Edit tour

Windows Analysis Report
https://ojbkjs.vip/yb.js

Overview

General Information

Sample URL:	https://ojbkjs.vip/yb.js
Analysis ID:	1520416
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2296,i,10574883807267385005,7034887952499563691,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ojbkjs.vip/yb.js" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://ojbkjs.vip/yb.js

LLM: Score: 7 Reasons: The URL 'ojbkjs.vip' does not match any well-known or known brand domains., The domain extension '.vip' is unusual for legitimate brand websites., The brand 'X' is not recognized and cannot be associated with any known or well-known brands., The presence of multiple sign-in options (Google, Apple) is common in phishing sites to capture credentials. DOM: 0.0.pages.csv

Source: https://ojbkjs.vip/yb.js

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /yb.js HTTP/1.1Host: ojbkjs.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ojbkjs.vipConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ojbkjs.vip/yb.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: ojbkjs.vip
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 08:35:22 GMTServer: ApacheContent-Length: 257Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_39.2.dr	String found in binary or memory: https://hm.baidu.com/hm.js?5430651aa058e0825f678886c2571c16
Source: chromecache_39.2.dr	String found in binary or memory: https://ldy1592500.cc:23880

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/4@5/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2296,i,10574883807267385005,7034887952499563691,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ojbkjs.vip/yb.js"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2296,i,10574883807267385005,7034887952499563691,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
ojbkjs.vip	107.149.163.248	true	true	unknown
www.google.com	142.250.186.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ojbkjs.vip/favicon.ico	false		unknown
https://ojbkjs.vip/yb.js	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://hm.baidu.com/hm.js?5430651aa058e0825f678886c2571c16	chromecache_39.2.dr	false		unknown
https://ldy1592500.cc:23880	chromecache_39.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
107.149.163.248	ojbkjs.vip	United States	54600	PEGTECHINCUS	true

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520416
Start date and time:	2024-09-27 10:34:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ojbkjs.vip/yb.js
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/4@5/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.186.110, 74.125.206.84, 34.104.35.123, 4.245.163.56, 192.229.221.95, 13.95.31.18, 93.184.221.240, 52.165.164.15, 216.58.206.67
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://ojbkjs.vip/yb.js

Input	Output
URL: https://ojbkjs.vip/yb.js Model: jbxai	{ "brand":["X"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign in with Google", "text_input_field_labels":["Sign in with Google", "Sign in with Apple", "Phone", "email", "username"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ojbkjs.vip/yb.js Model: jbxai	{ "phishing_score":9, "brands":"X", "legit_domain":"unknown", "classification":"unknown", "reasons":["The URL 'ojbkjs.vip' does not match any well-known or known brand domains.", "The domain extension '.vip' is unusual for legitimate brand websites.", "The brand 'X' is not recognized and cannot be associated with any known or well-known brands.", "The presence of multiple sign-in options (Google, Apple) is common in phishing sites to capture credentials."], "brand_matches":[false], "url_match":false, "brand_input":"X", "input_fields":"Sign in with Google, Sign in with Apple, Phone, email, username"}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1233
Entropy (8bit):	4.942341636081744
Encrypted:	false
SSDEEP:	24:duHQCPetq5RWZJkJfwFocAfxyITM6wtHmG/MAFKeb+VRZy3:aBwkwSvZ9TuNmGENeSly3
MD5:	16AB2CAB36E118B5538A8F9C82C18CE7
SHA1:	C3F9A5FF78B86E514985FB22338B44E7A538C19F
SHA-256:	94DF1B16C7919678543B0C5001B348212A0FA24F2C6FCC96BAA875E3E9767A96
SHA-512:	FCF981ECC771623186D6C182E85464057D7CE599526D76496BE6C6A1B24F16461DEED368D4379E3AE9F850963E5839051FBC95F06AAB35DB65217B1DF323960F
Malicious:	false
Reputation:	low
URL:	https://ojbkjs.vip/yb.js
Preview:	var _hmt = _hmt \|\| [];.(function() {. var hm = document.createElement("script");. hm.src = "https://hm.baidu.com/hm.js?5430651aa058e0825f678886c2571c16";. var s = document.getElementsByTagName("script")[0]; . s.parentNode.insertBefore(hm, s);.})();..function isMobile(){.let flag = navigator.userAgent.match(/(iPhone\|iPod\|iPad\|Android\|ios\|Mobile)/i);. return flag;. }. function toPage(){. if (isMobile()) {. var strUrl = "https://ldy1592500.cc:23880";. document.write('<meta id="viewport" name="viewport" content="user-scalable=no,width=device-width, initial-scale=1.0" />'); . document.write('<style>html,body{widht:100%;height:100%;overflow:hidden; clear:both;}</style>'); . document.write('<div style="width:100%;height:100%;position:fixed;top:0;left:0;z-index:2147483647;background:#fff">'); . document.write('<iframe src=' +strUrl+' frameborder="0" style="border:0;width: 100%; te

