.1Context: 7ef5d7d643a494e2
2024-09-01 22:13:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:13:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 41 53 44 57 4c 4a 48 39 55 43 38 39 30 6b 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 66 35 64 37 64 36 34 33 61 34 39 34 65 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7ASDWLJH9UC890kI.2Context: 7ef5d7d643a494e2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:13:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 41 53 44 57 4c 4a 48 39 55 43 38 39 30 6b 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 66 35 64 37 64 36 34 33 61 34 39 34 65 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7ASDWLJH9UC890kI.3Context: 7ef5d7d643a494e2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:13:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:13:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 45 59 35 64 6a 42 38 51 4a 45 36 42 62 41 6f 41 47 4b 55 4a 7a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: EY5djB8QJE6BbAoAGKUJzw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49762	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 31 4a 6e 77 2b 6c 57 55 45 36 6a 79 4d 44 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 36 34 38 34 38 65 32 33 39 37 36 64 64 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 11Jnw+lWUE6jyMDI.1Context: 2d64848e23976ddc
2024-09-01 22:13:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:13:38 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 31 31 4a 6e 77 2b 6c 57 55 45 36 6a 79 4d 44 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 36 34 38 34 38 65 32 33 39 37 36 64 64 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6a 4e 77 7a 2f 44 70 76 58 79 41 70 51 56 4c 77 68 70 4a 4c 49 7a 74 6a 41 7a 57 48 64 51 6b 37 47 6c 2f 67 45 69 31 68 52 4d 5a 56 41 48 78 49 4f 73 36 45 42 6b 73 49 51 4a 58 6e 4b 73 32 47 50 47 35 47 41 44 33 30 7a 61 31 51 53 5a 63 62 4e 68 79 63 70 6c 41 49 77 65 2b 74 43 48 78 39 76 6b 39 62 57 52 34 64 4c 4b 34 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 11Jnw+lWUE6jyMDI.2Context: 2d64848e23976ddc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWjNwz/DpvXyApQVLwhpJLIztjAzWHdQk7Gl/gEi1hRMZVAHxIOs6EBksIQJXnKs2GPG5GAD30za1QSZcbNhycplAIwe+tCHx9vk9bWR4dLK4A
2024-09-01 22:13:38 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 31 31 4a 6e 77 2b 6c 57 55 45 36 6a 79 4d 44 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 36 34 38 34 38 65 32 33 39 37 36 64 64 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 11Jnw+lWUE6jyMDI.3Context: 2d64848e23976ddc
2024-09-01 22:13:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:13:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 30 53 77 37 2b 58 4d 43 30 61 58 49 69 2b 7a 4a 42 4f 44 6b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: h0Sw7+XMC0aXIi+zJBODkw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49763	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-01 22:13:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 75 2f 53 46 74 64 78 46 45 75 6a 73 43 53 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 34 30 30 39 39 64 31 37 33 61 35 66 31 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 4u/SFtdxFEujsCS1.1Context: 9440099d173a5f1a
2024-09-01 22:13:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-01 22:13:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 75 2f 53 46 74 64 78 46 45 75 6a 73 43 53 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 34 30 30 39 39 64 31 37 33 61 35 66 31 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 44 2b 69 79 77 31 36 67 6b 33 56 5a 62 4b 6f 76 41 4a 56 78 4c 64 4c 76 32 33 37 63 6a 37 34 46 35 46 4b 6c 48 45 77 53 76 71 48 76 54 76 62 42 5a 39 64 56 4c 2f 78 62 4c 36 64 66 31 54 6c 6c 73 31 72 7a 6c 38 62 4e 76 71 48 64 75 4d 59 67 66 31 57 6a 77 2b 36 4c 68 2f 51 53 64 6f 38 6e 4e 4e 61 6a 75 54 2b 37 69 32 58 71 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4u/SFtdxFEujsCS1.2Context: 9440099d173a5f1a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXD+iyw16gk3VZbKovAJVxLdLv237cj74F5FKlHEwSvqHvTvbBZ9dVL/xbL6df1Tlls1rzl8bNvqHduMYgf1Wjw+6Lh/QSdo8nNNajuT+7i2Xq
2024-09-01 22:13:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 75 2f 53 46 74 64 78 46 45 75 6a 73 43 53 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 34 30 30 39 39 64 31 37 33 61 35 66 31 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4u/SFtdxFEujsCS1.3Context: 9440099d173a5f1a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-01 22:13:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-01 22:13:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 51 49 5a 4e 65 52 79 7a 45 65 64 30 41 41 53 38 6a 63 4b 53 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +QIZNeRyzEed0AAS8jcKSQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2612, Parent PID: 3496

General

Target ID:	0
Start time:	18:12:21
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4012, Parent PID: 2612

General

Target ID:	2
Start time:	18:12:26
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2260,i,336831265092973689,9970920720796225626,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5372, Parent PID: 3496

General

Target ID:	3
Start time:	18:12:28
Start date:	01/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://beulad435-8316maraes.pages.dev/296828721837289"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://beulad435-8316maraes.pages.dev/296828721837289	Avira URL Cloud: detection malicious, Label: phishing
Source: https://beulad435-8316maraes.pages.dev/296828721837289	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://beulad435-8316maraes.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing
Source: https://beulad435-8316maraes.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_62, type: DROPPED

Source: global traffic	HTTP traffic detected: GET /296828721837289 HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://beulad435-8316maraes.pages.dev/296828721837289Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://beulad435-8316maraes.pages.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://beulad435-8316maraes.pages.dev/296828721837289Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: beulad435-8316maraes.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9PRzH3cYfgcdyc2&MD=uc8FmAb6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9PRzH3cYfgcdyc2&MD=uc8FmAb6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: beulad435-8316maraes.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://beulad435-8316maraes.pages.dev/296828721837289

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
https://beulad435-8316maraes.pages.dev/296828721837289