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	257
Entropy (8bit):	5.1661536883530035
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRVo/VFB8oD:J0+oxBeRmR9etdzRxGezHLoZ8+
MD5:	77BCF85A8B19E6111624D62A21B174A9
SHA1:	BC1E9ADEF755D941D9FF70315B99AB5EA4542EA0
SHA-256:	4318BCB43FCCAA840A1698A562002132050289443802334DEA50D5E46DD04C63
SHA-512:	57360E9BAC951A54B81B58F0EF26F147EE7135F891D669FDFCF4D01A5C7EB98FF466EB2E4E84AEC59521631C9A92C9040E18754CBA86207D69853ED09FB32877
Malicious:	false
Reputation:	low
URL:	https://ojbkjs.vip/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache Server at ojbkjs.vip Port 443</address>.</body></html>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 10:35:10.723654032 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.723781109 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.723835945 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:10.723933935 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.723969936 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:10.724030972 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.724066019 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:10.724452019 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:10.724514961 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:10.729213953 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.729250908 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.729343891 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.729351997 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:10.729360104 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038589001 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038604975 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038619041 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038625002 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038630009 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038640976 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038646936 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.038748026 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.039479017 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.039489985 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.039499998 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.039510965 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.039541960 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.039560080 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.039772034 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.039786100 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.039977074 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.040024042 CEST	49708	443	192.168.2.6	40.126.32.72
Sep 27, 2024 10:35:11.044620037 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.044688940 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:11.044699907 CEST	443	49708	40.126.32.72	192.168.2.6
Sep 27, 2024 10:35:13.232161999 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:13.232203960 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:13.524359941 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:20.382206917 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:20.382240057 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:20.382494926 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:20.383040905 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:20.383059025 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.268946886 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.269045115 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.275497913 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.275517941 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.275876045 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.281795979 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.281795979 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.281816959 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.281976938 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.327394009 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.460172892 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.460268021 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.461046934 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.461381912 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.461381912 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:21.461399078 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:21.563256025 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.563297033 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:21.565552950 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.565603018 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.565609932 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:21.565660000 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.565973997 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.565990925 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:21.566155910 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:21.566170931 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.176206112 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.176640987 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.176704884 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.177234888 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.177444935 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.177468061 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.178060055 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.178165913 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.178392887 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.178447962 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.179811001 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.179869890 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.180115938 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.180126905 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.184813023 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.184919119 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.233164072 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.233185053 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.279376984 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.387406111 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.387506008 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.436158895 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.437079906 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.437151909 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.437716961 CEST	49717	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.437735081 CEST	443	49717	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.502715111 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.543442965 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.694921970 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.696326017 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.696386099 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.703857899 CEST	49716	443	192.168.2.6	107.149.163.248
Sep 27, 2024 10:35:22.703896999 CEST	443	49716	107.149.163.248	192.168.2.6
Sep 27, 2024 10:35:22.841366053 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:22.841366053 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:23.128106117 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:23.228622913 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.228660107 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.228722095 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.228956938 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.228971004 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.880951881 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.927287102 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.927301884 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.928596020 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.928662062 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.931787968 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.931854963 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:23.982578993 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:23.982585907 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:24.029445887 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:24.768290997 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 27, 2024 10:35:24.768377066 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 27, 2024 10:35:25.374711037 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:25.374758005 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:25.374840975 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:25.378036022 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:25.378046989 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.017416000 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.017486095 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.020190954 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.020201921 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.020479918 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.060718060 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.062833071 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.107398987 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.288012981 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.288085938 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.288155079 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.288479090 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.288499117 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.288511038 CEST	49722	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.288516998 CEST	443	49722	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.339725971 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.339786053 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.339930058 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.340542078 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.340553999 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.996469021 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.996553898 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.998666048 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:26.998677969 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:26.998905897 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:27.000020027 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:27.047394037 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:27.276618958 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:27.276696920 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:27.276771069 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:27.277988911 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 27, 2024 10:35:27.278017044 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 27, 2024 10:35:28.442939043 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:28.442992926 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:28.443068981 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:28.443815947 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:28.443829060 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.314402103 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.314471960 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.316950083 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.316965103 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.317249060 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.319354057 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.319406986 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.319412947 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.319641113 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.363406897 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.495583057 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.496267080 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.496295929 CEST	443	49724	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:29.496315956 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:29.496344090 CEST	49724	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:33.769026041 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:33.769103050 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:33.770725965 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:34.728622913 CEST	49720	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:35:34.728653908 CEST	443	49720	142.250.186.164	192.168.2.6
Sep 27, 2024 10:35:40.973732948 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:40.973781109 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:40.973855972 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:40.974572897 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:40.974591017 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.774972916 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.775053024 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.782531977 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.782548904 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.782943964 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.785805941 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.785959959 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.785967112 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.786114931 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.831403017 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.957715988 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.957804918 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.958022118 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.958369970 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:35:41.958393097 CEST	443	49729	40.113.110.67	192.168.2.6
Sep 27, 2024 10:35:41.958430052 CEST	49729	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:00.380219936 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:00.380233049 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:00.380356073 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:00.380932093 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:00.380944014 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.351099014 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.351175070 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.355437040 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.355448008 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.355679035 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.358516932 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.358644962 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.358649969 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.359172106 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.399394035 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.534931898 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.535254955 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:01.535311937 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.535677910 CEST	49730	443	192.168.2.6	40.113.110.67
Sep 27, 2024 10:36:01.535691023 CEST	443	49730	40.113.110.67	192.168.2.6
Sep 27, 2024 10:36:23.184961081 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:23.185005903 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:23.185189962 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:23.185729027 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:23.185741901 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:24.588701010 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:24.597040892 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:24.597054958 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:24.597532988 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:24.597959042 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:24.598028898 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:24.637377024 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:26.498274088 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:26.498333931 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:26.498395920 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:26.499099016 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:26.499114037 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.317652941 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.317770004 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.319782019 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.319793940 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.320059061 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.321981907 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.321983099 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.322005987 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.322148085 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.363406897 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.500488997 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.500677109 CEST	443	49734	40.113.103.199	192.168.2.6
Sep 27, 2024 10:36:27.501125097 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.501125097 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:27.501205921 CEST	49734	443	192.168.2.6	40.113.103.199
Sep 27, 2024 10:36:33.738274097 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:33.738428116 CEST	443	49733	142.250.186.164	192.168.2.6
Sep 27, 2024 10:36:33.738491058 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:34.405483007 CEST	49733	443	192.168.2.6	142.250.186.164
Sep 27, 2024 10:36:34.405514956 CEST	443	49733	142.250.186.164	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 10:35:19.719620943 CEST	53	51011	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:19.765265942 CEST	53	63678	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:20.826399088 CEST	53	50343	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:21.144047022 CEST	55911	53	192.168.2.6	1.1.1.1
Sep 27, 2024 10:35:21.144296885 CEST	50418	53	192.168.2.6	1.1.1.1
Sep 27, 2024 10:35:21.502094984 CEST	53	55911	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:21.510307074 CEST	53	50418	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:21.510787964 CEST	50444	53	192.168.2.6	1.1.1.1
Sep 27, 2024 10:35:22.144246101 CEST	53	50444	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:23.183932066 CEST	59549	53	192.168.2.6	1.1.1.1
Sep 27, 2024 10:35:23.184181929 CEST	55670	53	192.168.2.6	1.1.1.1
Sep 27, 2024 10:35:23.190687895 CEST	53	59549	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:23.191044092 CEST	53	55670	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:37.945235968 CEST	53	57311	1.1.1.1	192.168.2.6
Sep 27, 2024 10:35:56.983215094 CEST	53	60710	1.1.1.1	192.168.2.6
Sep 27, 2024 10:36:18.852718115 CEST	53	54924	1.1.1.1	192.168.2.6
Sep 27, 2024 10:36:19.520600080 CEST	53	64574	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 27, 2024 10:35:22.144373894 CEST	192.168.2.6	1.1.1.1	c1e2	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 10:35:21.144047022 CEST	192.168.2.6	1.1.1.1	0xad02	Standard query (0)	ojbkjs.vip	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:21.144296885 CEST	192.168.2.6	1.1.1.1	0xba4d	Standard query (0)	ojbkjs.vip	65	IN (0x0001)	false
Sep 27, 2024 10:35:21.510787964 CEST	192.168.2.6	1.1.1.1	0x38be	Standard query (0)	ojbkjs.vip	65	IN (0x0001)	false
Sep 27, 2024 10:35:23.183932066 CEST	192.168.2.6	1.1.1.1	0x8864	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:23.184181929 CEST	192.168.2.6	1.1.1.1	0xe66a	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 10:35:21.502094984 CEST	1.1.1.1	192.168.2.6	0xad02	No error (0)	ojbkjs.vip		107.149.163.248	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:21.510307074 CEST	1.1.1.1	192.168.2.6	0xba4d	Server failure (2)	ojbkjs.vip	none	none	65	IN (0x0001)	false
Sep 27, 2024 10:35:22.144246101 CEST	1.1.1.1	192.168.2.6	0x38be	Server failure (2)	ojbkjs.vip	none	none	65	IN (0x0001)	false
Sep 27, 2024 10:35:23.190687895 CEST	1.1.1.1	192.168.2.6	0x8864	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:23.191044092 CEST	1.1.1.1	192.168.2.6	0xe66a	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 10:35:33.890213013 CEST	1.1.1.1	192.168.2.6	0x76e0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 10:35:33.890213013 CEST	1.1.1.1	192.168.2.6	0x76e0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:52.988881111 CEST	1.1.1.1	192.168.2.6	0xd43a	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 10:35:52.988881111 CEST	1.1.1.1	192.168.2.6	0xd43a	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ojbkjs.vip

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:21 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 4f 6f 47 52 44 46 62 42 30 36 46 2f 30 76 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 37 63 63 35 39 34 30 64 37 62 62 65 34 39 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: gOoGRDFbB06F/0vC.1Context: f7cc5940d7bbe494
2024-09-27 08:35:21 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-27 08:35:21 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 4f 6f 47 52 44 46 62 42 30 36 46 2f 30 76 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 37 63 63 35 39 34 30 64 37 62 62 65 34 39 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 6f 56 42 42 7a 4f 68 66 6e 35 62 65 59 78 65 64 48 4f 45 63 52 63 2b 72 66 67 6c 75 4d 65 78 4c 55 69 70 75 59 6e 6e 4d 34 59 73 70 77 5a 39 4b 57 45 4c 38 4c 67 52 39 48 4f 33 4b 66 6e 32 57 66 39 43 35 77 2f 4b 65 38 66 61 62 73 65 6b 47 2f 62 6e 62 68 76 6a 75 73 44 67 56 70 63 44 65 66 61 54 52 75 76 2b 4e 49 6f 4a 56 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gOoGRDFbB06F/0vC.2Context: f7cc5940d7bbe494<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVoVBBzOhfn5beYxedHOEcRc+rfgluMexLUipuYnnM4YspwZ9KWEL8LgR9HO3Kfn2Wf9C5w/Ke8fabsekG/bnbhvjusDgVpcDefaTRuv+NIoJV
2024-09-27 08:35:21 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 4f 6f 47 52 44 46 62 42 30 36 46 2f 30 76 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 37 63 63 35 39 34 30 64 37 62 62 65 34 39 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: gOoGRDFbB06F/0vC.3Context: f7cc5940d7bbe494<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-27 08:35:21 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-27 08:35:21 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 41 46 38 46 70 4d 4d 4c 30 6d 6d 66 30 69 74 77 74 33 41 54 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: CAF8FpMML0mmf0itwt3ATg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49717	107.149.163.248	443	3492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:22 UTC	658	OUT	GET /yb.js HTTP/1.1 Host: ojbkjs.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 08:35:22 UTC	284	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 08:35:22 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Thu, 26 Sep 2024 04:48:56 GMT ETag: "4d1-622fe74ca4359" Accept-Ranges: bytes Content-Length: 1233 Vary: Accept-Encoding Content-Type: text/javascript
2024-09-27 08:35:22 UTC	1233	IN	Data Raw: 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 35 34 33 30 36 35 31 61 61 30 35 38 65 30 38 32 35 66 36 37 38 38 38 36 63 32 35 37 31 63 31 36 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0a 7d 29 28 29 3b 0a 0a 66 Data Ascii: var _hmt = _hmt \|\| [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?5430651aa058e0825f678886c2571c16"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49716	107.149.163.248	443	3492	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:22 UTC	581	OUT	GET /favicon.ico HTTP/1.1 Host: ojbkjs.vip Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ojbkjs.vip/yb.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 08:35:22 UTC	164	IN	HTTP/1.1 404 Not Found Date: Fri, 27 Sep 2024 08:35:22 GMT Server: Apache Content-Length: 257 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-27 08:35:22 UTC	257	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 6f 6a 62 6b 6a 73 2e 76 69 70 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at ojbkjs.vip Port 443</address></body></html

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 08:35:26 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=29448 Date: Fri, 27 Sep 2024 08:35:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:26 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 08:35:27 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=29393 Date: Fri, 27 Sep 2024 08:35:27 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 08:35:27 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49724	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 61 35 65 4f 31 67 34 55 30 6d 31 34 78 76 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 30 39 31 61 62 64 30 39 65 39 38 62 38 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Ua5eO1g4U0m14xvH.1Context: f3091abd09e98b80
2024-09-27 08:35:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-27 08:35:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 61 35 65 4f 31 67 34 55 30 6d 31 34 78 76 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 30 39 31 61 62 64 30 39 65 39 38 62 38 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 6f 56 42 42 7a 4f 68 66 6e 35 62 65 59 78 65 64 48 4f 45 63 52 63 2b 72 66 67 6c 75 4d 65 78 4c 55 69 70 75 59 6e 6e 4d 34 59 73 70 77 5a 39 4b 57 45 4c 38 4c 67 52 39 48 4f 33 4b 66 6e 32 57 66 39 43 35 77 2f 4b 65 38 66 61 62 73 65 6b 47 2f 62 6e 62 68 76 6a 75 73 44 67 56 70 63 44 65 66 61 54 52 75 76 2b 4e 49 6f 4a 56 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Ua5eO1g4U0m14xvH.2Context: f3091abd09e98b80<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVoVBBzOhfn5beYxedHOEcRc+rfgluMexLUipuYnnM4YspwZ9KWEL8LgR9HO3Kfn2Wf9C5w/Ke8fabsekG/bnbhvjusDgVpcDefaTRuv+NIoJV
2024-09-27 08:35:29 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 61 35 65 4f 31 67 34 55 30 6d 31 34 78 76 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 30 39 31 61 62 64 30 39 65 39 38 62 38 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Ua5eO1g4U0m14xvH.3Context: f3091abd09e98b80<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-27 08:35:29 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-27 08:35:29 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 61 63 38 44 52 65 31 37 45 36 58 48 74 45 5a 6c 67 4d 6d 74 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Tac8DRe17E6XHtEZlgMmtA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49729	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:35:41 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 6d 33 47 53 51 6f 46 31 30 53 57 46 5a 33 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 61 65 32 39 66 33 63 62 62 62 37 33 61 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: lm3GSQoF10SWFZ3l.1Context: 83ae29f3cbbb73af
2024-09-27 08:35:41 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-27 08:35:41 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 6d 33 47 53 51 6f 46 31 30 53 57 46 5a 33 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 61 65 32 39 66 33 63 62 62 62 37 33 61 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 6f 56 42 42 7a 4f 68 66 6e 35 62 65 59 78 65 64 48 4f 45 63 52 63 2b 72 66 67 6c 75 4d 65 78 4c 55 69 70 75 59 6e 6e 4d 34 59 73 70 77 5a 39 4b 57 45 4c 38 4c 67 52 39 48 4f 33 4b 66 6e 32 57 66 39 43 35 77 2f 4b 65 38 66 61 62 73 65 6b 47 2f 62 6e 62 68 76 6a 75 73 44 67 56 70 63 44 65 66 61 54 52 75 76 2b 4e 49 6f 4a 56 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: lm3GSQoF10SWFZ3l.2Context: 83ae29f3cbbb73af<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVoVBBzOhfn5beYxedHOEcRc+rfgluMexLUipuYnnM4YspwZ9KWEL8LgR9HO3Kfn2Wf9C5w/Ke8fabsekG/bnbhvjusDgVpcDefaTRuv+NIoJV
2024-09-27 08:35:41 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 6d 33 47 53 51 6f 46 31 30 53 57 46 5a 33 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 33 61 65 32 39 66 33 63 62 62 62 37 33 61 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: lm3GSQoF10SWFZ3l.3Context: 83ae29f3cbbb73af<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-27 08:35:41 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-27 08:35:41 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 4b 44 76 64 56 78 44 6d 6b 65 37 61 6b 31 6c 79 6b 59 52 75 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 1KDvdVxDmke7ak1lykYRuA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49730	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:36:01 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 44 79 6c 39 75 4b 58 2f 30 43 30 36 6e 6a 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 66 33 37 62 65 61 39 65 61 36 33 35 62 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ZDyl9uKX/0C06njH.1Context: 3af37bea9ea635be
2024-09-27 08:36:01 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-27 08:36:01 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 5a 44 79 6c 39 75 4b 58 2f 30 43 30 36 6e 6a 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 66 33 37 62 65 61 39 65 61 36 33 35 62 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 6f 56 42 42 7a 4f 68 66 6e 35 62 65 59 78 65 64 48 4f 45 63 52 63 2b 72 66 67 6c 75 4d 65 78 4c 55 69 70 75 59 6e 6e 4d 34 59 73 70 77 5a 39 4b 57 45 4c 38 4c 67 52 39 48 4f 33 4b 66 6e 32 57 66 39 43 35 77 2f 4b 65 38 66 61 62 73 65 6b 47 2f 62 6e 62 68 76 6a 75 73 44 67 56 70 63 44 65 66 61 54 52 75 76 2b 4e 49 6f 4a 56 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ZDyl9uKX/0C06njH.2Context: 3af37bea9ea635be<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVoVBBzOhfn5beYxedHOEcRc+rfgluMexLUipuYnnM4YspwZ9KWEL8LgR9HO3Kfn2Wf9C5w/Ke8fabsekG/bnbhvjusDgVpcDefaTRuv+NIoJV
2024-09-27 08:36:01 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 44 79 6c 39 75 4b 58 2f 30 43 30 36 6e 6a 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 66 33 37 62 65 61 39 65 61 36 33 35 62 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ZDyl9uKX/0C06njH.3Context: 3af37bea9ea635be<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-27 08:36:01 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-27 08:36:01 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6b 72 71 6a 36 49 72 7a 4e 55 32 49 75 75 55 54 71 2b 78 2b 55 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: krqj6IrzNU2IuuUTq+x+Ug.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49734	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 08:36:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 56 64 33 61 37 4c 47 69 55 2b 67 57 38 37 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 63 30 65 37 63 33 30 33 39 66 31 36 35 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UVd3a7LGiU+gW87F.1Context: 16c0e7c3039f165e
2024-09-27 08:36:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-27 08:36:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 56 64 33 61 37 4c 47 69 55 2b 67 57 38 37 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 63 30 65 37 63 33 30 33 39 66 31 36 35 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 6f 56 42 42 7a 4f 68 66 6e 35 62 65 59 78 65 64 48 4f 45 63 52 63 2b 72 66 67 6c 75 4d 65 78 4c 55 69 70 75 59 6e 6e 4d 34 59 73 70 77 5a 39 4b 57 45 4c 38 4c 67 52 39 48 4f 33 4b 66 6e 32 57 66 39 43 35 77 2f 4b 65 38 66 61 62 73 65 6b 47 2f 62 6e 62 68 76 6a 75 73 44 67 56 70 63 44 65 66 61 54 52 75 76 2b 4e 49 6f 4a 56 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: UVd3a7LGiU+gW87F.2Context: 16c0e7c3039f165e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVoVBBzOhfn5beYxedHOEcRc+rfgluMexLUipuYnnM4YspwZ9KWEL8LgR9HO3Kfn2Wf9C5w/Ke8fabsekG/bnbhvjusDgVpcDefaTRuv+NIoJV
2024-09-27 08:36:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 56 64 33 61 37 4c 47 69 55 2b 67 57 38 37 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 63 30 65 37 63 33 30 33 39 66 31 36 35 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UVd3a7LGiU+gW87F.3Context: 16c0e7c3039f165e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-27 08:36:27 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-27 08:36:27 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 47 35 6c 62 74 4b 6d 6b 55 57 4c 72 4a 63 4f 78 6f 73 65 73 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: dG5lbtKmkUWLrJcOxosesQ.0Payload parsing failed.

Target ID:	0
Start time:	04:35:14
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	04:35:17
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2296,i,10574883807267385005,7034887952499563691,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:35:19
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ojbkjs.vip/yb.js"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ojbkjs.vip/yb.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6732, Parent PID: 6044

General

Chronological Activities

Analysis Process: chrome.exePID: 3492, Parent PID: 6732

General

Chronological Activities

Analysis Process: chrome.exePID: 7104, Parent PID: 6044

General

Chronological Activities

Disassembly

Windows Analysis Report
https://ojbkjs.vip/yb.js